Sam works as a network analyst for an algorithmic trading firm. He obtained his bachelor's degree in information technology from UMKC.
Purchasing a dual WAN router can easily set you back several hundred bucks. Besides the high prices, many of the models on the market lack many features. So instead of shelling out cash for a router with limited features, you can recycle some old hardware and build one yourself. By utilizing the popular open source router/firewall platform pfSense, you can create a very powerful and feature rich router. Plus you'll have a sense of accomplishment knowing you created it yourself.
Why setup a dual wan router?
- Increase your internet bandwidth - If you have multiple internet connections you can load balance them to provide more bandwidth to the computers on your home or office network. This can be very useful for downloading torrents and playing online games at the same time.
- Provide backup internet connectivity - Another popular use is providing redundancy or failover in the event one internet connection goes offline. In this case its important to make sure your using two different ISP's. For example, one cable and one DSL connection.
If you want to hear more about pfSense before getting started, check out my article, Introduction to pfSense. I'm going to assume the readers of this article have some basic network knowledge and are familiar with setting up a router. If you have a question or would like more details, just let me know.
Updates for pfSense version 2.0
I have updated this article to include instructions for pfSense version 2.0, I'm planning on leaving the portion of the article covering version 1.2.3 up for a while since many people still use it. If you haven't done so already, I highly recommend upgrading to version 2.0. Not only does version 2.0 have much better support for multi WAN connections, but it offers several other great features.
What You'll Need to Get Started
- An old computer - For this type of application, I would recommend a minimum processor speed of 1GHz with at least 256Mb of ram. The computer will also need a hard drive (or CF card), and a CD-ROM. If you don't have an old machine lying around check Craigslist or a garage sale. You should be able to pick something up for free or very cheap.
- Three network cards - The computer you use will need to have three network interfaces. One for the LAN port and two for the WAN ports. I recommend using at least 100Mb cards to prevent a bottleneck. Onboard network connections work fine, if you don't have an onboard NIC you can just use three PCI or PCIe network cards. You can salvage the network cards from old computers or purchase new network cards at a low cost.
- Two internet connections - Cable, DSL, T1, FIOS, etc. You can use two connections from the same provider if you want or use two different ISP's.
- The pfSense software - You will need to download the live CD from one of the mirrors and burn it to a disc. Visit www.pfsense.org and click on downloads. I recommend using pfSense version 2.0 since it includes better multi wan support. The free 7-Zip program can uncompressed that gz file for you.
Setting everything up
If you already have a functional pfSense router keep reading for the details on how to configure dual WAN connections. If you don't check out the pfsense install guide, then continue with the rest of the instructions on this article.
Interfaces Configuration for Version 1.2.X
These steps will be completed using the pfSense web GUI.
I'm assuming during your initial pfSense setup that you configured a LAN and one WAN interface already.
To configure the second WAN interface select OPT1 from the Interfaces menu. Click the check box to enable the interface and set the type to either DHCP or Static depending on what you need, then hit Save.
Next open the Load Balancer page found under Services. Click the + sign to create a new pool. Choose a name like 'LoadBalance' for example, then set the type to Gateway. Choose a behavior of either Load Balancing or Failover depending on what your trying to accomplish. Set the Monitor IP to WAN's Gateway. Then select the WAN interface from the drop down menu and click add to pool. You will see WAN show up in the list below. Then change the Monitor IP to OPT1's gateway, select OPT1 from the interface list and click add to pool. Your configuration should be similar to what you see in the screen shot. Click save when your finished, and apply changes on the next page.
Note that pfSense will act strange if you have the same gateway for each interface. You can get around the issue by setting up a bridge between one of the interfaces but its best to avoid having to do this.
To check if your configuration is working goto Load Balancer under the status menu. They should both report that they are online and report the latency of their monitor IP's.
If the interfaces don't show up as online, verify that your monitor IP will respond to ICMP pings. If it doesn't, you need to choose different monitor IPs such as a DNS server. You may also need to double check the IP configuration of each interface on the Status\Interfaces menu. If the WAN/OPT1 interfaces are configured for DHCP, you may need to release/renew the addresses.
If the load balancer status looked green then your ready to activate it. On the firewall menu click on rules, then select the LAN tab. You'll need to edit the default rule and change the gateway from default to LoadBalance. This will send all outbound traffic to the load balancer.
Configuration for Version 2.0
These steps will be completed using the pfSense web GUI.
The first thing you'll need to do is assign a second wan interface. If you already configured one, you can skip this step. Click on assign in the interfaces menu. Then click the plus symbol labeled add and select the mac address of the interface you want to use. If there is only one unassigned interface it will be automatically selected. By default the interface will be named OPT1. Your configuration should look like the screen shot on the right.
After you have assigned the interface you need to enable it. Click on the interfaces menu then select the name of the second wan interface (OPT1). Check the box to enable the interface then select DHCP or static as the type. It's important to note that if your gateway does not respond to ICMP pings then you should set an alternate monitor IP such as google dns (220.127.116.11).
Next click on routing found in the system menu. Verify that each of your WAN interfaces has a gateway assigned. If OPT1 doesn't have a gateway check the DHCP or static ip configuration before moving on.
Adding a Gateway Group
If both of the gateways look good, you can click on the gateway groups tab and create a new group by clicking the plus symbol. Assign a priority of tier 1 to both WAN, and OPT1. Set the trigger to be 'member down.'
Make Sure the Gateway Group Is Online
At this point you should check the status of the gateway group you have created to make sure that status of both interfaces are online. If one of the members in the group shows as offline, then make sure either the gateway responds to ICMP pings or enter an alternate monitor IP. In some cases you might just need to reboot the router in order for both members to activate.
Edit the Default LAN Rule
The final step is to edit the default LAN rule so that outbound traffic will pass through the load balancer. To do this, click on rules under the firewall menu. Then edit the rule with a source of 'LAN net,' change the gateway to LoadBalance, or the name you assigned the gateway group earlier.
To test if everything is working, use a speed test site that supports multiple threads such as the one on www.speakeasy.net. Torrents and Usenet will also benefit greatly from load balancing. You can also monitor the bandwidth of each interface under the Status\Traffic Graph menu.
The pfSense load balancer uses a round robin algorithm to determine which interface to send traffic out. You can enable sticky connections in the System\Advanced menu which will send successive connections to the same IP out the same interface. Some SSL connections can act strange if the source IP changes during a connection.
If you are using two cable modems or other connections that use a shared physical infrastructure go to System\Advanced and enable the setting "Shared Physical Network". This will prevent your system logs from filling up with duplicate ARP messages.
If you setup a failover configuration, the best way to test it is by pulling and unplugging the WAN or OPT1 cables and seeing if the internet still works.
You could easily adapt these instructions to a triple or even quad wan router if you want. The limit is really how many network cards you can get into a single computer. I plan on updating this article once pfSense 2.0 is released. If you would like me to add more detail to any of the sections, just let me know.
If you found this article useful, please take a moment to rate it or leave a comment below.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
Kristoff Paxton on May 18, 2018:
Hi guys! im a newbie and badly needed help. can you please help me. i have a Pfsense with two ISP connected to it, both are using static IP. Loab Balance was not yet configured on my pfsense, kindly please assist me on how to configure the load balance using two ISP at the same time to maximize my internet. also i will be needing to have a vpn connection, do i need to install a vpn router? how will be the connection?
John Hutchison on May 20, 2016:
A better bandwidth test would be to use peplink's balance broadband speed test tool.
It can saturate both of my WAN links and combine their speed as seen in the LAN interface traffic graph.
Osvaldo Ferreyra on April 26, 2016:
Hello, I have on the network a Web Server under debian iptables and it works perfect. Now I want to migrate to pfsense with Dual Wan basically works well but when I put online can not access or outside or inside the Lan Apache throwing me a 403 error. Configure Squid as a transparent proxy, enable NAT + Proxy and configure the Port Forward to the webserver on port 80. What can be happening?
PrakharBudholiya on October 30, 2015:
Your Blog is very helpful, I have done Load Balancing in my router using two different ISPs. And its working fine. But What i have faced is that whenever load balancing works on pfSense my natting rules starts fluctuating.
I have done mapping on different port of same public ip with different private ips using nat rules. now as load balancing is enabled, these rules automatically gets disabled.
can you please suggest how to solve this?
vijaymuddu on June 11, 2015:
how to allow https sites using transparent proxy in pfsense
Prakash B S on November 27, 2014:
I have a Leased Line and a Broadband line.
I created load balancing on top of it failover.
But, I want to mention, if leased line usage goes high, then only i want to activate broad band line. Because my boradband is limited with 150 GB.
nevakee on November 04, 2013:
my idea is as follows:
I have one WAN 15 Mb/s - static IP from my ISP;
In the same area I have access via WiFi to an 5 Mb/s link. ( both static and DHCP available, different GW from the first link);
I want to set up pfSense on ALIX.2D13 with the following parameters:
- Load balancing ( in a sense to combine both incoming links to get 20 Mb/s for my LAN);
- Failover ( auto switch between the WAN links in case one goes down)
I guess I would need to configure the Wifi link in a client mode and present it to the system as a second WAN;
Not sure about the way to combine the links - could you comment on that setup please ?
mercury on September 24, 2013:
I have two cable modems with their separate internet connection. Since usenet providers don't allow multiple IP connections simultaneously to one account, how can this be solved in pfSense?
Sam Kear (author) from Kansas City on April 22, 2013:
There is currently a known issue with sticky connections not working so the general recommendation is to not use this feature.
Without sticky connections some protocols like https, ftp, and sip have problems so you'll want to use failover pools for them. You could also use static NAT rules as well.
abubin on April 22, 2013:
does sticky connections actually works? I have read some websites and pfsense forum that it does not work for some. I have tested mine and it does not work as well.
Xiomara on November 29, 2011:
Wish to build a router but I can't. very useful and interesting hub.
Skear I have a question for you I have a CLEAR router and since the day I brought that garbage to my home the computer works but at a very low pace; I never watched a video because of the buffering. I pay the company 52.28 every month and I feel like I've being robbed.
Can you guide me to which router is good for my computer? My computer is a Dell 47000.
Thanks in advance.
Sam Kear (author) from Kansas City on October 09, 2011:
The PowerEdge 2800 would make a nice system for running pfSense. It has several pci slots and room for a lot of hard drives. Besides a multi wan router you could set up a caching proxy server.
I found a bit of information about the 2800 on the pfSense forums that might be useful to you.
Shahid Saleem on October 08, 2011:
Aslam-o-Alykum Sir I am Purchase Dell Power edge 2800. My Usage Distribution Internet Connection Tell Me About Usage the Server. Pfsense Helpful My job.