this post was submitted on 28 Jun 2023
6 points (87.5% liked)

homelab

6703 readers
2 users here now

founded 4 years ago
MODERATORS
6
submitted 2 years ago* (last edited 2 years ago) by chexxor to c/[email protected]
 

I have a PFSense instance with a gateway group and failover on link down. See this for details: https://docs.netgate.com/pfsense/en/latest/multiwan/concepts.html

It sounds like that's the easiest way to get "high availability" on WAN, is that right? I've also head of "SD-WAN" such as speedify. Does anyone have experience configuring a central router to tunnel all traffic through two WANs using that?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] StrayPizza 3 points 2 years ago (1 children)

It depends on your goals and what you mean by HA. Do you have multiple Internet connections at your home to utilize?

If you just want to make sure you can use the Internet if one of your ISPs go down, then yeah it sounds like the gateway group + failover is the way to go. Just know that existing connections are going to break because they're associated with a different WAN IP.

The magic of these specific SDWAN products like Speedify is they're essentially a VPN client that can (or claim to) multiplex over your multiple Internet connections, terminating at their servers. So in theory they can boost bandwidth, though I'd question how well it works in reality. Then when a link goes down, your clients continue on like nothing happened, because all their Internet connections are tunneled + NAT'd through their VPN servers.

You could get a similar result by combining the gateway failover + a Wireguard tunnel to your own Digital Ocean or Linode VPS, where you can then control things like your IP ranges, port forwarding, etc etc.

I haven't set this up exactly, although I have setup the Wireguard VPN side of it so that all the devices on a specific VLAN would appear in another location so I could stream a blacked out baseball game :). I think you could use WAN load balancing + a Wireguard tunnel if you wanted to achieve a similar multiplexing setup that Speedify would provide, but I haven't played with that since I only have a single ISP.

[โ€“] chexxor 3 points 2 years ago

That's something I'd like to spend some time trying out. It'll be a real project!