Quick question, I have one active WAN currently and wanted to configure another WAN interface so I can simply plug them into the new fiber modem. Will configuring the second WAN interface disconnect my remote VPN session while doing this? I assume if I can maintain my remote connection I will have the chance to simply change the default Gateway and this will then move them onto the new fiber connection.
Device: Netgear 6100 - Pfsense+ 22.05
I would think you will lose connection if you change them to the new WAN connection as their primary gateway.
You might be able to keep the connection alive if you explicitly set your configuration to only go in and out of the existing connection for OpenVPN. But I personally wouldn’t chance it.
I think my main concern first is just applying the 2nd WAN settings before changing them over. Once the default is set I will simply change my VPN IP address to get reconnected, pretty sure that’s all I have to do once they re on the new fiber.
Adding another interface will cause the system to pause a bit when activating it but should not drop the VPN.
Being 2 years behind is a bigger concern…
Thanks Tom, yeah I’ve been worried for quite awhile and not having anyone on the other end to help me out has been been reluctance. But after seeing your boot environment video I think I can schedule a time now to attempt an update and roll back hopefully if it goes bad.
So my attempt didn’t go well. There is something just not right with the original WAN port. I configured with the new gateway and IP and got 100% Loss but something else has to be going on. Originally, WAN1 was my ISP connection, about a year in oneday it stopped working, under quite a bit of pressure to get back online I could not figure out what happened so configured WAN 2 and resumed the connection. Well today it obviously bit my in the butt, configuring WAN again with the new ISP settings and no work, in fact as before changing it from DHCP now cancels and OpenVPN connections. Obviously the calls started coming saying they can no longer connect. So I had to get a staff person to reconnect me because my VPN also didn’t work so I could put WAN 1 back to DHCP and then our VPN staff reconnected. Not having a stable ability to remote connect in case of issues just takes the wind out of my sails.
I’m so stupid, when I made the changes to get the WAN 2 online when WAN failed, I still have my Endpoint interface set to WAN in OpenVPN servers , ffs. So at least that should fix one piece of the puzzle.
Have a quick question, upon trying to setup this 2 WAN interface in order to move to the new fiber, when you receive 100% packet loss and you only see 2 ARP entries for the WAN, the static IP has reported back with a mac address and has a lease where as the WAN entry on the Gateway IP has resulted in Incomplete, is there within PfSense to determine if that is on my end as a misconfiguration.
PfSense docs say " A MAC address listed as (Incomplete) indicates that the firewall has attempted to discover the host via ARP but it has not yet received a valid response."
So I just did a test with laptop to verify the new fiber connection and connected no problem. Now in setting up the laptop, I used the subnet mask they provided “255.255.252.0” for the x.2 static IP but in Pfsense I used the netmask they provided " 255/255/255/248" which in pfsense is /29. So obviously something is either wrong in the pfsense software wise or not sure what else if its an actual hardware issue.
I assume the laptop connects to the LAN so the mask should 255.255.255.0
The mask they provided refers to WAN.
Ahh that does make sense, I never changed anything I have kept my /29 assignment. I think I have a faulty Netgate 6100 possibly.
I am able to ping from the active second WAN to the new gateway IP, no loss.
I think this 6100 is faulty, this WAN port initially setup dropped the network in its first year and had to configure WAN2 combo, assumed it was a Spectrum issue but now believe after not able to get it to work on another system, its a faulty interface.