Multi WAN load balancing vlan - Traffic goes always out through default IF

Started by dash, February 12, 2026, 06:50:12 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
March 17, 2026, 07:11:35 PM #15
Yes I did. On each modification.
March 17, 2026, 07:15:03 PM #16
Ok, thanks.

I'll step back and see if something comes to me, though I'd also be very happy if someone else showed me what I missed.  I'm doing this for learning opportunity.
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
March 17, 2026, 07:19:09 PM #17
A big thanks to you.
April 14, 2026, 08:10:42 PM #18
Reply to is not working as intended and devs are playing hide-n-seek. Just look at my issue and how I spend time to reproduce it but nobody gives a sh*t here.

Related: https://github.com/opnsense/core/issues/9806
April 15, 2026, 07:29:33 AM #19
Well, I'm not hiding. Your problem scope fits our support offering but clearly exceeds community support due to the lack of code-bound evidence and not many other people having the issue, which could also mean it is local to you and then it would only be solvable with local analysis which we don't do in community scope.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
April 16, 2026, 11:38:12 PM #20
On my side, with OpenWRT, I could get the working setup as with Sophos UTM, incoming traffic to one interface going out to the same one despite load-balancer. Don't understand why it's not possible with OpnSense.

April 21, 2026, 10:29:26 PM #21
Quote from: franco on April 15, 2026, 07:29:33 AMWell, I'm not hiding. Your problem scope fits our support offering but clearly exceeds community support due to the lack of code-bound evidence and not many other people having the issue, which could also mean it is local to you and then it would only be solvable with local analysis which we don't do in community scope.


Cheers,
Franco

Hi there, just to clarify I have found out this bug really by luck. There is the problem if you have almost same speed dual WAN then it looks like its all working fine so nobody cares(many services dont mind assymetric routing). If I would not set up traffic shaper I would never found out that upstream traffic is going elsewhere. You know the bug is kinda hidden so maybe thats why nobody cares because their infrastructure "just works". I am really tring to sell this on forums and convince somebody to test more but I feel like nobody have time to test this even when I have provided reproduction steps...So sorry for my dissapointment this way.
May 06, 2026, 05:43:42 AM #22
I was having a similar problem with a dual WAN HA configuration running 26.1.7, but it only seemed to affect the secondary firewall. I couldn't connect to the Wireguard VPN on the secondary firewall via the non-default WAN2. I think my default WAN1's ISP blocked the response packets as I never received them. After reading through this thread I set the Reply-To to the WAN2's gateway on the rule on the WAN2's interface allowing the incoming Wireguard traffic and it started working. After configuring the similar settings for the WAN1 wireguard rule I'm now able to connect to either firewall's wireguard on either WAN.

Jon
Print
Go Up Pages 1 2
User actions