Bachelor Tech
  • Home
  • Tutorials
  • Portfolio
  • About Jan
  • Contact Jan

Multi-WAN Set Up in Proxmox & OPNSense

by Jan Bachelor October 27, 2020

1. Preparation time

  • Once you get your additional ISP line, plug a laptop to the router/modem and find out what local IP address and gateway address you will get. In our case, the local IP give to my laptop was 192.168.70.2 (255.255.255.0 = /24) and the gateway is 192.168.70.1/24. This means that the IPv4/CIDR block is 192.168.70.0/24.
  • Plug in a cable to your Proxmox router box and remember which port number that is. In my example, I use Qotom and plugged it into port 2, which translates as ‘enp2s0’.

2. Add another virtual bridge in Proxmox

  • In Proxmox, go to your node -> System -> Network, find your primary LAN interface (e.g. vmbr0) and remove the port that will now be used for WAN 2 connection.

Proxmox: Remove the port that will be used for WAN 2 from the LAN ports available.

  • Then add a new bridge (since ‘vmbr1’ is likely already used for WAN1, it would likely be ‘vmbr2’). Add the IP range that the WAN 2 router gave you (CIDR is the whole block range with the network mask) and gave it a name such as WAN 2.

Proxmox: Add a virtual inteface for the physical port where your WAN 2 is connected

  • Add the network bridge to the OPNSense VM. Edit the VM and under ‘Hardware’, add a new Network device. Choose the correct interface (e.g. vmbr2). Choose model as VirtIO (paravirtualized) and untick the Firewall field.

Proxmox: Add the new WAN interface to your OPNSense VM.

  • Restart your Proxmox node. It is recommended to manually shutdown VMs that run database services to ensure that there is no data loss (esp. if you do not have a QEMU agent installed on each VM).

3. New interface set up in OPNSense

  • After the Promox restart, log into the OPNSense and go to ‘Interfaces’ -> ‘Assignments’. Notice the new interface – give it a name and enable it.

OPNSense: Enable new WAN interface

  • Then go to the WAN2 interface and enable it. Tick the boxes for ‘Block private networks’ and ‘Block bogon networks’. Unless you have a static assignment, select DHCP to be used on that port (your ISP router/modem will provide the IP).

OPNSense: Enabling WAN 2 interface with DHCP

 
  • Check that the new WAN interface is active. In OPNSense, go to ‘System’ -> ‘Gateways’ -> ‘Single’ and check that WAN 2 appears there as active and that you have received an IP address. Note that depending on the configuration of the ISP router, this would be either an external or internal IP address. If you get an internal IP address, there is a possibility that in case you want to host any websites on it, you will need to ask your ISP to assign you a static IPv4 address, which typically costs a few dollars a month.

OPNSense: Check that the new WAN interface is active

  • While in ‘System’ -> ‘Gateways’ -> ‘Single’,  find your WAN 1 interface and edit it by clicking on the pencil sign. Under ‘Monitor IPs’, add 8.8.8.8 . Uncheck the ‘Disable Gateway Monitoring’ option. Save and apply the changes.
  • Do the same for WAN2 with the exception of setting the monitor IP as 8.8.4.4 (the secondary Google DNS server). Of course, you can use something else such as 1.1.1.1 .

    OPSense: Add interface monitoring

4. Gateway grouping & policy-based routing for multi-WAN set up

  • In OPNSense, go to ‘System’ -> Gateways -> Group and add click on the ‘+ Add’ button.
  • Choose Tier 1 for your main WAN and Tier 2 for your backup WAN. Ignore the others. Trigger level should be packet loss. Then click on the ‘Save’ button and t hen on ‘Apply changes’.

sss

NordVPN installation on OPNSense
Back to: Build Your Own Router – Proxmox, OPNSense, OpenVPN server and a VPN client all in one!

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 comment 0 FacebookWhatsappEmail

Build Your Own Router – Proxmox, OPNSense, OpenVPN server and a VPN client all in one!

  • Previous
Collapse
Expand
  • Hardware Considerations
  • Disabling default Proxmox firewall
  • OPNSense VM Set Up
  • OPNSense Installation
  • PCI Passthrough Set Up (Optional)
  • WAN / LAN Set Up (Before OPNSense Installation)
  • Initial OPNSense Set up in Web GUI
  • Dynamic DNS Set Up with DuckDNS on OPNSense
  • Choosing a VPN provider for your OPNSense
  • Is it worth getting VPN on OPNSense?
  • NordVPN installation on OPNSense
  • Multi-WAN Set Up in Proxmox & OPNSense

Search for articles

Other Tips

  • How to mount an NFS share (such as from FreeNAS) from an Android box
  • How to download a Windows 10 ISO on a Windows device – easy work-around

Other Tutorials

  • Build Your Own Router - Proxmox, OPNSense, OpenVPN server and a VPN client all in one!
    12 Steps
  • Dynamically Populate Gravity Forms from Google Sheets (GSheets APIv4)
    6 Steps

Recent Comments

  • Jan Bachelor on Use Integromat to get computer IDs from user email in JamF ProHi Robert, the static groups were created in the p…
  • Robert Petitto on Use Integromat to get computer IDs from user email in JamF ProCan you share how you'd use Make (integromat) to a…
  • Martin on Part 1 – What do we want to do + Required technology (bank feed)This tutorial deserves more credit, I've not seen…
  • Jan Bachelor on WAN / LAN Set Up (Before OPNSense Installation)Hi Ed, I have not tested it with PCI passthrough y…
  • Ed on OPNSense VM Set UpIn step 4 firewall you turned off firewall, should…

Tags

chrome iso windows

Categories

  • Android
  • FreeNAS
  • Linux
  • Windows

Recent Posts

  • How to mount an NFS share (such as from FreeNAS) from an Android box

  • How to download a Windows 10 ISO on a Windows device – easy work-around

Facebook Twitter Instagram Pinterest Linkedin Youtube

@2019 - All Right Reserved. Designed and Developed by PenciDesign

Bachelor Tech
  • Home
  • Tutorials
  • Portfolio
  • About Jan
  • Contact Jan