Advanced Routing in pfSense

Welcome to Artiste1.com's guide on advanced routing techniques in pfSense.
This guide assumes you have a basic understanding of pfSense and networking concepts.
We'll explore various advanced routing scenarios and how to implement them in pfSense.

Table of Contents

  1. Static Routes
  2. Policy-Based Routing
  3. Multi-WAN Configuration
  4. Dynamic Routing Protocols
  5. VLAN Routing
  6. VPN Routing

1. Static Routes

Static routes allow you to manually define paths for network traffic.

Adding a Static Route:

  1. Navigate to System > Routing
  2. Click on the "Static Routes" tab
  3. Click "Add" to create a new static route
  4. Fill in the details:
    • Destination network
    • Subnet mask
    • Gateway (next hop)
    • Description (optional)
  5. Click "Save" and then "Apply Changes"
Example static route:
Destination network: 192.168.100.0
Subnet mask: 255.255.255.0
Gateway: 10.0.0.1
Description: Route to Branch Office

2. Policy-Based Routing

Policy-based routing allows you to route traffic based on criteria other than the destination IP address.

Implementing Policy-Based Routing:

  1. Create a Gateway Group (if using multiple WAN connections)
    • System > Routing > Gateway Groups
    • Add a new group and select the gateways
  2. Create a firewall rule
    • Firewall > Rules
    • Add a new rule on the appropriate interface
    • Set your match criteria (e.g., source IP, destination port)
    • Under "Gateway", select your gateway or gateway group

Note: Policy-based routing takes precedence over the routing table.

3. Multi-WAN Configuration

Multi-WAN setups allow for load balancing and failover between multiple internet connections.

Setting up Multi-WAN:

  1. Configure additional WAN interfaces
    • Interfaces > Assignments
    • Add and configure new WAN interfaces
  2. Set up Gateway Groups
    • System > Routing > Gateway Groups
    • Create a group with your WAN gateways
    • Set priority tiers for failover or load balancing
  3. Configure firewall rules to use the gateway group
Example Gateway Group:
WAN_FAILOVER
  WAN_DHCP  Tier 1
  WAN2_STATIC  Tier 2

4. Dynamic Routing Protocols

pfSense supports dynamic routing protocols through packages like FRR (Free Range Routing).

Implementing OSPF:

  1. Install the FRR package
    • System > Package Manager
    • Search for and install "FRR"
  2. Configure OSPF
    • Services > FRR OSPF
    • Enable OSPF and configure areas
    • Add networks to advertise

Warning: Dynamic routing can be complex. Ensure you understand the implications before implementing in a production environment.

5. VLAN Routing

VLAN routing allows for traffic segregation and improved network management.

Setting up VLAN Routing:

  1. Create VLANs
    • Interfaces > VLANs
    • Add VLANs with appropriate tags
  2. Assign VLAN interfaces
    • Interfaces > Assignments
    • Add VLAN interfaces
  3. Configure IP addresses for VLAN interfaces
  4. Set up firewall rules for inter-VLAN routing
VLAN ID Purpose IP Range
10 Management 192.168.10.0/24
20 Staff 192.168.20.0/24
30 Guest 192.168.30.0/24

6. VPN Routing

Properly routing VPN traffic is crucial for secure and efficient network communication.

Configuring VPN Routing:

  1. Set up your VPN (OpenVPN or IPsec)
  2. Add static routes for remote networks (if not using dynamic routing)
  3. Configure firewall rules to allow traffic between local and remote networks
  4. Consider implementing policy-based routing for specific VPN traffic
Example VPN static route:
Destination network: 10.0.0.0
Subnet mask: 255.255.0.0
Gateway: VPN_TUNNEL
Description: Route to VPN remote network

Conclusion

Advanced routing in pfSense offers powerful capabilities for network optimization and management. Always test configurations in a controlled environment before applying them to production networks.

For more in-depth pfSense guides, check out our other resources:






Scroll to Top