Gateway groups / Multi WAN
Multi WAN scenarios are commonly used for failover or load balancing, but combinations are also possible with OPNsense.
The technology used to offer multiwan is called “policy based routing” or “source routing” and depends on the firewall functionality of OPNsense.
Note
Currently it’s not possible to use gateways without an address (Interface option “Dynamic gateway policy”) inside a group. This is due to the fact that the firewall requires an address of the right family (IPv4 / IPv6) to be present on the interface, which can not be guranteed based on its configuration at the moment.
Terminology
When configuring gatew groups, there is a limited number of options and terms being used. Besides the name of the group, one can find the following terms on the page:
Gateway Priority |
If a gateway is configured for a group, the ‘when’ part is divided into ‘tiers,’ with lower numbers (starting at 1) indicating higher importance. When no usable gateways are present within a peer, the next one is considered. |
Trigger Level |
When a gateway inside the tier is considered offline, either when its fully down, has loss or increased latency. |
Pool Options |
Usually left to default, but can influence stickyness for sources on a per group basis. |
Roles
Using ‘tiers’, multiple scenarios can be constructed, by grouping gateways inside the same tier or choosing to move them to different ones. Below the most common scenarios.
WAN Failover
WAN failover automatically switches between WAN connections in case of connectivity loss (or high latency) of your primary ISP. As long as the connection is not good all traffic will be routed of the next available ISP/WAN connection and when connectivity is fully restored so will the routing switch back to the primary ISP.
WAN Load Balancing
Load balancing can be used to split the load between two (or more) ISPs. This enhances the total available bandwidth and/or lowers the load on each ISP.
The principle is simple: Each WAN connection (gateway) gets a portion of the traffic. The traffic can be divided equally or weighted.
Combining Balancing & Failover
It is also possible to combine Load Balancing with Failover in such scenarios you will have 2 or more WAN connections for Balancing purposes and 1 or more for Failover. OPNsense offers 5 tiers (Failover groups) each tier can hold multiple ISPs/WAN gateways.