On Thu, Apr 17, 2008 at 3:25 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > http://forum.pfsense.org/index.php/topic,8957.0.html > > or comment here.
We don't explicitly use load balancing on our dual WAN setup, but we do have sticky connections turned on. I do recall one problem that we had when one of the WAN connections went down and then later came up. The problem was with a IPSec VPN tunnel across pfSense, so NAT-T was enabled. NAT-T uses UDP packets over port 500 and 4500. What happened was port 500 packets for the VPN connection were going out one gateway while other port 4500 packets were going out the other gateway. This appeared to happen because the destination port was different and the state tables only remembered one of them. I think a solution to this problem would be to have new connections prefer the same gateway if there are already connections in the state stable matching the same source/destination IP address. -Dave
