Setting Multi-WAN Failover OPNsense 24.1

Setting Multi-WAN Failover OPNsense 24.1

  • Requirement:
  • 2 WAN ISP
  • 1 OPNsense

Konfigurasi Interface

  • Setting IP Address OPNsense
InterfaceIP Address
WAN1192.168.30.11
WAN2192.168.40.11
LAN192.168.10.11

Konfigurasi Gateway

  • Tambahkan IP gateway untuk masing-masing ISP
  • System > Gateways > Configuration > Add (+) > Save > Apply
OptionsPrimary WANBackup WAN
NameWAN1WAN2
InterfaceWAN1WAN2
Address FamilyIPv4IPv4
IP Address192.168.30.10192.168.40.10
Upstream GatewayCheckCheck
Monitor IP8.8.8.81.1.1.1
Priority110
  • Tambahkan Gateway Group
  • System > Gateways > Group > Add (+) > Save > Apply Changes
OptionsValue
Group NameWAN-GROUP
Gateway WAN1Tier1
Gateway WAN2Tier2
Trigger LevelPacket Loss
Pool OptionsRound Robin

Konfigurasi DNS Server Gateway

  • Setting DNS Server OPNsense
  • System > Settings > General > Save
OptionsValue
Prefer IPv4 over IPv6Check: Prefer to use IPv4
DNS Server / Gateway8.8.8.8
DNS Server / Gateway1.1.1.1
Do not use the local DNS service as a nameserver for this systemCheck
Allow default gateway switchingCheck

Konfigurasi Rules Firewall

  • Tambahkan rule / Edit rule firewall di interface LAN
  • Firewall > Rules > LAN > Edit
OptionsValue
ActionPass
InterfaceLAN
Directionin
TCP/IP VersionIPv4
Protocolany
SourceLAN net
Destinationany
GatewayWAN-GROUP

Konfigurasi NAT Firewall

  • Tambahkan NAT Firewall untuk ke dua ISP
  • Firewall > NAT > Outbound > Manual outbound NAT rule generation > Add (+) > Apply Changes
OptionsNAT WAN1NAT WAN2
InterfaceWAN1WAN2
TCP/IP VersionIPv4IPv4
Protocolanyany
Source addressLAN netLAN net
Source portanyany
Destination Addressanyany
Destination Portanyany
Translation / TargetWAN1 addressWAN2 address

Konfigurasi DHCP Server

  • Setting dhcp server OPNsense
  • Services > ISC DHCPv4 > LAN > Save
OptionsValue
EnableCheck
Rangefrom: 192.168.10.100 to: 192.168.10.200
DNS servers8.8.8.8 – 1.1.1.1
Gateway192.168.10.11

Verifikasi Status Gateway

  • Pastikan ke dua gateway berstatus Online dan primary gateway ada pada WAN1

Testing

  • Lakukan traceroute ke IP 8.8.8.8 dari komputer LAN dan hasilnya gateway diarahkan ke WAN1 (192.168.30.10)
  • Lakukan unplug kabel ke arah WAN1 dan lakukan traceroute kembali ke IP 8.8.8.8 dari komputer LAN dan hasilnya gateway akan diarahkan ke WAN2 (192.168.40.10)
  • Cek status gateway di sisi OPNsense akan terlihat WAN1 berstatus offline

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.