WAN Load Balancing Configuration So far we’ve only connected 2 connections which uses the cable connection as a primary connection and failover to the ADSL connection when the cable fails. This is also a long failure, because the DHCP lease needs to expire before the routing switches over. I just selected Dual WAN, Load balancing, put in the ratios and it started working immediately with no fusses. I kept both WANs behind their own respective routers (no bridged mode) and Asus' firmware didn't even blink. Load balancing would also fail over from one WAN to the other after a while, but Failover mode reduces the time this can take. A customer has a TL-ER6120 and he connects 3 computers to the LAN side of TL-ER6120 with IP address 192.168.0.2-192.168.0.4, all computers are routed to Internet by dual WAN ports, he plans to set policy routing rules for 2 computers which use 192.168.0.2 and 192.168.0.3, make WAN1 for web surfing, WAN2 for other Internet activities, in.
The performance and features of the Asus Dual WAN varies per build that Asus releases, I recommend using the latest stable build released by Merlin, though in the screenshots below I am using 384.3_alpha3-g0462c71.
You can find Merlins builds here: https://asuswrt.lostrealm.ca/
Beware that Merlin has no control over Dual WAN, so issues will need to be reported directly to Asus.
Dual-wan (multi-wan) routers, a.k.a. Load balancers, allow you to use multople internet connections, and will generally double the overall throughput of your network, however, they will not increase the download speed of a single connection, or a single download. You can use dual WAN either in Load Balance or in Fail Over mode. If you use Load Balance mode then you can split your internet traffic between Primary and Secondary connections. You can set up your router so that a particular device in your LAN uses either primary or secondary.
The main issue I noticed when using Dual WAN in load balancing mode is occasionally slow page loading time, failing to load assets, switching between modems at inappropriate times or not loading at all. To work around this issue you can either specify a route for every single device that connects to your router (a lot of hassle!) or use the following work around that forces all devices to use one of the connections.
The basis of this guide is to force all traffic onto either the Primary or secondary WAN by using routing rules. This guide is by no means a final solution and can be adapted in multiple ways.
[adinserter block=”2″]
[adinserter block=”2″]
In my scenario I only want a few devices to connect to the secondary ISP. All my home smart devices and non essential devices will be forced to use the primary ISP preventing them using the bandwidth of my main computer and other important devices which will exclusively use the secondary ISP that I have connected to LAN port 2 of my Asus AC68U.
Stage 1 – DHCP setup and manually assigned IP
- Go to the LAN page on your Asus admin Dashboard.
- Limit the IP Pool to between 192.168.1.2 – 192.168.1.127
- Assign all devices that you want to use your secondary connection IPs above 192.168.1.127. I haven’t tried but maybe it is possible to assign them 192.168.2.* and leave the IP Pool ending address as 192.168.1.255.
- Devices without a manually assigned IP will now only get a local IP from 192.168.1.2 – 192.168.1.127
[adinserter block=”2″]
Stage 2 – Dual WAN setup
- Go to the WAN page.
- Make sure Dual WAN is on and check you have the secondary WAN on the correct port.
- Select Load Balance and check Enable Routing Rules.
- The Load Balance configuration is slightly redundant at this point as we will be forcing devices to the primary or secondary connection in the routing rules, so you can leave the ratio as whatever you want.
- Add the following rules:
- Source IP: 192.168.1.1/25 Destination IP: all WAN unit: Primary WAN
- Source IP: all Destination IP: 192.168.1.1/25 WAN unit: Primary WAN
- Enter the rules for any devices that you wish to always use the Secondary WAN, using the manual IPs you assigned earlier.
- Click Apply.
- Below is a screenshot of my setup. The red box shows that all devices without a manual IP assigned IP will use the primary WAN. All the important devices in the blue box will use my Secondary WAN. This is handy for me as my personal (secondary) connection remains unaffected by visitors or new devices connecting to my network.
Let me know if you have any issues setting this up in the comments.
If you come up with another way of setting this up I’d be extremely interested to hear!
Unfortunately I can’t play around with my settings too much as the internet is nearly always in use by others, so I’m interested in your findings.
I’ve been running pfSense in Dual WAN mode for more than a decade. Unfortunately, some sites lately are quite sensitive per user session originating from multiple public IP addresses. The best description of the problem is from the official pfSense documentation:
Some websites store session information including the client IP address, and if a subsequent connection to that site is routed out a different WAN interface using a different public IP address, the website will not function properly. This is becoming more common with banks and other security-minded sites. The suggested means of working around this is to create a failover group and direct traffic destined to these sites to the failover group rather than a load balancing group. Alternately, perform failover for all HTTPS traffic.
The sticky connections feature of pf is intended to resolve this problem, but it has historically been problematic. It is safe to use, and should alleviate this, but there is also a downside to using the sticky option. When using sticky connections, an association is held between the client IP address and a given gateway, it is not based off of the destination. When the sticky connections option is enabled, any given client would not load balance its connections between multiple WANs, but it would be associated with whichever gateway it happened to use for its first connection. Once all of the client states have expired, the client may exit a different WAN for its next connection, resulting in a new gateway pairing.
After some testing and consideration let’s leave the sticky connections unchecked. As mentioned above they are problematic.
Other description of the problem here:
Some websites do not work properly if requests from the LAN are initiated from multiple public IP addresses. Hence load balancing is incompatible with these sites. Common examples are sites that maintain login sessions, most frequently online banking. This is most commonly observed with HTTPS sites so usually HTTPS should not be load balanced. Occasionally it is a problem with HTTP sites that maintain session, but this is rare.
For sites that do not function with load balancing, add firewall rules to not load balance traffic to these destinations or protocols.
To alleviate this issue, you can do the following:
Here are my two Gateways
Make two GatewayGroups
One for Load Balancing
Set for both Gateways Tier 1
Set for both Gateways Tier 1
One for Failover
Set Tire1 for the one and Tier 2 for the second
Set Tire1 for the one and Tier 2 for the second
Asus Dual Wan Load Balance Problems Pdf
Go to the LAN Rules
Set the default LANrule to use the Load Balancing Gateway Group.
Asus Dual Wan Router
Add new rule that will be valid only for HTTPS connection and set the Gateway to the Fail-over Gateway Group.
Enable Dual Wan Asus
This way all HTTPSconnections will pass through the First WAN until it goes down and failover to theSecond. The alternative is to makeseparate rule for each and every HTTPS site with issues. The rule will be verysimilar to the one for HTTPS. The difference will be that Destination address willbe single Public IP. Doing so will load balance all other HTTPS connection thatdon’t have this problem.