WAN Load Balancing and Captive Portal on Pfsense 2

Dual WAN Load Balacing and Failover + Captive Portal

In this tutorial I will be show you how to configure a DUAL WAN Load Balancing and Failover server using PFsense 2 with Captive Portal for wireless authentication.

Requirements: PFsense v2 with 4 network adapter, 2 Internet Connection

Network Diagram

1.) DUAL WAN Load Balancing Configuration

Configuring the network Interfaces. Go to Interfaces> click WAN and change the WAN name to WAN1, then set the IP address to 172.16.1.1/24

Make sure you set a gateway on this interface
To add a gateway on WAN1, below on IP Address there is a small
“add new one” click on it, and set your gateway to 172.16.1.254 which is the IP address of your Modem1

Do the same thing to WAN2
Set the IP Address to 172.16.10.1/24
Gateway 172.16.10.254

For LAN, set the IP address to 192.168.1.1/24 and note: in this case do not set any gateway
Make sure to uncheck the “block private networks” and “block bogon networks”

For Wireless Interface
Set IP Address to 192.168.10.1
Also no gateway on this interface

Now we need to add two different DNS server, one pointing to WAN1 and the other one to WAN2, in our example below we use googleDNS for WAN1 and openDNS to WAN2

Go to System > General Setup

Next we need to edit the monitor IP address for each gateway

Go to System > Routing

On WAN1 set the Monitor IP to googleDNS – 8.8.8.8

On WAN2 set the Monitor IP to openDNS - 208.67.222.222

Monitor IP is the “always up” server from the internet that allow to response ICMP packet

Next we need to create a group for each connection
Go to System > Routing > Groups
Click the (+) button, set the group name to “LoadBalance”
Also set the gateway priority to same tier, just select “Tier1” to each gateway, on Trigger Level set to “Packet Loss or High Latency” and you can set the description anything you want. Press Save to save our configuration.

Next we need to create another group call “Failover1” if WAN1 fail then it will go automatically to WAN2

Set the group name to “Failover1” also set the gateway priority to different tier, select “Tier1” for gateway1, and “Tier2” for gateway2, on Trigger Level set to “Packet Loss” and again you can set the description anything you want. Press Save to save our configuration.

Again, we need to create another group call “Failover2” in this case if WAN2 fail then it will go automatically to WAN1

Set the group name to “Failover2” also set the gateway priority to different tier, select “Tier2” for gateway1, and “Tier1” for gateway2, on Trigger Level set to “Packet Loss” and again you can set the description anything you want. Press Save to save our configuration.

The configuration should look like this

To make all this configuration work, we need to apply it to our firewall rule
Go to Firewall > Rules
Select LAN tab, click on (+) button to add a new rule
Set Protocol to - Any
Source to – LAN Subnet
Description to – Anything you want
Leave the other settings to default
And in the “Advance features” set the Gateway to – LoadBalance, that is the group we just created.