Are you using pfSense in your environment? Do you have spotty internet service? Do you need higher availability internet access? Well, this could be an answer for you.

If you have a remote office location, or you yourself are in a remote location, reliable access to the internet can be a challenge. I found out how true that is for myself when I moved to the middle of nowhere. When I moved, I found myself stuck with DSL service that is prone to outages and little to no cell phone coverage.

In order to get cell service at my location, I have to use directional antennas on the outside of the house and signal repeaters, and even then it's not very good. But, it was good enough to give me a back up to the spotty DSL service I was stuck with. With a 4G modem I was able to bring another method of connecting to the internet into the house even if it performed worse than the DSL.

Luckily Elon finally hooked me up and I now have StarLink which is a lot better, but not without it's own flaws. I've since moved from a DSL connection with 4G backup to StarLink with DSL backup abandoning the 4G connection. Uptime is critical for me as I'm a full-time telecommuter and part of an on-call rotation. In order to solve for this, I use a pfSense router and have failover load balancing configured on it.


  1. Two internet service providers
  2. Hardware that can run pfSense as well as at least 3 NICs


After you have pfSense installed, you'll need to configure an additional WAN interface on your router. In my case, my DSL connection is configured as PPPoE and by StarLink connection is configured as DHCP. (I have the first revision of Dishy so I'm able to plug directly into my router without the need for double NATing)

I use interfaces em0 and em1 for this. Your configuration may look different. Once you have the interfaces configured, you'll want to duplicate the firewall rules for your WAN port to your secondary WAN port under Firewall->Rules.

Once you have that done, you'll need to go to System->Routing and make sure you have your gateways configured. There's nothing too special to this. Just click Add specify an interface, IPv4 or IPv6 and give it a name.


Next you'll want to go over to Gateway Groups and choose add. Set your configuration similar to what I have in the screenshot below, choosing which connection is your preferred connection by using Tier 1 and Tier2 and save the config.


Head back to the Gateways tab, and here your milage may vary. I had trouble with leaving the Default gateway IPv4 set to automatic, so I swapped it over to the Gateway Group I configured and am having much better results.


This should do it for the most part. There is one minor annoyance that I've been experiencing. I'm not sure if this is a pfSense thing or if it's a StarLink thing and haven't dug too far into it yet. After a failover and failback, sometimes DNS stops working. If this happens for you, just head on over to Services->DNS Resolver and uncheck "Enable DNS Resolver" save the config then re-enable it and save and you should be back online. It's not happening all the time for me, just on occasion.

Happy surfing!