Last week, my internet went down during a critical work call. Again.
I have two ISP connections at home—Mach 1 (500 Mbps) and Airtel (200 Mbps)—but I was only using one at a time. When Mach 1 dropped, I'd manually switch cables to Airtel like a caveman. There had to be a better way.
48 hours later, I had both connections load-balanced through a single router, with automatic failover. Total cost? ₹0—I used hardware I already had.
The Problem
India's internet infrastructure is... unpredictable. My Mach 1 fiber is blazing fast but drops once a week. Airtel is rock-solid but slower. I wanted:
- Automatic failover — If one ISP dies, traffic shifts instantly
- Load balancing — Use both connections simultaneously
- Single network — One SSID, one LAN, no manual switching
Consumer "dual-WAN" routers exist, but they're either expensive (₹15,000+) or garbage. I needed something proper.
The Hardware I Had
Here's the thing about homelabs—you accumulate hardware. In my drawer:
| Device | Specs | Original Purpose |
|---|---|---|
| Dell Latitude E7250 | i5-5300U, 8GB RAM, 256GB SSD | Old work laptop |
| TP-Link SG105E | 5-port Gigabit Managed Switch | Gathering dust |
| Tenda AC10 | Dual-band router | Mach 1's router |
| Airtel GPON | Fiber ONT | Airtel's modem |
Total new purchases: ₹0.
The Dell laptop has only one Ethernet port. Most guides would say "buy a USB NIC" or "get a proper router." I said: "VLANs."
The Architecture
The magic is using 802.1Q VLANs to carry multiple networks over a single cable. The TP-Link SG105E—a ₹2,000 switch—supports this.
One cable to the Dell laptop carries three isolated networks:
- VLAN 10: Mach 1 WAN (PPPoE)
- VLAN 20: Airtel WAN (DHCP)
- VLAN 30: My home LAN
Step 1: The Switch Configuration
The SG105E has a web interface for VLAN configuration. Here's what I set up:
802.1Q VLAN Table
| VLAN ID | Name | Tagged Ports | Untagged Ports |
|---|---|---|---|
| 10 | WAN1 | Port 1 | Port 2 |
| 20 | WAN2 | Port 1 | Port 3 |
| 30 | LAN | Port 1 | Port 4, 5 |
PVID Settings
| Port | PVID | Purpose |
|---|---|---|
| 1 | 1 | Trunk (all VLANs tagged) |
| 2 | 10 | Mach 1 ingress |
| 3 | 20 | Airtel ingress |
| 4 | 30 | LAN devices |
| 5 | 30 | LAN devices |
This took 10 minutes. The switch does the packet tagging; pfSense sees three separate interfaces over one wire.
Step 2: Installing pfSense
I grabbed the Netgate Installer (pfSense's official installer) and wrote it to a USB drive:
gunzip -c netgate-installer-amd64.iso.gz | sudo dd of=/dev/sdf bs=4M status=progress
One snag: the Dell E7250 has an Intel WiFi card that crashes FreeBSD's kernel. The fix? Disable WiFi in BIOS. This is a router—it doesn't need WiFi.
The installation was straightforward until interface assignment. When pfSense asked about VLANs, I created:
Parent interface: em0
VLAN 10 → em0.10 (WAN)
VLAN 20 → em0.20 (WAN2)
VLAN 30 → em0.30 (LAN)
Step 3: Configuring Dual-WAN
With pfSense installed and interfaces assigned, configuration happens in the web GUI.
WAN Interface (Mach 1)
Mach 1 uses PPPoE authentication:
| Setting | Value |
|---|---|
| IPv4 Type | PPPoE |
| Username | your_username |
| Password | your_password |
WAN2 Interface (Airtel)
Airtel is simpler—just DHCP:
| Setting | Value |
|---|---|
| IPv4 Type | DHCP |
The Gateway Group
This is where the magic happens. Under System → Routing → Gateway Groups, I created:
| Gateway | Tier |
|---|---|
| WAN_DHCP (Mach 1) | Tier 1 |
| WAN2_DHCP (Airtel) | Tier 1 |
Both at Tier 1 = Load Balancing. Traffic distributes across both ISPs.
If I wanted pure failover (Airtel only when Mach 1 dies), I'd set Airtel to Tier 2.
Applying to LAN Traffic
Finally, edit the default LAN firewall rule and set the Gateway to LoadBalance_WAN.
The Result
Status → Gateways
| Gateway | IP | RTT | Loss | Status |
|------------|-------------|---------|------|--------|
| WAN_DHCP | 192.168.0.1 | 0.843ms | 0.0% | Online |
| WAN2_DHCP | 192.168.1.1 | 0.638ms | 0.0% | Online |
Both gateways online. Both ISPs active. One network.
What I Learned
Lesson 1: VLANs are underrated.
A single Ethernet port + a cheap managed switch = infinite virtual interfaces. Most "you need more NICs" advice is wrong.
Lesson 2: Load balancing ≠ Bonding.
This confused me initially:
| Type | What Happens | Speed Test Result |
|---|---|---|
| Load Balancing | Each connection uses one WAN | ~500 Mbps OR ~200 Mbps |
| True Bonding | Single connection uses both | ~700 Mbps combined |
pfSense does load balancing—great for multiple devices/streams, but a single speed test won't show 700 Mbps. True bonding requires MPTCP and a cloud aggregation server (Speedify, OpenMPTCProuter).
Lesson 3: Gateway monitoring is critical.
Set the Trigger Level to "Packet Loss or High Latency." Without this, pfSense won't detect a degraded-but-not-dead connection.
The Financials
| Item | Cost |
|---|---|
| Dell E7250 | ₹0 (already owned) |
| TP-Link SG105E | ₹0 (already owned) |
| USB Drive | ₹0 (already owned) |
| Total | ₹0 |
Monthly benefit:
- No more dropped calls during ISP outages
- Both connections utilized instead of one sitting idle
- Professional-grade routing without professional-grade prices
Current Setup
The Dell E7250 now runs 24/7 as my home router. Power draw is ~15W idle. It handles:
- Dual-WAN load balancing + failover
- NAT for 30+ devices
- Firewall rules
- Future: VPN server, traffic shaping, pfBlockerNG
The laptop screen stays closed. It's headless, fanless (at idle), and silent.
Quick Reference: Complete Port Map
FINAL SETUP
Discussion
Have you set up dual-WAN at home? Did you go the pfSense/OPNsense route, or use a commercial solution? What's your ISP redundancy story?
Drop a comment below—I'd love to hear how others are solving the "Indian ISP lottery" problem. 👇
Top comments (0)