Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Switching the default gateway after failure of the primary WAN has no effect

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 404 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacotec
      last edited by

      Hi,

      running pfSense+ 23.05.1 I have a primary WAN connection via PPPoE and a secondary connection via LTE router (Telekom company mobile data backup). I'm not using automatic switchover via gateway group as I need to pay each day I exceed 200MB (the failure scenario), and I want to avoid paying €6 each night the provider runs an update on the MSAN running the primary connection.

      I have a VPN up and running to my server in the Hetzner datacenter via the LTE router, so I have access to my homelab by this route in case the primary WAN fails.

      We've had a power outage this morning. Home and homelab were covered by my Diesel in the garage, but the provider MSAN failed after one hour. So I connected via my "emergency VPN" to pfSense and switched the default gateway in "System" --> "Routing" from my PPPoE-WAN which was down to my LTE router. Applied this setting - but still no machine in my LAN had internet access.

      Strangely pfSense itself was able to refresh the update information, so for pfSense the secondary way worked after switching the default gateway - but not for any machine behind pfSense.

      There are no static routes configured in addition - so the default gateway setting should be the only thing to change.

      Any idea why this did not work?

      Thanks for your ideas!

      Marco

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jacotec
        last edited by

        @jacotec
        I assume, your outbound NAT is in automatic mode, so that there are automatically generated rules for the LTE as well?

        Then try to flush the states after switching the gateway.
        You can also check System > Advanced > Miscellaneous > State Killing on Gateway Failure.

        J 1 Reply Last reply Reply Quote 1
        • J
          jacotec @viragomann
          last edited by

          @viragomann Thanks, I'll check that the next time (Primary is back meanwhile)!

          I'm not killing states at gateway failure, because sometimes pfSense assumes a failure (high packet loss) although there isn't any - killing states in this case would not be the best as I'm running all kind of self hosted services here. And nevertheless I have a fixed IP, so even when the WAN fails for a few seconds, existing states will be still fine.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.