Failover with LTE as backup
-
I use an LM1200 as a backup and didn't have to do anything special to be able to access the management address. The device set up the route on its own and no extra rules were needed.
I'm not sure if it matters, but try disabling "Block private networks and loopback addresses" on the LTE interface.
-
@VincentEmmanuel WAN or LAN surely that's just a label?
-
@dem Yes I have unchecked those. I can ping ok from the pfsense box, but not from my computer which is on my LAN
-
Is your computer perhaps on a VPN that might be preventing traffic to the management address from getting to pfSense?
My computers are normally on a VPN and I have to explicitly advertise the routes to management addresses.
-
@dem I have a site to site VPN using IPSEC that's all.
-
@tac12 LAN and WAN is not just a label. WAN is a gateway for traffic to go out while LAN is just an internal network.
The modem should have a public IP issued by the ISP when its connected and when setup as a WAN it should be visible in pfsense as one of its WAN gateways. Then you can create a gateway group and use it as a failover WAN.
That is what you are trying to achieve right?
-
pfSense needs to know to route traffic that IP via the LAN3 interface. So one way to do that is to add an IP alias on LAN3 of, for example, 192.168.5.254/24.
You may need to also add an outbound NAT rule so that the modem sees all traffic as coming from 192.168.5.254 and has a route to reply.
Steve
-
@stephenw10 The LM1200 DHCP server sends "Static-Route Option 33" with the management address so my pfSense sets up the route on its own, no VIP needed. The fact that @tac12 can ping the management address from pfSense seems to indicate that the route is working.
But it seems like either clients are choosing a route other than pfSense for that address, or there's some rule on LAN matching before the default allow rule.
The first time I connected this modem and was able to access the management interface without any changes to pfSense I just about fell out of my chair. It just worked! But I don't know why it doesn't work for @tac12.
-
He might have a policy routing rule on LAN forcing that traffic via the other WAN. Traffic from pfSense itself doesn't hit that.
-
@stephenw10 actually I'm an idiot, and am embarrassed to admit that I had forgotten to turn Outbound nat back to automatic!
Im now going to finish by following https://joshspicer.com/lte-failover-pfsense
Apologies for wasting your time, and many thanks for your response
