Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    87 Posts 5 Posters 8.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chpalmerC
      chpalmer @preston
      last edited by

      @preston Yes.. you have to set your pfsense CL WAN to static and use something like 192.168.0.5 as its address and 192.168.0.1 as its gateway.

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      P J 2 Replies Last reply Reply Quote 0
      • P
        preston @chpalmer
        last edited by

        @chpalmer said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

        @preston Yes.. you have to set your pfsense CL WAN to static and use something like 192.168.0.5 as its address and 192.168.0.1 as its gateway.

        I did try those settings in pfSense but couldn't get the CenturyLink WAN connection to show online. So, for now at least, I have CenturyLink as WAN2 with the IPv4 config type as DHCP.

        1 Reply Last reply Reply Quote 0
        • J
          jimeez @chpalmer
          last edited by

          @chpalmer said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

          @preston Yes.. you have to set your pfsense CL WAN to static and use something like 192.168.0.5 as its address and 192.168.0.1 as its gateway.

          I think in @preston 's and my setup it's OK to leave it as DHCP if we are reserving the address in the CL modem for the MAC address of the pfSense interface. It's worked for me so far. I have the DHCP service active on the CL modem, reserved an IP address of 192.168.0.2 for the pfSense MAC on WAN 2, and kept the pfSense CL WAN set to DHCP. So far so good. The connection has been solid other than the daily 4:00 AM EST brief down time.

          The only problem that remains for me is that now I have CGNAT on both of my connections. Used to be able to use the CenturyLink connection for Dynamic DNS ....which gave me a remote gateway into my network via WireGaurd. So this is now toast as well as some other port forwarding like XBOX open NAT and a handful of others.

          Would really LOVE to better understand what happened that caused the transparent bridge mode to just stop working after it worked for nearly two years.

          P 3 Replies Last reply Reply Quote 0
          • P
            preston @jimeez
            last edited by

            @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

            Would really LOVE to better understand what happened that caused the transparent bridge mode to just stop working after it worked for nearly two years.

            I agree. Things worked just fine for a long time on my end too.

            1 Reply Last reply Reply Quote 0
            • P
              preston @jimeez
              last edited by

              @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

              The only problem that remains for me is that now I have CGNAT on both of my connections. Used to be able to use the CenturyLink connection for Dynamic DNS ....which gave me a remote gateway into my network via WireGaurd. So this is now toast as well as some other port forwarding like XBOX open NAT and a handful of others.

              • I have had great success with Tailscale to access my network while away. Its free and gets around CGNAT.

              • Not sure what DYN DNS service you are using, but I noticed that there are Dynamic DNS settings in my CL modem interface.

              J 1 Reply Last reply Reply Quote 0
              • J
                jimeez @preston
                last edited by

                @preston said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

                I have had great success with Tailscale to access my network while away. Its free and gets around CGNAT.

                Are you running that on your pfSense device?

                P 1 Reply Last reply Reply Quote 0
                • P
                  preston @jimeez
                  last edited by

                  @jimeez

                  Yes, there is a Tailscale pfSense package. I am able to access the home (pfsense) network with my phone and laptop when I'm away.

                  J 1 Reply Last reply Reply Quote 0
                  • P preston referenced this topic on
                  • J
                    jimeez @preston
                    last edited by jimeez

                    @preston said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

                    @jimeez

                    Yes, there is a Tailscale pfSense package. I am able to access the home (pfsense) network with my phone and laptop when I'm away.

                    Yep. Got that up and running no problem. I really like having it instralled on the pfSense device rather than a client machine like how I was using WireGuard (on an unRAID box). But I don't see how this is going to help get around the CGNAT specific to port forwarding for things like the XBOX and say a bittorrent client. I still cannot get an open NAT on the XBOX.

                    But anyway, I'm (mostly) very satisfied with this current solution. It's got me back to a solid stable dual WAN failover setup and has helped me iron out a couple other kinks in my network as I started fresh from scratch on a new device. Can't thank @chpalmer enough for his suggestion.

                    1 Reply Last reply Reply Quote 1
                    • P
                      preston @jimeez
                      last edited by

                      @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

                      The only problem that remains for me is that now I have CGNAT on both of my connections. Used to be able to use the CenturyLink connection for Dynamic DNS ....which gave me a remote gateway into my network via WireGaurd. So this is now toast as well as some other port forwarding like XBOX open NAT and a handful of others.

                      I was thinking more about this issue today. Is your CenturyLink really a CGNAT connection?

                      Can you use a policy routing rule to send the device you want out through the CenturyLink WAN? For example, I set up a rule where my Synology NAS uses only the CenturyLink connection. I use Synology's DYNDNS service, opened a port on the CenturyLink WAN, and use that for an OpenVPN connection. Would something like that work for your setup?

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        jimeez @preston
                        last edited by

                        @preston said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

                        Is your CenturyLink really a CGNAT connection?

                        You know, I'm not really sure anymore. I just spent some time reading up on it and running some tests. Apparently it's not. And it seams like the StarLink connection no longer is either.

                        I'm pulling a 98.97.xx.x IP address for the SL connection and a 75.165.xx.xxx IP address for the CL connection. pfSense sees them as 100.64.x.x and 192.168.0.1 respectively, but when I check my IP address on "what'smyIP" that's what I get. The XBox now shows open NAT to boot. So I'm not quite what I did (if anything) to fix this. But it's working now. Maybe the TailScale settings I applied did something? I also enabled UPnP & NAT-PMP.

                        Whatever happened, everything is back to normal. Better than normal actually.

                        P 1 Reply Last reply Reply Quote 1
                        • P
                          preston @jimeez
                          last edited by

                          @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:
                          I also enabled UPnP & NAT-PMP.

                          Whatever happened, everything is back to normal. Better than normal actually.

                          Good deal. Just a guess but I would think that UPnP and/or NAT-PMP would help.

                          Thanks to you and @chpalmer for solving this issue!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.