No email alert/notification on gateway down
-
@stephenw10 You may be on to something. Is there a different way of setting up wireguard so that the gateway is NOT the interface ip addr?
Or should the gateway be a peer?
-
I mean I expect it to be using the gateway IP unless you set it to something else. Using the local interface IP makes no sense to monitor.
-
@stephenw10 I think my strategy is wrong.
There's 2 peers - pf and remote target. I want pfsense to notify me if it can't ping remote peer.
-
Yes. By default the gateway monitoring pings the gateway which here is the remote peer. For some reason your screenshot shows the monitoring set to the local peer IP not the gateway. Normally that would only be because it's been configured as that by the user.
-
@stephenw10 That begs the question then do I even need a gateway ip defined in this use case?
It seems even without the gateway defined for the wg interface, im still able to access the remote peer from local lan and other vlans (that have proper firewall permissions). In addition, I can access pfsense lan side resources from the remote peer with proper firewall rules.
-
You only need a gateway of you want to route traffic via it. If this is a remote-access type setup where the connecting peers are all client devices then no you don't need a gateway defined in pfSense.
-
@stephenw10 Consider traffic from lan (say 192.168.1.0/24), to get to 10.7.1.0/24, that has to go through some gateway no? Same for traffic originating at 10.7.1.0/24. Or pfsense sets these routes up internally?
-
If it's a locally connected subnet then it will just be forwarded directly.
-
@stephenw10 Thank you for the clarification.
Question still stands then, is it possible to monitor that remote peer without using a custom script?
-
Yes, you can set it as a gateway. You don't have to route anything to it if there's no subnet behind that peer to route to,.
