25.07 - no default gateway being set if default route is set to a gateway group and the Tier 1 member interface is down
-
Yes, there's been much discussion about this, and for many many years. That it keeps coming up is a testament to the fact that for many people, a more robust solution is warranted.
In the redmine you linked, the final comment (from @jimp himself) sums it up nicely:
dpingeris only a daemon that pings and reports responses. It doesn't make decisions about what is good or bad for a pfSense gateway as a whole only its specific single target. It isn't up to dpinger to handle multiple targets or different protocols.What is needed is more like some middleware-ish daemon to sit between pfSense and other gateway monitoring daemons like dpinger (cough cough, gwmond) that would be capable of coordinating multiple monitoring techniques for each gateway and making more informed decisions about their status.
Given the responses on the dpinger github it appears its author agrees that it's out of scope for dpinger itself.
I agree with Jim (and you @dennypage) that dpinger already does its job well, and should stay focused and simple. I do think pfSense needs that yet-to-be-coded "middleware" which could do a better job of orchestrating multiple dpinger instances + possibly other check methods such as curl/wget fetches to test under conditions where ICMP isn't good enough to rule out false positives/negatives.
-
@stephenw10 said in 25.07 RC - no default gateway being set if default route is set to a gateway group and the Tier 1 member interface is down:
Add a 3rd dummy gateway that always remains up to provide a default route. Add that to the failover group as some high tier.
Maybe I’m doing something wrong, but when I create a dummy interface, set it to the lowest priority (ex, Tier 3—we don’t really use it as a gateway, right?), and then configure the other two gateways with the “Do not create static routes” option enabled, after a reboot I get the LANGW status “pending” and no default route. So this needs to be another option activated on dummy, "Disable Gateway Monitoring Action"?
-
If it's showing as pending that implies the gateway is not available yet which should never be true for a local interface/IP address. You set something that actually exists I assume?
-
@stephenw10
Yes, it is LAN interface. And it was working fine untill I rebooted pfSense. -
Hmm, I didn't have that issue in testing. Is the interface linked/UP? I have seen problems with that in the past but my test interface was not.
-
@stephenw10
I think "Disable Gateway Monitoring Action" did the trick. It seems to be working as it should now.
Yes, interface is definitely UP, because I am using it to reach the GUI. -
Hmm, that's odd. I would expect that always be available.
-
@stephenw10
Yep, there’s definitely something going on. I’ve run into this before several times, but unfortunately I don’t remember all the details and the logs are already gone. All I remember is that at first it wasn’t related to “Do not create static routes” in my case—but my memory has failed me more than once.
-
@stephenw10 / @marcosm any chance we can relocate this busy/lively thread to the regular Routing and Multi WAN section? It seems it isn't and probably never was specific to 25.07 RC anymore...
-
M marcosm moved this topic from Plus 25.07 Develoment Snapshots (Retired) on
-
@stephenw10
I can confirm that using this workaround for IPv6 also fixes the issue when you have multiple WAN gateways with IPv6.
If the default IPv6 gateway is set to Automatic and you configure a failover group where one gateway is PPPoE WAN and the other is DHCP WAN, the firewall either fails to obtain an IPv6 address for the PPPoE connection, or obtains it but then rejects it.When Automatic is overridden by manually selecting the PPPoE IPv6 gateway, everything works fine while the PPPoE link is active. However, if the PPPoE link goes down for any reason, the default IPv6 gateway disappears.
That’s why many DNS queries are not served by Unbound, and users can only open some websites.
Your workaround seems to solve this problem.I created a gateway group from my IPv6 WAN interfaces and added a dummy IPv6 gateway using a link-local address.
Then I selected this group as the default gateway.
Now it seems that everything is working as intended. -
Ah, good to know! Sure would be nice not to need it though....
