How do I failover with this setup?

cmb

Not enough info there, how does your routing work outbound? The entire /27 is assigned to an internal interface? What's the default gateway of the hosts on that /27? If you have no IPs on your WANs, sounds like something upstream is handling your routing, that would be a very unusual setup though.

Phil

Thanks for your help.

The two modems are simple bridges. The /27 is routed over both of them, by the ISP, and the gateway is run by the ISP on the first usable IP in the /27. In essence, neither WAN interface has an IP and the DMZ interface has the second usable IP assigned to it using the first usable IP as its gateway.

cmb

That is an atypical setup. In that case, the firewall has no bearing on what traffic goes where and can't impact failover or routing in any fashion.

Phil

Thanks for the info. The setup has been tweaked and I'm now presented with two PPPoE connections. When dialed, they both get the same IP address and thus can't be dialed at the same time.

Is there a way, in pfsense, to dial connection #1 ordinarily, dial connection #2 if #1 fails and then disconnect #2 when #1 successfully re-dials? Or is there a better way to manage this?

Thanks

Phil

I'm pondering the usefulness of PPPoE Dial-on-Demand mode for this. Would it be possible to use this to achieve some kind of auto failover?

Phil

jimp

No, that wouldn't help you. Dial on Demand could trigger if the firewall tries to do something itself, too, such as sync with ntp or from a cron job.

Also Dial on Demand does not automatically disconnect.

Phil

Thanks for your help. I have scripted it for now, which seems to be working. Does anyone know of a way to do this in the standard pfsense release?

Thanks

jimp

To have two WANs get routed the same IP block by the ISP? Not using the normal Multi-WAN features. You could keep both WANs up all the time and run a routing protocol such as OSPF or BGP between your and your ISP, but that's up to your ISP.

cmb

MLPPP or a routing protocol (usually BGP) would be the only two options with any software to accomplish that.

Phil

Ok, thanks for the info. MLPPP isn't an option as the links are different speeds and I'm not sure I pay the ISP enough to warrant a BGP setup ;)

I'll stick with the failover script for now.