Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-Wan - Default Gateway Down But Not Switching to Other Gateway

    Scheduled Pinned Locked Moved
    2.1 Snapshot Feedback and Problems - RETIRED
    3
    7
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfskb
      last edited by

      pfSense-Full-Update-2.1-BETA1-amd64-20130411-0701.tgz

      Quick overview.  Box has two WAN ports (A and B) and one LAN port connected to another router that has the actual networks connected to it.  WAN port A is set as the default gateway.  There is no cable currently plugged into WAN port A.  WAN port A status is down but it does not switch to another gateway.  This was working OK in the release version and an earlier 2.1 beta version, if WAN port A is down it switches the default gateway to the other defined gateway for WAN port B.  I wanted to check out the beta again and noticed this wasn't working the same.

      Side note.  In the release version, if WAN port A goes down, to keep it from using the LAN gateway as default I had to put an unroutable IP in the monitor IP field so that it always thought the LAN gateway was down and wouldn't select it as a default gateway.  I need to point static routes to the LAN gateway for networks serviced by the core router, it would be nice if I could flag that gateway "never use as default gateway".

      1 Reply Last reply Reply Quote 0
      • F
        fragged
        last edited by

        There should not be a gateway set up for LAN. Any interface with a gateway is considered WAN on pfSense as far as I know.

        For WAN failover you need to create a gateway group with the two WAN gateways. http://doc.pfsense.org/index.php/Multi-WAN_2.0

        1 Reply Last reply Reply Quote 0
        • P
          pfskb
          last edited by

          That makes sense, the only reason I added it was so I could add static routes pointing to the LAN gateway for networks located behind another router otherwise they would go out the WAN gateways.  The LAN network is just a transit network.  Guessing I could just add routes using shellcmd on boot to point those networks to the LAN interface to avoid using the gateway.

          For the first part of the post, hoping someone could confirm the default gateway not switching when it is down with the latest beta?  The gateway groups are working fine but because the default gateway is down and isn't switching, the OpenVPN client I have setup breaks because it doesn't use the gateway groups.

          1 Reply Last reply Reply Quote 0
          • F
            fragged
            last edited by

            @pfskb:

            For the first part of the post, hoping someone could confirm the default gateway not switching when it is down with the latest beta?  The gateway groups are working fine but because the default gateway is down and isn't switching, the OpenVPN client I have setup breaks because it doesn't use the gateway groups.

            Have you set your OpenVPN server/client to use the gateway group and not the actual WAN interface? I don't have any clients set up, but the server has an option to bind to WAN or the WAN gateway group. Also it could be your outbound NAT or FW rules that messes it up? Make sure both use the GW group where need be.

            1 Reply Last reply Reply Quote 0
            • P
              pfskb
              last edited by

              Thanks, that was it.  I honestly thought it was a bug because I was so used to the way I was using it in the release version I didn't think to add the gateway groups to the OpenVPN client.

              That solves that problem but now I'm back to a weird problem that made me try beta versions to begin with.  Adding a second network in OpenVPN Client > IPv4 Remote Network/s (eg:  192.168.8.0/24, 192.168.7.0/24) will cause my setup to break everytime.  I can only get it to work with one network on the client side.  Traceroutes confirm that the traffic does not go over the OpenVPN interface when I have two in the list.  If I just have one network or the other, it works fine.  Obviously a completely different matter that might require a visit to IRC or a different post.

              Thanks again.

              1 Reply Last reply Reply Quote 0
              • P
                pfskb
                last edited by

                Solved the problem I mentioned in the last post.

                My LAN rules have a rule setup to pass any traffic from the LAN interface to the gateways group I created for multi-wan failover purposes.  This worked fine with an OpenVPN client setup that only had one remote network specified.  When I add the second network, I couldn't route to either remote network.

                I had to add a LAN rule that stated any traffic from any source destined to the 2nd remote network 192.168.7.0/24 send to the default gateway (don't use gateway groups).  This makes everything work with multiple remote networks specified on the OpenVPN client.

                Note that I don't have to add a LAN rule for the remote network if there is only one remote network (192.168.8.0/24), it is as if the first network specified in the OpenVPN client always routes properly and any subsequent networks specified need a LAN rule defined that points them to the default gateway as opposed to the gateway group.  Might be a bug?

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  Just a consequence of how the auto-added policy routing negation rules work, that's how it's supposed to work.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.