Dual WAN with Failover Not Working
-
I have yet to figure out… Why won't pfsense let you configure a single monitor IP for multiple WANs as gateway monitor?
-
Ok, tried that too and it didn't work. It shouldn't be a DNS issue because we're trying to ping an IP address so there is no name for DNS to resolve.
Flaw in the software??
-
pfSense itself won't use the failover unless you've enabled the gateway switching checkbox.
-
No, mine works fine with multiple WANs with the same gateway. In my case the gateway doesn't respond to pings so I'm using 8.8.8.8 and 8.8.4.4. Settings them as the DNS servers for each WAN causes pfSense to create static routes forcing them through a particular logical interface.
-
Where is the gateway switching check box?
-
It's somewhere in the general settings. That checkbox is only for pfSense's traffic itself to failover. Conditional routing for LAN clients will still failover regardless. This is why you must specify a gateway for each DNS server. That way DNS forwarding works even if gateway switching is disabled.
-
Here is my routing table and gateway status.
Notice that in STATUS>GATEWAYS it is still showing that it's pinging on WANGW (WAN 1) even though Internet traffic is disabled for that gateway.
 -
Here is Firewall Rule for LAN, Gateway Groups, and Gateways.
-
Here is my General Setup…
Also, I cannot find the checkbox for gateway switching.
Hopefully these screenshots help; please let me know if another shot would help.
THANKS!
 -
Also, just for informational purposes… here is a Visio diagram of the setup I have for testing purposes of dual WAN with failover. I have to do this in a lab environment to prove the concept before I can do this for a client and have their site taken down.
On "Router 1" in the diagram, I can physically disconnect that ethernet cable to the pfSense WAN and the pfSense WILL failover to the OPT WAN (WAN2); however, as noted in the diagram, when I create a firewall rule on "Router 1" to block any/all Internet traffic the pfSense does not see this... it thinks it can still ping its monitor IP even though the client PC and the pfSense ping tool cannot ping the monitor IP. In essence, the pfSense is failing over for physical loss but NOT packet loss.
Hope this may add some clarity too.
 -
Anyone??
I'd like to get the pfSense working… just for proof of concept, I tried the exact same network schema setup with a Cisco RV042 Dual WAN router and it worked beautifully with about 10 min of setup.
Please help.
Thanks,
Steve
-
Here is my General Setup…
Also, I cannot find the checkbox for gateway switching.
Hopefully these screenshots help; please let me know if another shot would help.
THANKS!
That b'cos you're looking at the wrong menu. It's under System -> Advanced -> Misc " Allow default gateway switching"
Give this thread a read http://forum.pfsense.org/index.php/topic,64612.msg350227.html#msg350227
I've explained fail-over clearly in there. Good Luck! -
I found gateway switching but checking that box hasn't made this work either.
Also, srk3461, I think I've done what your other article says to do… What am I doing wrong? Do I need to have all 3 groups and LAN rules even if I'm NOT load balancing?
-
First make it work with a single pfSense box with two public IP WAN interfaces so you understand exactly how to configure pfSense. Then build your (unnecessarily) complex network around it.
-
Nothing works better for fail-over than two of the same ISP…
-
-
:( Ok. I understand that one doesn't want dual WAN from the same ISP/modem in a production environment but I have to TEST this in a lab environment before I can put it in a production setting where it doesn't work! This "unnecessarily complicated" network as you say is essentially the exact same setup as having 2 modems from 2 ISPs.
Why does the pfSense NOT fail over to WAN2 when the Internet traffic on WAN1 goes out? And for proof of concept, I used a Cisco RV042 in the same "unnecessarily complicated" network and the Cisco worked.
I think there is a software flaw with pfSense and the dual WAN failover. You guys using it say it works, but are you dropping physical link for it to fail, because that does work. Dropping Internet packets does not work though!!!!!
I'm begging for help from you guys, so please help if you can; I don't need the sarcasm or rude comments.
-
So, you are saying failover from packet loss doesn't work?
How are you simulating packetloss?
-
Failover pased on a packet loss threshold does work. It works by default.
-
If failover isn't working based on simulation of packet loss then:
Either its broken or
The settings are wrong or
Packet loss is not being done effectively to cause a failover.
Thats why I'm asking how are the packets being dropped.