MultWAN Failover (Gateway Group WAN+MODEMppp) does not change default GW.

mrzaz

Hello,

I am trying to setup a plain failover scenario with a normal WAN + USB 3G modem PPP but have
problem that router does not change default GW to Tier2 during failover but still sticking to WAN GW (Tier1).

I have a "ppp0 /dev/cuaU0.0" defined and an interface "MobileWAN" as IPV4 type PPP with correct APN.
If I check the interfaces I get the following:

MOBILEWAN Interface (opt3, ppp0)
Status    up
PPP    up
Uptime (historical)    01:32:01(00:01:53)
Cell Signal (RSSI)    rssi:25 level:-63dBm percent:81%
Cell Mode    None, No Service Mode
Cell SIM State    Invalid SIM/locked State
Cell Service    No Service
Cell Upstream    5625
Cell Downstream    8438
Cell Current Up    2
Cell Current Down    2
MAC Address    00:00:00:00:00:00
IPv4 Address    79.102.3.99
Subnet mask IPv4    255.255.255.255
Gateway IPv4    10.64.64.0
IPv6 Link Local    fe80::82ee:73ff:fe18:9ab8%ppp0
MTU    1492
In/out packets    6354/13551 (350 KiB/574 KiB)
In/out packets (pass)    6354/13551 (350 KiB/574 KiB)
In/out packets (block)    183/0 (24 KiB/0 B)
In/out errors    0/0
Collisions    0

I have verified to traceroute using the Src IP and it seems to work OK.  It goes out the PPP route instead of WAN.

In the Routing/Gateways Tab I have added a working IP for the MonitorIP as it is normally cloaked with ppp.
I have set the weight to "2". (And weight "1" on the WAN Gateway).  WAN Gateway is set as "Default Gateway".

I have created a Gateway Group called "FailoverMOBILE" and selected WAN gateway as "Tier1" and MOBILEWAN_PPP as "Tier2"
and the trigger level (right now) to "Member Down".

I have also added 2 DNS addresses on the MOBILEWAN under General Setup as well as added MOBILEWAN to the outgoing NIC in DNS Resolver.

If I then check Status/Gateways both WAN + MOBILEWAN_PPP shows RTT and Loss figures OK and Status is ONLINE on both.
If I then check Status/Gateway Groups, Tier1 WAN ONLINE and Tier2 MOBILEWAN_PPP ONLINE.
If I check the Routes table, WAN GW is the "default".

I then try to trigger a fault by disconnecting the WAN cable and then the WAN in Gateway and Gateway Groups goes OFFLINE.
BUT, even after waiting minutes the "default" gateways in Routes still points to WAN GW IP.
And when trying traffic from inside LAN i get "Destination host unreachable" from pfSense machine. (which is normal as the GW still points to WAN)

If I then force the MOBILEWAN_PPP as "Default Gateway" in the Gateways tab manually, then traffic resumes and i can surf from inside igain. (using MOBILEWAN GW)

Question is why the router does not change the default gateway to MOBILEWAN_PPP when the WAN Gateway is marked OFFLINE?
Anyone who has an idea?

I am running:
Version 2.3.2-RELEASE (amd64) built on Tue Jul 19 12:44:43 CDT 2016 FreeBSD 10.3-RELEASE-p5
Platform pfSense
CPU Type Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz 4 CPUs: 1 package(s) x 4 core(s)

Best regards
Dan Lundqvist
Stockholm, Sweden

UPDATE:  I tried to change to "Packet loss" in Gateway Group but it still did NOT change the "default" gw to PPP but sticks to WAN IP that is disconnected/DOWN.
General log shows:
Aug 20 20:28:05 php-fpm 17795 /rc.newipsecdns: MONITOR: Alltele is down, omitting from routing group FailoverMOBILE
Aug 20 20:28:06 xinetd 12378 Reconfigured: new=0 old=1 dropped=0 (services)
Aug 20 20:28:06 xinetd 12378 readjusting service 6969-udp
Aug 20 20:28:06 xinetd 12378 Swapping defaults
Aug 20 20:28:06 xinetd 12378 Starting reconfiguration
.
Aug 20 20:28:05 php-fpm 17795 /rc.filter_configure_sync: MONITOR: Alltele is down, omitting from routing group FailoverMOBILE

Gateway log shows:
Aug 20 20:32:10 dpinger Alltele 87.96.165.1: sendto error: 65
numerous times….

kennsington

Just from your description it sounds like you have the gateways and groups setup correctly.

Have you actually directed traffic to your gateway groups? You would do that in Firewall > Rules. Create a rule on LAN that Originates with LAN Net and is destined for anything. Change the gateway to your gateway group.
Take a look at step 5: http://www.tecmint.com/how-to-setup-failover-and-load-balancing-in-pfsense/2/

There is an option in the settings to automatically change the default gateway, but that's not necessary when using gateway groups.

mrzaz

I think you are on to something.  I checked the Hangout video for MultiWAN that explained it.  Thanks for steering me in the right direction. :-)

//Danne

@kennsington:

Just from your description it sounds like you have the gateways and groups setup correctly.

Have you actually directed traffic to your gateway groups? You would do that in Firewall > Rules. Create a rule on LAN that Originates with LAN Net and is destined for anything. Change the gateway to your gateway group.
Take a look at step 5: http://www.tecmint.com/how-to-setup-failover-and-load-balancing-in-pfsense/2/

There is an option in the settings to automatically change the default gateway, but that's not necessary when using gateway groups.