Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reset States on Recovery of Tier 1 WAN in Gateway Group

    Scheduled Pinned Locked Moved Routing and Multi WAN
    17 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      renat_kaa @dragoangel
      last edited by

      @dragoangel, I got it, thanks! Anyway, this worked for me and a number of pfsense users. And I didn't say about ISP dns. Public dns is good point.

      1 Reply Last reply Reply Quote 0
      • X
        Ximulate @dragoangel
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • X
          Ximulate @dragoangel
          last edited by

          @dragoangel Your suggestions look good, thank you. I'm barely proficient at bash scripting, so I'll make small improvements as necessary or time permits.

          1 Reply Last reply Reply Quote 1
          • X
            Ximulate @renat_kaa
            last edited by

            @Renat Yes, I did. Thank you for the suggestion anyway.

            1 Reply Last reply Reply Quote 0
            • V
              venix91 @Ximulate
              last edited by

              @Ximulate the link you provided ( https://github.com/mk-fg/pfsense-scripts ) worked great for my needs. I have a Netgeate SG3100. I have a cable modem connection as my primary WAN, it's flaky in the evening so i got a Netgear LB1121 LTE modem and a Ting GSM Sim to use for failover. It works great except when the gateway group fails back over to the cable modem gateway many states are left alive on the metered LTE connection. I was able to bandaid this by manually killing the states however i wanted this to be automatic. I struggled to find a way to automatically kill the states on primary gateway fallback and until i came across your post i thought it was hopeless. The gateway_change_conn_reset.sh script from that github page did it for me. Now i have a script that works perfectly across reboots and everything.

              Thanks.

              X 1 Reply Last reply Reply Quote 1
              • X
                Ximulate @venix91
                last edited by

                @venix91 Great to hear! I have basically the same failover set-up: Netgear with Ting. I haven't gone any further than the CRON job I posted above, so I'm glad to know the script will work when I'm ready to move on and glad to know this post help out others.

                1 Reply Last reply Reply Quote 0
                • X
                  Ximulate
                  last edited by Ximulate

                  Here's my latest script. It runs as a cron job every hour.
                  // Checks the WAN IP as reprted by an external service (opendns)
                  // Grabs IP of the WANs from the primary and backup gateways
                  // Compares reported IP to primary WAN IP, and if the same it kills the states on the backup ip

                  Code is executing, but need time to see if it actually behaves as expected (kills the backup wan states).

                  reported_ip="$(drill myip.opendns.com @resolver1.opendns.com | grep 'myip.opendns.com.')";
                  reported_ip="$(echo "$reported_ip" | grep -w -E -o "([0-9]{1,3}[.]){3}[0-9]{1,3}")";
                  primary_ip="$(ifconfig igb0 | grep -w -E -o "inet ([0-9]{1,3}[.]){3}[0-9]{1,3}")";
                  primary_ip="$(echo "$primary_ip" | grep -w -E -o "([0-9]{1,3}[.]){3}[0-9]{1,3}")";
                  backup_ip="$(ifconfig igb2 | grep -w -E -o "inet ([0-9]{1,3}[.]){3}[0-9]{1,3}")";
                  backup_ip="$(echo "$backup_ip" | grep -w -E -o "([0-9]{1,3}[.]){3}[0-9]{1,3}";)";
                  if [ "$reported_ip" = "$primary_ip" ]; then
                  pfctl -k $backup_ip;
                  fi

                  Edit: replaced DIG command with Drill commands to correct issue that occurs when scheduled incrontab

                  X 1 Reply Last reply Reply Quote 0
                  • X
                    Ximulate @Ximulate
                    last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • X
                      Ximulate
                      last edited by

                      The problem with the scripts is that it will kill an active phone conversation. Not sure how to resolve that.

                      1 Reply Last reply Reply Quote 0
                      • X
                        Ximulate
                        last edited by

                        Before trying the scripts, you may want to check "firewall optimization" is normal or aggressive. The VoIP configuration docs suggest conservative, which could be aggravating this particular problem. I've bumped mine to aggressive, but have no idea if this will cause other issues.

                        https://docs.netgate.com/pfsense/en/latest/book/config/advanced-firewall-nat.html#config-advanced-firewall-optimization
                        https://docs.netgate.com/pfsense/en/latest/book/config/advanced-firewall-nat.html#state-timeouts

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.