Dual WAN Failover doesn't failover back to WAN 1 [Resolved]

Raffi_

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

It didn't switch after 10 mins

I guess I was wrong on the script. Sorry, looks like mine won't work either :/
You should see WAN2 taken down and then brought back up after 30 seconds if WAN1 is running again.
Maybe you will have to adjust those variables in that case. Let me know if you get it to work. I will have to adjust mine. At least you know how to work with scripts now. I'm sure you'll get it working.

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

So, i after pfsesne reboot I checked in Diagnostics-Edit File and my uploaded script there is gone and failover_script.log is empty

I was afraid that leaving the script in /tmp/ might lose it on reboot, but I wasn't sure.
What you can do to solve that is upload it again, and then after uploading go to Diagnostic > command prompt execute the command mv /tmp/failover_script.sh /root/
That will move the file from /tmp/ to /root/. Then you will have to modify your command in the cron job for that new location, /root/failover_script.sh.

pfrickroll

@Raffi_ In cron under command i have "/root/failover_script.sh. >> /tmp/failover_script.log"
But in under root its "failover_script.sh.txt " Should i change cron job command to "/root/failover_script.sh.txt >> /tmp/failover_script.log"
pfsense edit.PNG

Raffi_

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

@Raffi_ In cron under command i have "/root/failover_script.sh. >> /tmp/failover_script.log"
But in under root its "failover_script.sh.txt " Should i change cron job command to "/root/failover_script.sh.txt >> /tmp/failover_script.log"

No, the file must be a .sh file in order to run. A .txt file will not run. That might be why it didn't work the first time. You probably want to move the log file to /root/ as well.

pfrickroll

@Raffi_ I fixed everything but it doesn't work :(

Raffi_

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

@Raffi_ I fixed everything but it doesn't work :(

I can't really test it on my end so I can't really help much beyond that.

pfrickroll

@Raffi_ Oh well, i will keep digging. I got 36 pfsense boxes. I don't have time manually rebooting/killing states when stuff like this happens tp be honest. My Sonicwalls handle this pretty easily. I am not network vet, so I honestly can't grasp the concept fully why pfsense is like that.

Raffi_

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

@Raffi_ Oh well, i will keep digging. I got 36 pfsense boxes. I don't have time manually rebooting/killing states when stuff like this happens tp be honest. My Sonicwalls handle this pretty easily. I am not network vet, so I honestly can't grasp the concept fully why pfsense is like that.

I'm sure you'll get it working. I would also suggest taking a look at the other script that was linked on a different thread mentioned above. That one was defined very well with instructions. Maybe you'll find it easier to follow/modify that one. Now that you have some understanding of how to go about it you might find that a better solution.

pfrickroll

Thanks for your time and chewing everything out for me, I used cron for other things but didn't really pay attention to command option there. Now I do pretty well.

serbus

Hello!

You could try the gateway_plugin interface if you dont mind being a guinea pig...:)

Download https://github.com/jazzl0ver/pfSense-pkg-gatewayhook/releases/download/v0.1/pfSense-pkg-gatewayhook-0_1.txz

Use Diagnostics -> Command Prompt -> Upload File to save the pkg file to the /tmp folder on your device, then

pkg install /tmp/pfSense-pkg-gatewayhook-0_1.txz

The package code is close, but not quite.

Edit /usr/local/pkg/gatewayhook.inc

The main function is missing an assignment statement and is not calling the gateway script with any parameters. The fixed function should look like :

function gatewayhook_plugin_gateway($pluginparams) {
    $type = $pluginparams['type'];
    $name = $pluginparams['name'];
    $event = $pluginparams['event'];
    $interface = $pluginparams['interface'];
    $gatewayhooklock = lock("gatewayhook", LOCK_EX);
   syslog(LOG_NOTICE, "gatewayhook: " . GATEWAY_ALARM_CUSTOM_SCRIPT . " script started - $name $event $interface");
    mwexec(GATEWAY_ALARM_CUSTOM_SCRIPT . " $name $event $interface");
    unlock($gatewayhooklock);
    return 0;
}

Edit the gateway plugin script the package created - /usr/local/etc/rc.d/rc.gateway_alarm_custom

The plugin script could look something like this :

#!/bin/sh

# put what needs to be done before exit line

# arg 1 should be the gateaway name

gwname=${1:-gwname}

# arg 2 should be gateway.up or gateway.down

event=${2:-gateway.unknown}

# arg 3 should be the interface ... may not be present

interface=${3:-interface}

if [ $gwname == "WAN0" ] && [ $event == "gateway.up" ]
then
   # clear the states on this interface

   /sbin/pfctl -i igb0 -Fs
fi

exit 0

Basically, this is saying that when the plugin script is notified that WAN0 is UP, IGB0 should get all of its states cleared.

John

pfrickroll

@serbus said in Dual WAN Failover doesn't failover back to WAN 1:

pkg install /tmp/pfSense-pkg-gatewayhook-0_1.txz

Sure, few questions when I

pkg install /tmp/pfSense-pkg-gatewayhook-0_1.txz

Shell output

Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	pfSense-pkg-gatewayhook: 0_1 [unknown-repository]

Number of packages to be installed: 1

Proceed with this action? [y/N]:

How do i activate "yes"?

Another question in script below, do i change any values to reflect my interface? For example WAN0?

#!/bin/sh

# put what needs to be done before exit line

# arg 1 should be the gateaway name

gwname=${1:-gwname}

# arg 2 should be gateway.up or gateway.down

event=${2:-gateway.unknown}

# arg 3 should be the interface ... may not be present

interface=${3:-interface}

if [ $gwname == "WAN0" ] && [ $event == "gateway.up" ]
then
   # clear the states on this interface

   /sbin/pfctl -i igb0 -Fs
fi

exit 0

serbus

Hello!

You should just be able to hit "y" when it asks you to proceed.

If your failover gateway group looks like:

WAN_DHCP -> tier1 -> igb0
OPT1_DHCP -> tier2 -> igb2

and WAN_DHCP is coming back online after being down...
and you want any states on OPT1_DHCP to be cleared...
the script would look like...

if [ $gwname == "WAN_DHCP" ] && [ $event == "gateway.up" ]
then
   # clear the states on this interface

   /sbin/pfctl -i igb2 -Fs
fi

John

Raffi_

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

How do i activate "yes"?

To make your life easier with more complex tasks like this, I would suggest enabling SSH under System > Advanced

Then use an SSH client to connect to pfSense such as Putty. When you login use the same admin credentials as you would when logging into the GUI. From the SSH terminal, use option 8 to get a shell prompt, then it's easier to follow instructions like the one above and providing inputs to prompts like the one you got.

pfrickroll

@serbus
WAN_DHCP - igb0
OPT1_DHCP - igb1

So, here what i see in Shell output, I am kind of lost where do I type Y or press it because I can't interact with shell window but only the command line below it
pfSense test.PNG

pfrickroll

@Raffi_ Yes I was about to do that actually, makes sense

serbus

Hello!

The shell is the way to go.

You can also do a :

pkg install -y /tmp/pfSense-pkg-gatewayhook-0_1.txz

...from the gui. The "-y" will auto-yes the install...

John

serbus

And then...

if [ $gwname == "WAN_DHCP" ] && [ $event == "gateway.up" ]
then
   # clear the states on this interface

   /sbin/pfctl -i igb1 -Fs
fi

pfrickroll

@serbus Looks like it worked but i have to leave now. I have to do more testing tomorrow when I get time and test IP Phone along with it and will report then.

Raffi_

Great, I'm curious to know how your testing went as well. I'll give this a try when I have some time.

Raffi_

@serbus I have a couple of questions on this. Cron is not needed to run this script?
Would this be backed up as part of the standard xml backup file or would I have to back this up with the separate Backup package?

serbus

Hello!

The config is stored in config.xml

The plugin is event triggered. A schedule task is not needed.

The only place I have seen the plugin_gateway event generated is in the gateway group handling code. This event does not appear to be called when processing gateways that are not in a group.

John