MultiWAN with buggy DHCP Server for one WAN…

  • Hi,

    I currently try to setup  a  three-wan failover solution. Since we get only very low bandwidth per one ADSL Line but a second ADSL Line isn't very pricy any more I try to do the following:

    WAN -> pppoe to adsl provider
    WAN2/OPT1 -> DHCP to local (internal) Network to a company which gracefully gives us a fragment of their T1 Line
    WAN3/OPT2 -> DHCP to local DSL Provider (local Network with a small 1-Port Router ( since pfsense in 1.2 stable doesn't support more that one pppoe uplink.

    If I setup all three wan interfaces into a  pool for load balancing, everything seems fine,  except one thing…

    despite I set up my own rules to use the now generated load-balancer gateway, every traffic  runs over the T1 Line.

    While applying the new rule, I also get this error, which at least explains why everything is routed via only one uplink:

    php: : There were error(s) loading the rules: /tmp/rules.debug:131: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [131]: pass in quick on $lan route-to { ( ng0 ) , ( dc0 ) } round-robin from to any keep state label "USER_RULE: Default LAN -> LoadBalanced LWL/DSL"

    …which is caused - I think - because of the uncommon way of giving TWO defalt gateways by a dhcp reqeuest for the T1…  Or isn't it?

    The even worse thing is, that my WAN connection, which is initiated by pppoe also gets the default gateway of my T1 shared Line...)

    So, my question… is it possible to workaround this problem or do I have to live with it and hope at least the failover switching will work without problems? 
    Since the fragmented T1 is virtually for free, I don't wanna miss it - its synchronous 2 MBit... nice to have, especially for anoter vpn uplink;-)

    Any help would be really appreciated!

    Thanks a lot!


  • Why not do the same for your current wan as you did for wan3, Make something else take care of the pppoe.

  • Because another piece of hardware which tends to fail in some time… Okay, I got tripled redundancy, but I have at least two extra pieces of hardware which 'filters' the errors...  Yes off course, that would be a workaround... but I rather like workarounds in soft-, not in hardware;-)

  • this might be related to this, which I haven't had a chance to look into yet.,33

  • Hi,

    maybe it would work if I fix this part of the dhclient script for my needs

    add_new_routes() {
            $LOGGER "Adding new routes"
            $ROUTE add $new_ip_address $LOCALHOST >/dev/null 2>&1
            # Only allow the default route to be overridden if it's on our own interface
    #       DEFAULTROUTE_IFACE=`route get default | grep interface | awk '{print $2};'`
            #if [ -z "${DEFAULTROUTE_IFACE}" -o "{$interface}" = "${DEFAULTROUTE_IFACE}" ]; then
                    #for router in $new_routers; do
                            #if [ "$new_ip_address" = "$router" ]; then
                                    #$ROUTE add default -iface $router
                                    #>/dev/null 2>&1
            #                       echo $ROUTE add default -iface $router | $LOGGER
                    #               echo $new_routers > /tmp/${interface}_router
                    #       else
                            #       $ROUTE add default $router
                            #       echo $ROUTE add default $router | $LOGGER
                            #       #>/dev/null 2>&1
                            #       echo $new_routers > /tmp/${interface}_router
                            # 2nd and subsequent default routers error out, so explicitly
                            # stop processing the list after the first one.

    But I am not so sure how I can recognise and separate the second default gatway… which is - as I was told today - isn't a second default gateway at all, it's
    a win2k proxy server whose pdc thinks its a failover dhcp server...

    I don't know why they don't do anything about it... buts it's absolutely worthless to get mad about it...