2 links 1 ip address.
-
hello eveyone!!!! I have a fiber connection.The isp has provided me with a static ip config.However he has provided me with two links. 1 fiber link and other a cat5e link for backup.He has told me that in casde of a fiber cut to use the backup link.Is there any way to configure it in such a way that if the fiber link fails pfsense will automatically handover the traffic to the backup link? He has provided me with a single ip configuration.
-
Hi mafioisa,
Looks like you have a similar issue to mine - I opened a thread yesterday.
If I get feedback or resolve my issue, I will update you here.
What have you tried so far to get this working?
Wouldn't it work for you if you simply
1. create gateway-groups for the two routers on the connections to the single IP,
2. setup the tier 1 and tier 2 for the gateways within the group and
3. add firewall rules allowing that traffic, using the gateway-group as the gateway in the ruleIn my case, my primary connection goes via a router containing an IPSEC so I am not sure how to force the swap if the tunnel goes down and not the gateway ;-(
Cheers,
-
Hi again mafiosa,
See my thread for an update on my issue - seems it's not possible without some routing process in place (in my scenario…).
In your case, if you have 2 gateways i.e. one for the fibre and one for the secondary line, the gateway-group setup provided by pfsense should work for you.
Cheers,
-
Hi again mafiosa,
See my thread for an update on my issue - seems it's not possible without some routing process in place (in my scenario…).
In your case, if you have 2 gateways i.e. one for the fibre and one for the secondary line, the gateway-group setup provided by pfsense should work for you.
Cheers,
Interesting that pfSense doesn't account for a scenario like that. It would seem like it would be quite easy to code something to perform this functionality. A simple ping once a minute behind the scenes could solve this. If pfSense pings the main line and the ping fails, it could be programed to route to the backup line. Hell, I can write a powershell script to peform this scenario in under 5 minutes.
In other words, I am surprised pfSense didn't program high availability and failover measures into their product. Still great product tho. Just saying. LOL
-
Seems like something at layer 2 such as RSTP might be more appropriate in that case. You are changing layer 1/2 - not 3.
There are HA and failover capabilities included. That they do not fit your particular use case/ISP method is secondary.
This thread is woefully short on details from the ISP regarding what is really going on.
