2 links 1 ip address.



  • hello eveyone!!!! I have  a fiber connection.The isp has provided me with a static ip config.However he has provided me with two links. 1 fiber link and other a cat5e link for backup.He has told me that in casde of a fiber cut to use the backup link.Is there any way to configure it in such a way that if the fiber link fails pfsense will automatically handover the traffic to the backup link? He has provided me with a single ip configuration.



  • Hi mafioisa,

    Looks like you have a similar issue to mine - I opened a thread yesterday.

    If I get feedback or resolve my issue, I will update you here.

    What have you tried so far to get this working?

    Wouldn't it work for you if you simply
    1. create gateway-groups for the two routers on the connections to the single IP,
    2. setup the tier 1 and tier 2 for the gateways within the group and
    3. add firewall rules allowing that traffic, using the gateway-group as the gateway in the rule

    In my case, my primary connection goes via a router containing an IPSEC so I am not sure how to force the swap if the tunnel goes down and not the gateway ;-(

    Cheers,



  • Hi again mafiosa,

    See my thread for an update on my issue - seems it's not possible without some routing process in place (in my scenario…).

    In your case, if you have 2 gateways i.e. one for the fibre and one for the secondary line, the gateway-group setup provided by pfsense should work for you.

    Cheers,



  • @mannyjacobs73:

    Hi again mafiosa,

    See my thread for an update on my issue - seems it's not possible without some routing process in place (in my scenario…).

    In your case, if you have 2 gateways i.e. one for the fibre and one for the secondary line, the gateway-group setup provided by pfsense should work for you.

    Cheers,

    Interesting that pfSense doesn't account for a scenario like that.  It would seem like it would be quite easy to code something to perform this functionality.  A simple ping once a minute behind the scenes could solve this.  If pfSense pings the main line and the ping fails, it could be programed to route to the backup line.  Hell, I can write a powershell script to peform this scenario in under 5 minutes.

    In other words, I am surprised pfSense didn't program high availability and failover measures into their product.  Still great product tho.  Just saying. LOL


  • Netgate

    Seems like something at layer 2 such as RSTP might be more appropriate in that case. You are changing layer 1/2 - not 3.

    There are HA and failover capabilities included. That they do not fit your particular use case/ISP method is secondary.

    This thread is woefully short on details from the ISP regarding what is really going on.