Pfsense on WAN failure chooses LAN or LAN2 as default route instead of WAN2



  • The problem
    On WAN failure, DDNS never updates and the firewall can longer update the Dashboard page iand I have proven it chooses one of the LAN or LAN2 static route gateways as the new defaut route gateway for the internet.

    The environment
    LAN - interface under ">>Interfaces/LAN" is NOT configured with an IPv4 upstream gateway, but, under ">>System/Routing/Gateways" there is a LAN gateway and also under ">>System/Routing/Static Routes" several RFC1918 routes back to a layer 3 switch.

    LAN2 -  - interface under ">>Interfaces/LAN2" is NOT configured with an IPv4 upstream gateway, but, under ">>System/Routing/Gateways" there is a LAN2 gateway and also under ">>System/Routing/Static Routes" several RFC1918 routes back to another VPN gateway provided and managed by a third party.

    WAN - - interface under ">>Interfaces/WAN" is configured with an IPv4 upstream gateway

    WAN2 - - interface under ">>Interfaces/WAN2" is configured with an IPv4 upstream gateway

    WANgroup has WAN tier1 and WAN2

    DDNS is bound to WANgroup

    Extra notes
    On WAN failure, the firewall prior to 2.3.3_p1 would become very unresponsive. Now with the the work done in 2.3.3_p1, the firewall remains responsive.
    DNS is set correctly with difference DNS servers set on WAN and WAN2 and works correctly.
    ">>System/Advanced/Miscellaneous" Default gateway switching is NOT enabled.
    Dynamic DNS is bound to the WANgroup

    The answer / fix required
    Pfsense / FreeBSD should NEVER choose a gateway on an interface as it's default route unless that interface has the gateway set as the "upstream gateway" inside the interface settings (like a WAN interface should/does)

    and/or

    Allow us to set metrics on each gateway or order the gateways so we can set the order that pfsense will try and choose a default gateway for self internet access.