Simple Multi WAN configuration failure to select Tier 2 Gateway

SergeCaron · Apr 18, 2019, 9:20 PM

EDIT: This is the result of a configuration error. See solution at end of history.

Running 2.4.4-RELEASE-p2 (amd64) with patch 67dd34a0996c14fdfeb1823e07fb3c82748d3794 (Bug #9404).

There are two WANs in a Gateway Group configured for failover (member down).: interface WAN is Tier 1 and interface WAN_Failover is Tier 2.

There is no Load Balancing or Traffic Shaping defined in this box.

For each of these WAN, I can ping 8.8.8.8 using the Diagnostics page, I can reach each ISP DNS servers, and the monitored IPs in the Gateway Group are always reachable.

If I maintain the physical connection to the WAN Default Gateway and if I force 100% packet loss on the WAN link by severing the connection to the ISP (which I can do since the DGW is a local device), the Status/Gateways page displays "Danger, Packetloss 100%" in the WANGW line but maintains this link as the default Gateway. The Tier 2 Gateway is shining as "Online".

If I reboot the box in these conditions, the Gateway Group still selects Tier 1 as the Default Gateway when obviously not a single packet can go through.

If I manually disable the WAN interface, then the Gateway Group selects Tier 2.

Restoring the WAN link to normal operating conditions and enabling the WAN interface will revert the Gateway Group to Tier 1.

In essence, failover never happens in this simple configuration.

Regards,

jaimelinharesjr · Apr 17, 2019, 6:56 PM

I have the same problem

SergeCaron · Apr 17, 2019, 7:25 PM

@jaimelinharesjr For your information:

I just configured a second pfSense box using the exact same software version and patch level (same hardware, BTW)

There are two WANs in a Gateway Group configured for failover (member down).: interface WAN is Tier 1 and interface WAN_Failover is Tier 2. WAN_Failover is exactly the same as in the first box. The WAN links are two distinct cable interfaces with static IP addresses.

Again, there is no Load Balancing or Traffic Shaping defined in this box.

The WAN Gateway in Box #2 is monitoring the WAN IP of BOX #1.

When the WAN link on box #1 is disabled, I get the following notification from Box #2:

Notifications in this message: 1

14:55:48 MONITOR: WANGW is down, omitting from routing group WANLoadBalancer BO.X#.1.IP|FA.IL.OV.ER|WANGW|23.374ms|7.168ms|25%|down

and the default route switches as expected, no fuss whatsoever.

When the WAN link on box #1 is enabled, I get the following notification from Box #2:

Notifications in this message: 1

14:58:23 34950MONITOR: WANGW is available now, adding to routing group WANLoadBalancer BO.X#.1.IP|FA.IL.OV.ER|WANGW|21.06ms|5.738ms|4%|none

and the default Gateway switches back to Tier 1, no fuss whatsoever.

So, I am scratching my head here: it works as expected in Box #2 and it works manually in Box #1. So, something is fishy here ;-).

Regards,

SergeCaron · Apr 18, 2019, 9:23 PM

@SergeCaron This is the result of a configuration error. Mine, of course!

The "Disable Gateway Monitoring Action" option was checked on the Tier 1 Gateway on Box #1.

Clearing this option, everything is working as expected on both boxes.

Regards,