Simple Multi WAN configuration failure to select Tier 2 Gateway
SergeCaron last edited by SergeCaron
EDIT: This is the result of a configuration error. See solution at end of history.
Running 2.4.4-RELEASE-p2 (amd64) with patch 67dd34a0996c14fdfeb1823e07fb3c82748d3794 (Bug #9404).
There are two WANs in a Gateway Group configured for failover (member down).: interface WAN is Tier 1 and interface WAN_Failover is Tier 2.
There is no Load Balancing or Traffic Shaping defined in this box.
For each of these WAN, I can ping 188.8.131.52 using the Diagnostics page, I can reach each ISP DNS servers, and the monitored IPs in the Gateway Group are always reachable.
If I maintain the physical connection to the WAN Default Gateway and if I force 100% packet loss on the WAN link by severing the connection to the ISP (which I can do since the DGW is a local device), the Status/Gateways page displays "Danger, Packetloss 100%" in the WANGW line but maintains this link as the default Gateway. The Tier 2 Gateway is shining as "Online".
If I reboot the box in these conditions, the Gateway Group still selects Tier 1 as the Default Gateway when obviously not a single packet can go through.
If I manually disable the WAN interface, then the Gateway Group selects Tier 2.
Restoring the WAN link to normal operating conditions and enabling the WAN interface will revert the Gateway Group to Tier 1.
In essence, failover never happens in this simple configuration.
jaimelinharesjr last edited by
I have the same problem
SergeCaron last edited by
@jaimelinharesjr For your information:
I just configured a second pfSense box using the exact same software version and patch level (same hardware, BTW)
There are two WANs in a Gateway Group configured for failover (member down).: interface WAN is Tier 1 and interface WAN_Failover is Tier 2. WAN_Failover is exactly the same as in the first box. The WAN links are two distinct cable interfaces with static IP addresses.
Again, there is no Load Balancing or Traffic Shaping defined in this box.
The WAN Gateway in Box #2 is monitoring the WAN IP of BOX #1.
When the WAN link on box #1 is disabled, I get the following notification from Box #2:
14:55:48 MONITOR: WANGW is down, omitting from routing group WANLoadBalancer BO.X#.1.IP|FA.IL.OV.ER|WANGW|23.374ms|7.168ms|25%|down
and the default route switches as expected, no fuss whatsoever.
When the WAN link on box #1 is enabled, I get the following notification from Box #2:
14:58:23 34950MONITOR: WANGW is available now, adding to routing group WANLoadBalancer BO.X#.1.IP|FA.IL.OV.ER|WANGW|21.06ms|5.738ms|4%|none
and the default Gateway switches back to Tier 1, no fuss whatsoever.
So, I am scratching my head here: it works as expected in Box #2 and it works manually in Box #1. So, something is fishy here ;-).
SergeCaron last edited by
@SergeCaron This is the result of a configuration error. Mine, of course!
The "Disable Gateway Monitoring Action" option was checked on the Tier 1 Gateway on Box #1.
Clearing this option, everything is working as expected on both boxes.