Reset States on Recovery of Tier 1 WAN in Gateway Group
-
You can use /tmp/xxx_defaultgw too and not use curl (but then check wangw, not wan ips). Anyway temp file needed to capture "changes in routing" for "state2" of script: states reset only if routing was changed
-
@Ximulate did you specify dns server for each of multiwan members? It is very important item for correct switching. https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html#dns-considerations
-
@Renat he haven't problem on pfsense itself, what dns in his case will potentially fix? Did you see somewhere issues with domain resolving?
P.s. your recommendation is wrong most logical cases: anybody can use any dns and no matter this system multiwan or not, main goal to use dns accessible for both WANs or specific for each one. Newer like use isp domain resolvers, they are mostly not so good as public one: 1.1.1.1 (cloudflare), opendns (cisco), quad9 etc. -
@dragoangel, I got it, thanks! Anyway, this worked for me and a number of pfsense users. And I didn't say about ISP dns. Public dns is good point.
-
This post is deleted! -
@dragoangel Your suggestions look good, thank you. I'm barely proficient at bash scripting, so I'll make small improvements as necessary or time permits.
-
@Renat Yes, I did. Thank you for the suggestion anyway.
-
@Ximulate the link you provided ( https://github.com/mk-fg/pfsense-scripts ) worked great for my needs. I have a Netgeate SG3100. I have a cable modem connection as my primary WAN, it's flaky in the evening so i got a Netgear LB1121 LTE modem and a Ting GSM Sim to use for failover. It works great except when the gateway group fails back over to the cable modem gateway many states are left alive on the metered LTE connection. I was able to bandaid this by manually killing the states however i wanted this to be automatic. I struggled to find a way to automatically kill the states on primary gateway fallback and until i came across your post i thought it was hopeless. The gateway_change_conn_reset.sh script from that github page did it for me. Now i have a script that works perfectly across reboots and everything.
Thanks.
-
@venix91 Great to hear! I have basically the same failover set-up: Netgear with Ting. I haven't gone any further than the CRON job I posted above, so I'm glad to know the script will work when I'm ready to move on and glad to know this post help out others.
-
Here's my latest script. It runs as a cron job every hour.
// Checks the WAN IP as reprted by an external service (opendns)
// Grabs IP of the WANs from the primary and backup gateways
// Compares reported IP to primary WAN IP, and if the same it kills the states on the backup ipCode is executing, but need time to see if it actually behaves as expected (kills the backup wan states).
reported_ip="$(drill myip.opendns.com @resolver1.opendns.com | grep 'myip.opendns.com.')";
reported_ip="$(echo "$reported_ip" | grep -w -E -o "([0-9]{1,3}[.]){3}[0-9]{1,3}")";
primary_ip="$(ifconfig igb0 | grep -w -E -o "inet ([0-9]{1,3}[.]){3}[0-9]{1,3}")";
primary_ip="$(echo "$primary_ip" | grep -w -E -o "([0-9]{1,3}[.]){3}[0-9]{1,3}")";
backup_ip="$(ifconfig igb2 | grep -w -E -o "inet ([0-9]{1,3}[.]){3}[0-9]{1,3}")";
backup_ip="$(echo "$backup_ip" | grep -w -E -o "([0-9]{1,3}[.]){3}[0-9]{1,3}";)";
if [ "$reported_ip" = "$primary_ip" ]; then
pfctl -k $backup_ip;
fiEdit: replaced DIG command with Drill commands to correct issue that occurs when scheduled incrontab
-
This post is deleted! -
The problem with the scripts is that it will kill an active phone conversation. Not sure how to resolve that.
-
Before trying the scripts, you may want to check "firewall optimization" is normal or aggressive. The VoIP configuration docs suggest conservative, which could be aggravating this particular problem. I've bumped mine to aggressive, but have no idea if this will cause other issues.
https://docs.netgate.com/pfsense/en/latest/book/config/advanced-firewall-nat.html#config-advanced-firewall-optimization
https://docs.netgate.com/pfsense/en/latest/book/config/advanced-firewall-nat.html#state-timeouts