Failover Internet - Just for two clients on the network.
-
It WILL switch back automatically but it will not kill states that were established over the Tier 2 WAN so that traffic will continue to flow there.
New states will use the Tier 1 WAN.
-
Thanks for the clarification.
-
@Derelict said in Failover Internet - Just for two clients on the network.:
It WILL switch back automatically but it will not kill states that were established over the Tier 2 WAN so that traffic will continue to flow there.
Other than manually resetting states - how can one do so in a less intrusive way? Especially VoIP is bound to stay glued to the failover connection as the state should never expire? ;)
-
There are homebrew solutions floating around:
https://github.com/mk-fg/pfsense-scripts
No idea if they work, no idea if they will give you Space AIDS, YMMV.
-
I think it is fine to keep the open streams to continue to work over the failover gateway. It is my experience (based on this test) that everything will move back when the gateway comes back up on line. It is a very good approach.
-
I'm thinking more along the lines of an advanced setting like the State killing on GW switch toggle. As some use WAN Failover links that are metered, staying online on the backup too long will have unnecessary costs that could otherwise be avoided.
-
@JeGr said in Failover Internet - Just for two clients on the network.:
'm thinking more along the lines of an advanced setting like the State killing on GW switch toggle. As some use WAN Failover links that are metered, staying online on the backup too long will have unnecessary costs that could otherwise be avoided.
Good point! For my needs that does not apply, but I see where in the case of a metered connection, Yes, it would apply! However, I would be worries that it would kill the backup, and you'd have some unknown (at first) reprocution.
-
As I understand it there is no good way to say "Hey, pf, kill all of the states on this interface." And there is also no good way to match those outside states up with the corresponding inside states.
So you are left with killing all states.
The Reset All States setting in System > Advanced, Networking was intended to provide some relief here.
-
@Derelict I was afraid of that ;) But thanks!
-
As I understand it that used to be the case, no way to kill the states that selectively, and that's why it behaves as it does. However I believe current versions of pf can in fact do that so it may be possible to do exactly that now.
I have this issue myself. My backup WAN is data limited so I can't have connections using it continually after my main WAN glitches. Most traffic will fail back naturally as TCP connections close it's only really persistent UDP traffic that gets 'stuck', so VoIP and VPNs. My own WAN is good enough that I just don't failover that traffic but I understand that for many those are the most important connections.
That said if it did just kill everything on the backup WAN when the main WAN comes bacl up it would needlessly interrupt that traffic. A cron-job that kills traffic on the backup WAN that runs at some off-peak time might be better.Steve