Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fail over only

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gufyx
      last edited by

      Hello,
      I've go two connections and all i want is a failover setup (no load balancing). The multiwan docs are not clear for simple failover.

      LAN : 192.168.168.254
      WAN : 196.192.xx.xx / Gateway 196.192.yy.yy
      OPT1 : 10.10.0.1 (plugged to a router) / Gateway 10.10.0.254
      pfSense version : 1.2.2

      I created only one pool, is it right to do so?

      Pool configuration :
      The monitored IPs are DNS servers

      Status :

      Routing Table :

      Firewall Rules :
      I allow everything to go through as it's a test setup.

      For now it's working, ping to random webservers give positive results.

      I unplug the WAN in order to test the failover.
      It's not working anymore, ping to random webservers give negative results.
      Routing tables remain the same.

      Status when WAN is unplugged:

      I also tried with two pools configured, but i have the same problem
      I can't find where i made a mistake or i am missing something big…

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        You need to change the gateway on your lan rule to the pool. http://pfsense.site88.net/multiwan.html

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • G
          gufyx
          last edited by

          I did that too, but still the failover is not working.

          When WAN1 fails, the default route should change, right?

          1 Reply Last reply Reply Quote 0
          • K
            ktims
            last edited by

            @gufyx:

            I did that too, but still the failover is not working.

            When WAN1 fails, the default route should change, right?

            No, and the pfSense box itself won't use policy routing, so it'll still be trying to route out the WAN interface. Clients behind it should be able to route though. The load balancer doesn't change the system routing table, it adjusts the policy routing rules instead, which don't apply to traffic originating at the pfSense box.

            One important side-effect of this is that if you're using the DNS forwarder, you need to make sure one DNS server has a static route to ISP 1 and the other DNS server has a static route to ISP 2. The easiest way to accomplish this is two use one of the name servers from each ISP as the default nameservers in pfSense and then use these as the load balancer monitor IPs. I've found this to be the most reliable setup (though I usually use OpenDNS relays as the monitors & DNS).

            1 Reply Last reply Reply Quote 0
            • G
              gufyx
              last edited by

              @ktims:

              No, and the pfSense box itself won't use policy routing, so it'll still be trying to route out the WAN interface. Clients behind it should be able to route though. The load balancer doesn't change the system routing table, it adjusts the policy routing rules instead, which don't apply to traffic originating at the pfSense box.

              This was my big mistake…i did the testing on the pfSense box itself...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.