Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failover from cable to cell modem with failback - example

    Routing and Multi WAN
    2
    5
    503
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      piperspace
      last edited by piperspace

      I have been suffering 2-3 service outages daily from my cable ISP. Outages typically persist for 5-20 minutes when packet loss is > 25% and/or delay exceeds 2000ms. Then it recovers. During the outage our phones, security system, Zoom sessions and etc.. are disrupted.

      To cope with this I bought a Netgear 2120 modem and subscribed to a At&T data plan which is capped at 3Gigabytes monthly. After some pain I got this working. During WAN outages my router switches new sessions to the Cell. After the outage ends a script is necessary to break connections on Cell and force traffic back onto the WAN. Otherwise, traffic flows onto the cell indefinitely exceeding the data cap.

      Pfsense multi-WAN documentation mentions that its possible to configure simple failover (with no load balancing) but gives no example and is otherwise incoherent. I did find this rather old user discussion which was helpful.
      https://forum.netgate.com/topic/84269/multi-wan-gateway-failover-not-switching-back-to-tier-1-gw-after-back-online

      Below are screen shots of my working config as an example. Hopefully it will benefit others.

      bd1a2fba-8d44-4221-a2da-2cd130470005-image.png

      41f1fae5-84fa-431a-b91f-90d88d57562b-image.png
      5585302b-8341-41d0-9de5-ff94d6506884-image.png

      b9e34051-0a5c-42d7-b7c0-b807fc01d828-image.png

      b9e39c68-ea95-4d5c-94dd-ca12d4c4997f-image.png

      a73026fc-5145-47f0-b1d8-59e4b784b35c-image.png

      5dea76bf-3d3f-4320-97ea-fad3bca5896b-image.png

      #!/bin/sh

      *** kills firewall states on failover CELL when WAN is up ***

      WAN_NAME=WAN_DHCP
      CELL_IF=igb2
      CELL_DNS_IP=1.0.0.1:53

      CURRENT_TIME="$(date +"%c")"
      WAN_STATUS=/usr/local/sbin/pfSsh.php playback gatewaystatus brief | grep "$WAN_NAME" | awk '{print $2}'

      if [ "$WAN_STATUS" = "none" ]; then
      # the following line may need to be tweaked depending on your needs
      CELL_NSTATES=pfctl -s state | grep "$CELL_IF" | grep -v " -> $CELL_DNS_IP" | wc -l
      if [ "$CELL_NSTATES" -gt 0 ]; then
      echo "$CURRENT_TIME: WAN is online, but connections remain on $CELL_IF. Killing states."
      pfctl -F state
      fi
      else
      echo "$CURRENT_TIME: WAN is down"
      fi
      #Reply

      P 1 Reply Last reply Reply Quote 1
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Check out https://www.netgate.com/resources/videos/multi-wan-on-pfsense-23.html

        -Rico

        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

        P 2 Replies Last reply Reply Quote 0
        • P
          piperspace @Rico
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • P
            piperspace @piperspace
            last edited by

            Bug Fix.

            CELL Gateway must be unmonitored. Otherwise an ICMP connection may be present leading to unwanted state resets.

            2205a8c5-773e-4a14-ae45-18cc83811029-image.png

            1 Reply Last reply Reply Quote 0
            • P
              piperspace @Rico
              last edited by

              @Rico - As far as I can see PFsense built in features as presented handle failover reasonably well. But failback on an expensive and data capped service like CELL is not well supported. The script I am using is a necessary hack because of this.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.