Multi WAN Monitoring routes not working / Failover not working 2.4.5-p1
-
Hello,
I setup two APU4 Boards with coreboot v4.12.0.3. On both devices I used one VLAN on igb0 for WAN. In the WAN Subnet is ...1 Failover IP, ...2 Firewall A, ...3 Firewall B, ...253 Router ISP B, ...254 Router ISP A.
I setup two Gateways for WAN 10.64.10.253 and 10.64.10.254. With different Monitoring IPs (1.1.1.1 for Router A and 8.8.8.8 for Router B). I also setup an Failover Group. All Traffic goes only through Router A. When Router A goes down Gateway Monitoring shows down for Router B too. Failover is not working and Monitoring doesn't route the Monitor IP correctly.
Config:
||
INTERFACE:
<wan>
<enable></enable>
<if>igb0.1064</if>
<descr><![CDATA[RouterNet]]></descr>
<spoofmac></spoofmac>
<ipaddr>10.64.10.2</ipaddr>
<subnet>24</subnet>
<gateway>A</gateway>
</wan>
GATEWAY:
<gateways>
<gateway_item>
<interface>wan</interface>
<gateway>10.64.10.254</gateway>
<name>A</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Gateway A]]></descr>
<monitor>1.1.1.1</monitor>
</gateway_item>
<gateway_item>
<interface>wan</interface>
<gateway>10.64.10.253</gateway>
<name>B</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Gateway B]]></descr>
<monitor>8.8.8.8</monitor>
</gateway_item>
<gateway_group>
<name>Failover</name>
<item>A|2|address</item>
<item>B|1|address</item>
<trigger>down</trigger>
<descr></descr>
</gateway_group>
<defaultgw4>Failover</defaultgw4>
<defaultgw6>-</defaultgw6>
</gateways>
VIRTUAL IP:
<vip>
<mode>carp</mode>
<interface>wan</interface>
<vhid>1</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>xxx</password>
<uniqid>xxx</uniqid>
<descr><![CDATA[RouterNET]]></descr>
<type>single</type>
<subnet_bits>32</subnet_bits>
<subnet>10.64.10.1</subnet>
</vip>
OUTBOUND NAT:
<rule>
<interface>wan</interface>
<source>
<network>127.0.0.0/8</network>
</source>
<dstport>500</dstport>
<target></target>
<destination>
<any></any>
</destination>
<staticnatport></staticnatport>
<descr><![CDATA[Auto created rule for ISAKMP - localhost to ROUTERNET]]></descr>
<created>
<time>1596797233</time>
<username><![CDATA[Manual Outbound NAT Switch]]></username>
</created>
</rule>
<rule>
<interface>wan</interface>
<source>
<network>127.0.0.0/8</network>
</source>
<sourceport></sourceport>
<target></target>
<destination>
<any></any>
</destination>
<natport></natport>
<descr><![CDATA[Auto created rule - localhost to ROUTERNET]]></descr>
<created>
<time>1596797233</time>
<username><![CDATA[Manual Outbound NAT Switch]]></username>
</created>
</rule>
<rule>
<interface>wan</interface>
<source>
<network>::1/128</network>
</source>
<dstport>500</dstport>
<target></target>
<destination>
<any></any>
</destination>
<staticnatport></staticnatport>
<descr><![CDATA[Auto created rule for ISAKMP - localhost to ROUTERNET]]></descr>
<created>
<time>1596797233</time>
<username><![CDATA[Manual Outbound NAT Switch]]></username>
</created>
</rule>
<rule>
<interface>wan</interface>
<source>
<network>::1/128</network>
</source>
<sourceport></sourceport>
<target></target>
<destination>
<any></any>
</destination>
<natport></natport>
<descr><![CDATA[Auto created rule - localhost to ROUTERNET]]></descr>
<created>
<time>1596797233</time>
<username><![CDATA[Manual Outbound NAT Switch]]></username>
</created>
</rule>
||Traceroute:
||
To 8.8.8.8
1 10.64.10.254 0.536 ms 0.280 ms 0.284 ms
2 x.85 10.347 ms 10.345 ms 9.889 ms
3 x.160 10.125 ms 9.488 ms 9.307 msTo 1.1.1.1
1 10.64.10.254 0.563 ms 0.320 ms 0.273 ms
2 x.85 10.298 ms 10.306 ms 10.278 ms
3 x.160 9.542 ms 9.493 ms 9.399 ms
||Routes:
||
default 10.64.10.253 UGS 6481285 1500 igb0.1064
1.1.1.1 10.64.10.254 UGHS 553829 1500 igb0.1064
8.8.8.8 10.64.10.253 UGHS 2098 1500 igb0.1064
||Perhaps somebody has an idea.
Thank you.