Dual WAN Failover doesn't failover back to WAN 1 [Resolved]



  • Thanks for your time and chewing everything out for me, I used cron for other things but didn't really pay attention to command option there. Now I do pretty well.



  • Hello!

    You could try the gateway_plugin interface if you dont mind being a guinea pig...:)

    Download https://github.com/jazzl0ver/pfSense-pkg-gatewayhook/releases/download/v0.1/pfSense-pkg-gatewayhook-0_1.txz

    Use Diagnostics -> Command Prompt -> Upload File to save the pkg file to the /tmp folder on your device, then

    pkg install /tmp/pfSense-pkg-gatewayhook-0_1.txz
    

    The package code is close, but not quite.

    Edit /usr/local/pkg/gatewayhook.inc

    The main function is missing an assignment statement and is not calling the gateway script with any parameters. The fixed function should look like :

    function gatewayhook_plugin_gateway($pluginparams) {
        $type = $pluginparams['type'];
        $name = $pluginparams['name'];
        $event = $pluginparams['event'];
        $interface = $pluginparams['interface'];
        $gatewayhooklock = lock("gatewayhook", LOCK_EX);
       syslog(LOG_NOTICE, "gatewayhook: " . GATEWAY_ALARM_CUSTOM_SCRIPT . " script started - $name $event $interface");
        mwexec(GATEWAY_ALARM_CUSTOM_SCRIPT . " $name $event $interface");
        unlock($gatewayhooklock);
        return 0;
    }
    

    Edit the gateway plugin script the package created - /usr/local/etc/rc.d/rc.gateway_alarm_custom

    The plugin script could look something like this :

    #!/bin/sh
    
    # put what needs to be done before exit line
    
    # arg 1 should be the gateaway name
    
    gwname=${1:-gwname}
    
    # arg 2 should be gateway.up or gateway.down
    
    event=${2:-gateway.unknown}
    
    # arg 3 should be the interface ... may not be present
    
    interface=${3:-interface}
    
    if [ $gwname == "WAN0" ] && [ $event == "gateway.up" ]
    then
       # clear the states on this interface
    
       /sbin/pfctl -i igb0 -Fs
    fi
    
    exit 0
    
    

    Basically, this is saying that when the plugin script is notified that WAN0 is UP, IGB0 should get all of its states cleared.

    John



  • @serbus said in Dual WAN Failover doesn't failover back to WAN 1:

    pkg install /tmp/pfSense-pkg-gatewayhook-0_1.txz

    Sure, few questions when I

    pkg install /tmp/pfSense-pkg-gatewayhook-0_1.txz
    

    Shell output

    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):
    
    New packages to be INSTALLED:
    	pfSense-pkg-gatewayhook: 0_1 [unknown-repository]
    
    Number of packages to be installed: 1
    
    Proceed with this action? [y/N]:
    

    How do i activate "yes"?

    Another question in script below, do i change any values to reflect my interface? For example WAN0?

    #!/bin/sh
    
    # put what needs to be done before exit line
    
    # arg 1 should be the gateaway name
    
    gwname=${1:-gwname}
    
    # arg 2 should be gateway.up or gateway.down
    
    event=${2:-gateway.unknown}
    
    # arg 3 should be the interface ... may not be present
    
    interface=${3:-interface}
    
    if [ $gwname == "WAN0" ] && [ $event == "gateway.up" ]
    then
       # clear the states on this interface
    
       /sbin/pfctl -i igb0 -Fs
    fi
    
    exit 0
    


  • Hello!

    You should just be able to hit "y" when it asks you to proceed.

    If your failover gateway group looks like:

    WAN_DHCP -> tier1 -> igb0
    OPT1_DHCP -> tier2 -> igb2

    and WAN_DHCP is coming back online after being down...
    and you want any states on OPT1_DHCP to be cleared...
    the script would look like...

    if [ $gwname == "WAN_DHCP" ] && [ $event == "gateway.up" ]
    then
       # clear the states on this interface
    
       /sbin/pfctl -i igb2 -Fs
    fi
    

    John



  • @pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

    How do i activate "yes"?

    To make your life easier with more complex tasks like this, I would suggest enabling SSH under System > Advanced
    432ed971-2cb9-4594-bef8-a5a2596c5262-image.png

    Then use an SSH client to connect to pfSense such as Putty. When you login use the same admin credentials as you would when logging into the GUI. From the SSH terminal, use option 8 to get a shell prompt, then it's easier to follow instructions like the one above and providing inputs to prompts like the one you got.



  • @serbus
    WAN_DHCP - igb0
    OPT1_DHCP - igb1

    So, here what i see in Shell output, I am kind of lost where do I type Y or press it because I can't interact with shell window but only the command line below it
    pfSense test.PNG



  • @Raffi_ Yes I was about to do that actually, makes sense



  • Hello!

    The shell is the way to go.

    You can also do a :

    pkg install -y /tmp/pfSense-pkg-gatewayhook-0_1.txz
    

    ...from the gui. The "-y" will auto-yes the install...

    John



  • And then...

    if [ $gwname == "WAN_DHCP" ] && [ $event == "gateway.up" ]
    then
       # clear the states on this interface
    
       /sbin/pfctl -i igb1 -Fs
    fi
    


  • @serbus Looks like it worked but i have to leave now. I have to do more testing tomorrow when I get time and test IP Phone along with it and will report then.



  • Great, I'm curious to know how your testing went as well. I'll give this a try when I have some time.



  • @serbus I have a couple of questions on this. Cron is not needed to run this script?
    Would this be backed up as part of the standard xml backup file or would I have to back this up with the separate Backup package?



  • Hello!

    The config is stored in config.xml

    The plugin is event triggered. A schedule task is not needed.

    The only place I have seen the plugin_gateway event generated is in the gateway group handling code. This event does not appear to be called when processing gateways that are not in a group.

    John



  • @serbus I did 4 tests and it doesn't switch back to main WAN. All states are still under OPT1

    By the way OPT1-igb2 actually but i fixed it in config as well.

    WAN states.PNG
    OPT1 states.PNG



  • Hello!

    To make sure the plugin was triggered, check the system.log :

    clog /var/log/system.log | grep gatewayhook
    

    and look for something like this :

    Sep 30 21:01:43 pfSenseapu4 php-fpm[404]: gatewayhook: /usr/local/etc/rc.d/rc.gateway_alarm_custom script started - WAN_DHCP gateway.down igb0
    Sep 30 21:01:55 pfSenseapu4 php-fpm[405]: gatewayhook: /usr/local/etc/rc.d/rc.gateway_alarm_custom script started - WAN_DHCP gateway.up igb0
    

    These log lines are the gatewayhook responding to a group member cable unplug/plug event.

    John



  • Hello!

    Also, this plugin script will not force your default gateway back to WAN_DHCP. You need to handle that with policy routing and setting the default gateway to the correct group.

    John



  • @serbus I have set up routing gateways with monitoring IPs and group for failover and made firewall rules in LAN. Is there something else I have to do?



  • @pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1:

    Is there something else I have to do?

    Hello!

    Use the FO gwgroup as the default gateway in System -> Routing.

    Make sure all pertinent firewall rules are using the FO gwgroup as the gateway.

    Verify in Diagnostics -> Routes that the tier1 gw is the default after it comes back up.

    Verify that the gatewayhook plugin is being called.

    Verify that the gatewayhook script is clearing all the states on the tier2 gw.

    John



  • @serbus I wiped everything on the box and started with default configurations without plugins and enabled DNS Resolver with all default configurations. It all works now but I have now new problem, IP Phones.



  • @pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1 [Resolved]:

    It all works now but I have now new problem, IP Phones.

    I would suggest you start a new thread on this one.


Log in to reply