Failover on PFsense 2.6
-
Are you also using 8.8.8.8 for DNS? Is it on the same gateway? You might have a conflicting static route.
Do you see the state for the gateway pings on the correct interface?
Are your two WANs using different gateway IPs?Steve
-
@stephenw10 I'm not using 8.8.8.8 for DNS. I am actually using our local Active Directory DNS, two local DNS servers and a 3rd and 4th listed DNS on our two other gateways(U-Verse and DSL) I did notice however, that our two local DNS servers we had set did not have a gateway selected for them anymore, this used to be set before the upgrade I had thought. All WAN's are using different gateway IP's. We have Cable Internet(one having trouble), Fiber(main failover and what covers our VOIP) then U-Verse and DSL still hanging around(soon to be removed as we rarely use them).
-
@stephenw10 said in Failover on PFsense 2.6:
Do you see the state for the gateway pings on the correct interface?
The only way I can imagine it still showing as up would be if it's somehow sending the pings from the wrong WAN. As well as checking the state you can run a packet capture to be sure which NIC they are leaving from.
Steve
-
@stephenw10 I'm actually not seeing any pings in the state for that interface. I captured the packets on the interface found nothing to 8.8.8.8, i found one ping from the gateway to the interface IP but that was it. There were various other pings to it from outside, some from inside from my monitoring server but that was it.
-
@stephenw10 I am seeing under routes for that gateway to 8.8.8.8 > gatewayIP that the uses is not going up at all the Fiber interface on 8.8.4.4 is going up but the WAN2 sits on 1999303 and doesn't move.
-
I assume you are seeing a state for pings to 8.8.8.8 somewhere though?
Otherwise check the gateway logs for the dpinger entries on WAN. You should see the values it's being started with.
Steve
-
@stephenw10 nope nothing in the states for 8.8.8.8, just DNS queries for one of the devices that is manually set to that DNS using that interface. As for the gateway logs there are no dpinger entries past 3/7 which I believe is from before I upgraded PFSense.
-
@stephenw10 I'll try restarting dpinger, see if that does anything.
Restarted and got these for each interface:send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr
not sure if it fixed it or if that's just a normal thing when restarting, only time will tell really when it goes down next. I was wondering why when our internet went down for 45min over the previous weekend that it was completely down, turns out just never failed over to the other WAN.
-
That's normal except it should show the interface address for
bind_addr. Did you just omit that?Check the main system logs for that time, are there any errors shown that might indicate dpinger did not start?
-
@stephenw10 Oh yeah, I just omitted that portion of it. I'll look into if there are errors from that point about dpinger. After I restarted dpinger I am seeing that the route uses for the 8.8.8.8 to that Interface are going up when refreshing so that's a good sign at least. I did some digging in the logs, turns out I upgraded it earlier than I thought(Feb 21st) so dpinger was working for a while up until the 7th of March. So I'll just have to dig around in the logs to see if I can find any sort of reason why it would have stopped functioning despite it showing as up and running. This is definitely something that we can't have happening on a normal basis if it's a reoccurring issue as before 2.6 we ran without reboot for over a year with no issues, so I'm hoping I can find something in the logs that will help figure out why.
