Multi WAN, unique public IP

spillek

Hi all, I have a pfsense with two WAN in failover configuration, the main one has static ip, the second dynamic ip: if the first is down, I go out on the second.
Is it possible to "go out" with a third public ip regardless of the used connection, so that it is always the same? (assuming you can buy static public IPs not from whoever gives you the connection)

Thanks in advance, best regards!

A Former User

@spillek said in Multi WAN, unique public IP:

Hi all, I have a pfsense with two WAN in failover configuration, the main one has static ip, the second dynamic ip: if the first is down, I go out on the second.
Is it possible to "go out" with a third public ip regardless of the used connection, so that it is always the same? (assuming you can buy static public IPs not from whoever gives you the connection)
Thanks in advance, best regards!

When it says to go out with a third public ip? you mean example sale of lan 1 via your failover and sale of lan 2 with the third fixed public IP?

spillek

@silence said in Multi WAN, unique public IP:

When it says to go out with a third public ip? you mean example sale of lan 1 via your failover and sale of lan 2 with the third fixed public IP?

my problem is that I have to show myself outside with a unique public IP regardless of the connection I am using (managed by the failvover)

viragomann

@spillek
That won't be possible just like that, even not if your lines are from different internet providers.
Consider that the IP must be routed to you. From the internet it is only routed to a specific ISP.

if the first is down, I go out on the second.
Is it possible to "go out" with a third public ip regardless of the used connection

You can get this by connecting to the vpn service provider in an easy way.
However, if you also need incoming connections, its a bit more complicated and will take more costs.

spillek

@viragomann
thanks fo suggestion;
my basic problem is that I have IP phones (yealink) that go out correctly based on failover to a remote PBX: if first WAN is down, the phones go out correctly by WAN 2 (ping ..) but continue to give the old IP to the PBX, probably stored in their cache.. so the PBX see down old IP, and consider offline the phone

chpalmer

@spillek

When you phone registers via SIP the PBX will remember that registration for the time period the phone tells it to. How long do you have the phones set to stay registered? Maybe set that to something much shorter??

If you somehow cause the phones to see a disconnect from their ethernet connection when a WAN changes then they should re-register with the PBX. Im not sure how you would do that though unless you have all your interfaces directly connected to your pfsense box..

I wonder if the SIProxd package would re-new registrations on the fly with a WAN change?? That may be something I can test..

viragomann

@chpalmer said in Multi WAN, unique public IP:

If you somehow cause the phones to see a disconnect from their ethernet connection when a WAN changes then they should re-register with the PBX.

This should be achieved by checking System > Advanced > Miscellaneous > State Killing on Gateway Failure in pfSense. So on failover it drops the connection and the phones need to reconnect again.
However, this will also drop a call, presumably.

chpalmer

@viragomann

That is just the state.. The interface light on the phone needs to go out.

viragomann

@chpalmer said in Multi WAN, unique public IP:

The interface light on the phone needs to go out.

I see. Didn't know that.
Reconnecting to the PBX is not sufficient for renewing their public IP?

chpalmer

@viragomann said in Multi WAN, unique public IP:

Reconnecting to the PBX is not sufficient for renewing their public IP?

There actually is not any continuous traffic to the SIP server.. Unless you are making and receiving phone calls (of which the RTP does not actually have to touch the same SIP server) the only time traffic goes back and forth is when the phone attempts to re-register. The SIP server may never know that your phone is offline until it stops getting reg data.

Look at the expiration data below.. Until that time comes the phone wont say a peep to the SIP server unless you are making a call.

viragomann

@chpalmer
So the pones also don't notice when your WAN connection goes down, I guess?
I'm not familiar with SIP.

chpalmer

@viragomann said in Multi WAN, unique public IP:

@chpalmer
So the pones also don't notice when your WAN connection goes down, I guess?
I'm not familiar with SIP.

Nope. Not until they try to make a call at least..

SIP was never originally designed for the type of use it sees today and has had allot of changes to allow things like the addition to work with NAT.. Vonage changed all that.

SteveITS

@spillek said in Multi WAN, unique public IP:

Is it possible to "go out" with a third public ip regardless of the used connection, so that it is always the same?

It sounds like you are looking for an SD-WAN service. Basically the IP is from them, and they adjust routing between/among ISPs. I looked into it briefly a while back. Not sure how it interacts with pfSense since they seem to provide a router, then the ISP routers connect to that. Perhaps one can bridge to pfSense.

spillek

I do not understand of voip and pbx, and I have not configured the phones, I only did some tests: the technician who installed it says that with other firewalls (watchguard) they have no problems with failover rule, .. I try to report your indications ...many thanks!

A Former User

This post is deleted!

spillek

@silence
domain? in pfsense ? I don't understand, can you explain me better?