Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual Wan, failover, not working properly | Very slow throughput after switching to WAN2 and return of WAN1 link not resumed when back

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Elrick75
      last edited by

      Hi,

      I recently setup a new interface to use Dual Wan functionality.
      I configured the gateway group in failover as below.

      0069caa2-7e20-47b8-9a9d-eeb77416d843-image.png
      b062d965-4930-4af9-95d7-7466a50e8ece-image.png
      ab455efc-df79-4a1c-8037-12f6c7be9fc6-image.png

      When I disconnect my WAN1 (WAN DHCP) connection, I can see the second taking over (WAN DHCP SFR)

      1st problem: When I test the second connection (WAN SFR), it is extremely slow although it is a 4G connection on which I observe a speed between 4 and 20mbit.
      It takes few minutes to load a simple webpage when there is no traffic, I do not know why this problem of speed comes from but it is unusable in this context.

      2nd problem: When I reconnect the WAN1 connection (WAN DHCP), it is not resumed, it remains in Pending status indefinitely.
      When I view the connection status, I see that the WAN 1 connection has recovered an IP address in the pfsense dashboard.
      The only way to recover back WAN1 connexion is to reboot pfsense :(

      a09c2cf9-3e82-43ed-b9a4-dc24c69cdd7a-image.png

      Do you know how I can solve/troubleshoot these two problems please?

      Best Regards.

      1 Reply Last reply Reply Quote 0
      • luckman212L
        luckman212 LAYER 8
        last edited by

        @elrick75 said in Dual Wan, failover, not working properly | Very slow throughput after switching to WAN2 and return of WAN1 link not resumed when back:

        It takes few minutes to load a simple webpage when there is no traffic, I do not know why this problem of speed comes from but it is unusable in this context.

        What are you using for your DNS server(s) on the LAN devices? What about for pfSense itself? If you use 8.8.8.8 for example, you will have trouble unless you apply this patch...

        The only way to recover back WAN1 connexion is to reboot pfsense :(

        Have you tried simply restarting the dpinger service and seeing if the gateway comes back "online" ? That will help us debug this.

        E 1 Reply Last reply Reply Quote 0
        • E
          Elrick75 @luckman212
          last edited by

          @luckman212

          What i have on PC

          24e0a9bd-0d4e-42c1-a487-3de02ab52e50-image.png

          I have a static IP configuration on my PC.
          I put 8.8.8.8 as primary DNS because if I leave DNS IP of my ISP (WAN1) it will not be able to do the name resolution, unless I can neutralize this resolution problem at firewall level maybe?
          DNS Setup on client workstation with Dual Wan is not clear for me...

          DNS used by pfSense

          23bcc659-2487-43ac-b3bf-e5d52b56b630-image.png

          f52c4b20-3ca8-45ad-8dbf-02f6fef185c1-image.png

          What do you suggest? Does i need to apply the fix in my case?

          Je vais tester le redémarrage de dpinger en fin de journée, mais je suis preneur de votre avis pour la partie DNS.

          Merci pour votre aide

          luckman212L 1 Reply Last reply Reply Quote 0
          • luckman212L
            luckman212 LAYER 8 @Elrick75
            last edited by

            @elrick75 Personally I would try changing these settings:

            • Unless you are forced by the ISP to use 178.250.208.135/209.34, change to 8.8.8.8/8.8.4.4 or 208.67.222.222/208.67.220.220
            • Do not assign a Gateway to the DNS servers in System -> General (set to "none")
            • Uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN"
            • In your System -> Routing, choose an IP address that is NOT one of your DNS servers as the Monitor IP. If you are not sure what IP to use, run a traceroute and choose a nearby hop that responds to ping, or you can try my hopfinder script to auto-detect the best one to use.
            • Make sure the firewall rule on your LAN interfaces does not specify a specific gateway (under Advanced options) or if it does, make sure it is set to use a Gateway Group)

            Once you have done all of that, re-try your test...

            E 1 Reply Last reply Reply Quote 0
            • E
              Elrick75 @luckman212
              last edited by

              @luckman212 Many thanks for your answer.

              About hopfinder, how does it work exactly? i use cygwin under Windows but i dunno the network interface name to enter ;)

              You says "Make sure the firewall rule on your LAN interfaces does not specify a specific gateway (under Advanced options) or if it does, make sure it is set to use a Gateway Group)"
              You lost me a bit there, would you have an example of the location you indicate for me to check please? :)

              luckman212L 1 Reply Last reply Reply Quote 0
              • luckman212L
                luckman212 LAYER 8 @Elrick75
                last edited by luckman212

                @elrick75 You need to run hopfinder.sh on your pfSense directly. I suggest these steps, roughly

                • ssh into your router
                • use option 8 to get to a shell
                • type fetch https://gist.githubusercontent.com/luckman212/e5df683d8b11dd68aef3255efc22e611/raw/bc9d4e4d797b581c4b8450e1697653b2657c5c86/hopfinder.sh
                • type chmod +x hopfinder.sh
                • type ./hopfinder.sh to get a list of gateway interfaces.
                • Example, if one of your gateways is igb0 then...
                • run it again as ./hopfinder.sh igb0
                • wait a bit for it to finish
                • look at the output and choose the top line (the one with the most hits)
                • use this IP for your Monitor IP on that gateway in pfSense under System > Routing
                • repeat for your other WAN...

                As for your 2nd question, I am talking about the "allow all" rule on your LAN interface, it should be the last rule in your list... make sure it has just an asterisk * for Gateway, or edit the rule and click Advanced Options > Show Advanced > and look at Gateway, make sure it's set to either Default or to your failover gateway group...

                R 1 Reply Last reply Reply Quote 0
                • R
                  rcoleman-netgate Netgate @luckman212
                  last edited by

                  @luckman212 it should be made aware that any side-loaded scripts negates TAC support options.

                  With software you are undo these by reinstalling the software and restoring from a backup config (since the backup configs do not retain any information on side-loaded applications or scripts.

                  Ryan
                  Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                  Requesting firmware for your Netgate device? https://go.netgate.com
                  Switching: Mikrotik, Netgear, Extreme
                  Wireless: Aruba, Ubiquiti

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.