Wireguard doesn't fail back to main tier 1 Link
-
I currently have a gateway group with my main connection as tier 1 and a 4G link as tier 2. I then use that gateway group for my outbound wireguard connection that is set as the default route in the firewall rules. When the primary WAN goes down the wireguard connection failsover to the 4G link. However, when the main link comes back up the wireguard continues to operate on the 4G link.
Is there a way to 'failback' to the primary link?
-
From what I recall reading around this is a common problem. States are not killed when tier 1 gateway comes back up and so WG just keeps using the active state via the tier 2.
Did you find a solution by chance?
Also curious, I actually cannot get my WG to fail over to even get in this situation. Did you just use a policy based floating firewall rule targeting outbound connections on WAN to the servers IP or port and setting the gateway to the gateway group and that worked for getting WG to fail over to tier2?
-
@jstride Here is some info on a failback script someone made. I have not tried.
https://www.reddit.com/r/PFSENSE/comments/st19c4/wireguard_and_failover_with_dsl_and_lte/ -
Thanks for that link @Jim-Coogan I've just tried it, and it doesn't seem to work at present but will follow up with the person who created it.
I use a firewall rule to send my traffic over the wire guard group:
-
@jstride Is this Gateway group "WAN_VPN_GATEWAY" in your firewall rule the one from from your failover group you created in System/Routing/Gateway Groups? It should be. It looks like your failover group name is "WAN" from your first post.
