Multiwan and policy routing
-
@hyperman35 said in Multiwan and policy routing:
As I can see, default route is automatically changed in routing table when there is an issue with the primary wan.
My issue is that traffic coming from lan continue to go to the failed WAN.
I don't expect that newly initiated upstream traffic goes out to another than the default gateway.
However, this may concern already existing (long-term) connections though.As a workaround you can flush the states, when a gateway goes down by checking System > Advanced > Miscellaneous > State Killing on Gateway Failure.
-
Hello,
Thank you for answering.
I already activated this option, with no change.
Question : so my configuration, without changed on my policy should work ?
Thank you
-
Hello,
Is someone has some ideas for my issue?
Thank you !
-
Hello,
I made a test, by trying to configure the secondary WAN in a different network interface/network. It seem that in this case routing is working as expected.
In case of both nominal, and secondary WAN are in same interco network => only default route is considered (including a simple traceroute from pfsense itself), and monitors are not working... I think this is same issue when gateway failover occure => network traffic continue to follow the previous route (normal default route)...
Did someone encounter some kind of issue with multiple next hop routing issue when in same subnet/interface ?
Thank you.
-
Hello,
I made some tests today.
I modified my architecture : now both WAN gateways are on different VLAN. And all seem working as expected...
So I think there is a "bug" (exept if this is the expected beahviour, but I didn't see anything about it) with routing, when both WAN GW are reachable through same PFSENSE logical interface (same interco VLAN for both GW).
Does someone encounter same issue ?
Thank you.
-
@hyperman35 That is no bug but outbound NAT will not work automagically if I remember correct. If you can, separate the gateways to different interfaces.
-
@Bob-Dig thank you for your answer.
Of course, it what I explain on my previous message (sorry if it was not clear). Now both Internet access are availble through 2 differents interface, and all is working as expeded.
What I call a bug, is more, related to the routing issue (no NAT relation, as the issue is also visible for packet generated by the FW itself). What seem a bug is more related to routing issue , when using 2 routes, with 2 different next hop on same vlan/interface (issue also exist for simple static routing). This is quite simple to reproduce : try to add 2 static route for 2 specific hosts, with 2 differents nexthop. When using traceroute command, for each IP used for static route, routing is still going to the bad route for one of them...
-
@hyperman35 Maybe you have not setup your gateways right is what I guess.
Take a look here, all are on the same interface, works like a charm.
-
Ok so it was exactly what tried to do with no luck...
But ok let work with my new architecture, with 2 differents vlan => this is ok for me.
Thank you for your help !
-
@hyperman35 Now I do remember what you shouldn't do, maybe this helps. Don't put any upstream gateway on the interface tab, it has to be None there for multiple gateways.
