• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Failover Multiple WAN with Multiple LAN

Scheduled Pinned Locked Moved Routing and Multi WAN
3 Posts 2 Posters 253 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chpalmer
    last edited by Jun 12, 2024, 11:21 PM

    2.7.2

    I have been running multi LAN and several VPN's coming in for years.. Now that I am trying to add failover multi WAN to the mix I can no longer route between my LAN's and or VPN's..

    I assume that it is because I have added the "gateway group" to my primary LAN gateway..

    Is there a proper way to do multi WAN without losing my routing between my local networks?

    Triggering snowflakes one by one..
    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

    V 1 Reply Last reply Jun 13, 2024, 10:19 AM Reply Quote 0
    • V
      viragomann @chpalmer
      last edited by Jun 13, 2024, 10:19 AM

      @chpalmer
      I guess, you've changed your LAN rules into policy routing rules for whatever reason.
      Basically this is not necessary for routing to a failover group. You can state it in System > Routing > Gateways > Default Gateway instead.

      If you do policy routing to a WAN gateway or failover group, however, you have to care that the rule is only applied to traffic destined to IPs outside of your network.

      Best practice to achieve this is to create an alias for all private network ranges:
      acae3596-54e9-4309-84c8-722cec19fe75-grafik.png
      I called it RFC1918.

      Then use this alias in your policy routing rules as destination in conjunction with "invert match". Then the rule condition matches only to traffic destined to non-private IPs, i.e. to internet traffic.

      Remember that you have to add an additional rule below of this then to allow access to local / private IPs.

      C 1 Reply Last reply Jun 13, 2024, 10:59 PM Reply Quote 1
      • C
        chpalmer @viragomann
        last edited by Jun 13, 2024, 10:59 PM

        @viragomann Thanks!

        I did it the way someone said to on yootoob and we all know how anyone making videos there is always correct.. 🤣

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received