Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    87 Posts 5 Posters 11.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      preston @jimeez
      last edited by

      @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

      The only problem that remains for me is that now I have CGNAT on both of my connections. Used to be able to use the CenturyLink connection for Dynamic DNS ....which gave me a remote gateway into my network via WireGaurd. So this is now toast as well as some other port forwarding like XBOX open NAT and a handful of others.

      • I have had great success with Tailscale to access my network while away. Its free and gets around CGNAT.

      • Not sure what DYN DNS service you are using, but I noticed that there are Dynamic DNS settings in my CL modem interface.

      J 1 Reply Last reply Reply Quote 0
      • J
        jimeez @preston
        last edited by

        @preston said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

        I have had great success with Tailscale to access my network while away. Its free and gets around CGNAT.

        Are you running that on your pfSense device?

        P 1 Reply Last reply Reply Quote 0
        • P
          preston @jimeez
          last edited by

          @jimeez

          Yes, there is a Tailscale pfSense package. I am able to access the home (pfsense) network with my phone and laptop when I'm away.

          J 1 Reply Last reply Reply Quote 0
          • P preston referenced this topic on
          • J
            jimeez @preston
            last edited by jimeez

            @preston said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

            @jimeez

            Yes, there is a Tailscale pfSense package. I am able to access the home (pfsense) network with my phone and laptop when I'm away.

            Yep. Got that up and running no problem. I really like having it instralled on the pfSense device rather than a client machine like how I was using WireGuard (on an unRAID box). But I don't see how this is going to help get around the CGNAT specific to port forwarding for things like the XBOX and say a bittorrent client. I still cannot get an open NAT on the XBOX.

            But anyway, I'm (mostly) very satisfied with this current solution. It's got me back to a solid stable dual WAN failover setup and has helped me iron out a couple other kinks in my network as I started fresh from scratch on a new device. Can't thank @chpalmer enough for his suggestion.

            1 Reply Last reply Reply Quote 1
            • P
              preston @jimeez
              last edited by

              @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

              The only problem that remains for me is that now I have CGNAT on both of my connections. Used to be able to use the CenturyLink connection for Dynamic DNS ....which gave me a remote gateway into my network via WireGaurd. So this is now toast as well as some other port forwarding like XBOX open NAT and a handful of others.

              I was thinking more about this issue today. Is your CenturyLink really a CGNAT connection?

              Can you use a policy routing rule to send the device you want out through the CenturyLink WAN? For example, I set up a rule where my Synology NAS uses only the CenturyLink connection. I use Synology's DYNDNS service, opened a port on the CenturyLink WAN, and use that for an OpenVPN connection. Would something like that work for your setup?

              J 1 Reply Last reply Reply Quote 0
              • J
                jimeez @preston
                last edited by

                @preston said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:

                Is your CenturyLink really a CGNAT connection?

                You know, I'm not really sure anymore. I just spent some time reading up on it and running some tests. Apparently it's not. And it seams like the StarLink connection no longer is either.

                I'm pulling a 98.97.xx.x IP address for the SL connection and a 75.165.xx.xxx IP address for the CL connection. pfSense sees them as 100.64.x.x and 192.168.0.1 respectively, but when I check my IP address on "what'smyIP" that's what I get. The XBox now shows open NAT to boot. So I'm not quite what I did (if anything) to fix this. But it's working now. Maybe the TailScale settings I applied did something? I also enabled UPnP & NAT-PMP.

                Whatever happened, everything is back to normal. Better than normal actually.

                P 1 Reply Last reply Reply Quote 1
                • P
                  preston @jimeez
                  last edited by

                  @jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN:
                  I also enabled UPnP & NAT-PMP.

                  Whatever happened, everything is back to normal. Better than normal actually.

                  Good deal. Just a guess but I would think that UPnP and/or NAT-PMP would help.

                  Thanks to you and @chpalmer for solving this issue!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.