Problems with Muliwan on pfsense
-
Hello,
I have switched my home lab from a Fritzbox to a pfsene.
Even with the “old” router, I used DSL as the main connection and a USB LTE stick in case of an outage. Now I use a Pfsense (23.09.1) with2 Wan - connections.- WAN = a VSDL, which I use as primary
- WAN2 = LTE usb as backup
In the configuration, I created a gateway group with both gateways and assigned WAN to Tier1 and WAN2 to Tier2. This all works properly, if WAN is down, WAN2 becomes the default gateway and turns OFF when WAN is back ON.
My problem is that the states remain on WAN2 for hours when WAN becomes active again and continue to use the backup. How can I get the PFSense to disconnect the states from WAN2 as soon as WAN is active again, because I have a volume limit on the USB LTE.
Thank you
-
There are a few settings here you can change depending on how you are using the failover group.
There's a setting for state killing in System > Adv > Misc:
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#state-killing-on-gateway-recoveryYou can also set the state killing behaviour for each gateway in the gateway settings.
-
@stephenw10
thank you, I have adjusted the settings and will check again tomorrow after the automatic disconnection of the DSL. -
@stephenw10 I'm thinking it would be a good idea, as a feature, to have the possibility to set a timer to delay the state killing. For two main reasons...
-
Since it's not uncommon in cases of NW trouble that it takes a while before things stabilize. If there's an outage on the main connection, the ISP may not completely solve it in one go, and it takes some time (minutes or longer) before a full resolution. Killing states may lead to unnecessary "flapping" back and forth resulting in a not so great experience.
-
In a scenario like @erfggi has, where the LTE may be a metered connection, of course you don't want to keep states for too long. But there may be ongoing Video Meetings or other sessions that would benefit from staying, for a while... Otherwise they will experience a break and have to reestablish on the primary WAN.
-
-
Almost all states will fail back without any killing required. What you are left with are some persistent states like VoIP that remain up indefinitely.
You could kill all states on the backup using a cronjob so they can never remain longer than 24hrs.
-
@stephenw10 I've had it for 2 days now and it works perfectly.
-
@erfggi would you mind stating the settings you’re using for state killing? I have a similar two-wan setup and have been wondering what settings to use (currently on default).
Thanks, -
@youngy
this are my setting at the moment.
The settings can be found here in the lower part of the page.
-
@erfggi
Thanks.
