1LAN/2WAN: Failover won't work if WAN is down, OPT1 is up
-
I have a very standard setup.
1 LAN 192.168.1.1
1 WAN Static IP DSL
1 OPT1 Static IP DSLI have 3 Pools.
Load Balancer OK
If OPT1 fails use WAN OK
If WAN fails use OPT1 NOT WORKINGWhen I boot pfsense without WAN, it uses OPT1 fine.
When I boot pfsense with WAN+OPT1 works fine.
When I unplug WAN, status message says "down" but wont use OPT1, unless I reboot pfsense
I think I have the pools setup ok and firewall rules setup ok. I followed all the instructions from pfsense website.
Help!
-
Try using google dns or opendns as your monitor ip and dns servers
-
Did you also make sure that you have a static route in place for at least one of your DNS servers pointing to the OPT gateway?
-
Did you also make sure that you have a static route in place for at least one of your DNS servers pointing to the OPT gateway?
ah, setting up a static route, that I have not done. how do i go about this one?
-
Try using google dns or opendns as your monitor ip and dns servers
i will try this. currently i have WAN Gateway and OPT1 Gateway as my monitor IP's.
-
You can add static routes under "advanced –> static routes"
However, if you use the DNS servers directly as monitor-IPs like perry suggested, you dont need that anymore because behind the scene automatically a static route is added for the monitor IPs.
-
Im going to try the setup again this afternoon.
So basically, i'll just change the monitor IP of WAN and OPT1 from their respective gateway IP's to Google DNS, which is 8.8.8.8
gonna post the results later. thanks for the help!
-
Hi,
I have the same issue as well and I tried to create static route and it does not work. The thing is that when both WAN are up, when I did a "ping" under Diagnostic>Ping I was able to ping the internet for both WAN (Wan1 and Wan2) but when I disconnect WAN1, it won't ping the internet even using Wan2 interface, which is kind of odd.
I hope stramato will resolve and post the solution here so other newbie like me will able to get it done.
-
Did you read the note on this page that the ping utility within the webinterface DOES NOT WORK WITH MULTIWAN?
You need to test from a client behind the pfSense since the pfSense itself cannot make use of the loadbalancer/failover.
-
Thank you GruensFroeschli, sorry I did not see the note. I actually get this in the pfsense log about static route "kernel: arpresolve: can't allocate route" follow with the "address is not on the local network". I am not sure if I am doing the right thing for static route.
-
still wont work :(
Load Balance OK
When OPT1 Fails OK
When WAN Fails NO INTERNETHere's my latest config:
-
In pic4 untick allow dns servers list…
in pic2 I would change the order of the monitor ip's (Servers/Gateways) as this
in pic1 to be sure, you do know that the only active rule is the opt1_failto_wan?
-
in pic1 to be sure, you do know that the only active rule is the opt1_failto_wan?
Hi Perry,
You mean that only Opt1_failto_Wan is the only rule being triggered by my current config?
Should I just delete the firewall rules?
-
You mean that only Opt1_failto_Wan is the only rule being triggered by my current config?
correct
Should I just delete the firewall rules?
That I can't say, it's your setup :)
-
You mean that only Opt1_failto_Wan is the only rule being triggered by my current config?
correct
Should I just delete the firewall rules?
That I can't say, it's your setup :)
Ok I figured my firewall rules are illogical. I deleted everything in LAN firewall except the one that uses the Load Balance as gateway.
Now it's working! (load balance and failover)
I can now proceed further.
One thing I noticed though, the Failover's reaction time is rather slow?
-
Thanks guys, it works for me as well although I did not setup load balance just failover, so I remove the load balance and retain the two failover setting. However I having problem when I use squid as transparent proxy once the WAN1 fails and the WAN2 take over it won't connect to any website although it connect when I remove the transparent proxy setting.
Is there any additional setup needed?
Thanks in advance.
-
I've read that Squid is not working in Mulit-WAN failover, is there other option?
-
new info about this problem? anybody could make work failover + squid?
thks -
new info about this problem? anybody could make work failover + squid?
thksI've decided to have 2 pfSense machines to simplify configuration:
1 pfSense machine to run Multi-WAN Load Balancer
1 pfsense machine to run Squid and Traffic Shaper
[LAN] –- [pfSense Squid+Traffic Shaper] –- [pfSense Load Balancer] === internet
This way, i'll only have 1 LAN 1 WAN for the squid/traffic shaper pfsense box, which simplifies the config.
-
If its any consolation, this will be unnecessary in 2.0, but for the time being your solution is valid.
