Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.0 Multiwan failover behaviour

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    9
    2547
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bogaurd last edited by

      I'm curious in regards to the multiwan failover behavior in pfsense 2.0 - I have setup the necessary gateway groups and have failover for my LAN -> Internet traffic working successfully. My primary connection is an ADSL link, the backup is a 3G modem. However, it seems that the way I have it set up leaves me with 2 problems:

      DNS queries from the DNS forwarder:
      I configured some additional DNS servers and set the gateway to my backup 3G connection. Now that these are specified, it seems the DNS forwarder is arbitrarily making queries to the nameservers via my primary connection but also via the backup connection - ideally I'd like to have all queries going via the primary connection unless it has failed.

      Traffic originating from the pfsense machine itself:
      Setting up a firewall rule and routing my LAN traffic to the gateway group works well for traffic on the LAN, but when the main link fails and the default gateway disappears, traffic from the pfsense machine itself fails to go anywhere as there's no route.

      Is there a way to set this up to avoid these pitfalls?  ???

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        For the first one presently there is no solution.
        This is related to the assumption being made that every link is up always.
        In 2.1 this will be improved.

        For the second i have to add an option under system advanced to enable a feature that allows that to work during switching.
        The code was disabled because it created issues for some other people.

        EDIT: I added the code to enable this feature when needed. Its under System->Advanced->Miscellaneous

        1 Reply Last reply Reply Quote 0
        • B
          Bogaurd last edited by

          @ermal:

          For the first one presently there is no solution.
          This is related to the assumption being made that every link is up always.
          In 2.1 this will be improved.

          No problems - looking forward to future releases :)

          @ermal:

          For the second i have to add an option under system advanced to enable a feature that allows that to work during switching.
          The code was disabled because it created issues for some other people.

          EDIT: I added the code to enable this feature when needed. Its under System->Advanced->Miscellaneous

          Wow - thanks for that! Did you enable the option in the June 1 build?

          1 Reply Last reply Reply Quote 0
          • B
            Bogaurd last edited by

            Just tested the most recent build and can see the option is there. Looks like there's a bug in the HTML though, with both 'sticky connections' and 'gateway switch' having the same checkbox element name - enabling 'gateway switch' and submitting the form actually turns on sticky connections.

            
            ...
            
            
            1 Reply Last reply Reply Quote 0
            • E
              eri-- last edited by

              Fixed thanks for finding out.
              Problem of copy paste  :)

              1 Reply Last reply Reply Quote 0
              • B
                Bogaurd last edited by

                Great work on this ermal - this has actually solved both my problems!  ;D

                Since the default gateway is now updated when a link fails, I don't need a firewall rule to push my LAN traffic to the gateway group - I just let it go to the default gateway. I also no longer specify a gateway with my DNS servers - the result being that DNS queries go via the default gateway rather than scattered over both my links.

                1 Reply Last reply Reply Quote 0
                • E
                  eri-- last edited by

                  Yes you can play it that way as well.

                  1 Reply Last reply Reply Quote 0
                  • T
                    topcat last edited by

                    Ok i must be being stupid here

                    I have the multiwan setup for clients
                    Ie pinging an external ip fails over very nicely  from WAN101 - WAN102 and back

                    But DNS still only appears to work when WAN101 is connected

                    am having issues here

                    any ideas?

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • B
                      Bogaurd last edited by

                      Have you updated to the latest snapshot? I got around the problem you're describing by updating to the latest snapshot, enabling gateway switching under system -> misc, and routing my traffic to the default gateway rather than to the gateway group in the LAN firewall rules. You'll also need to manually specify your DNS servers (without gateways specified), and switch off 'allow override by PPP/DHCP connections'.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy