2.0 Multiwan failover behaviour
-
I'm curious in regards to the multiwan failover behavior in pfsense 2.0 - I have setup the necessary gateway groups and have failover for my LAN -> Internet traffic working successfully. My primary connection is an ADSL link, the backup is a 3G modem. However, it seems that the way I have it set up leaves me with 2 problems:
DNS queries from the DNS forwarder:
I configured some additional DNS servers and set the gateway to my backup 3G connection. Now that these are specified, it seems the DNS forwarder is arbitrarily making queries to the nameservers via my primary connection but also via the backup connection - ideally I'd like to have all queries going via the primary connection unless it has failed.Traffic originating from the pfsense machine itself:
Setting up a firewall rule and routing my LAN traffic to the gateway group works well for traffic on the LAN, but when the main link fails and the default gateway disappears, traffic from the pfsense machine itself fails to go anywhere as there's no route.Is there a way to set this up to avoid these pitfalls? ???
-
For the first one presently there is no solution.
This is related to the assumption being made that every link is up always.
In 2.1 this will be improved.For the second i have to add an option under system advanced to enable a feature that allows that to work during switching.
The code was disabled because it created issues for some other people.EDIT: I added the code to enable this feature when needed. Its under System->Advanced->Miscellaneous
-
@ermal:
For the first one presently there is no solution.
This is related to the assumption being made that every link is up always.
In 2.1 this will be improved.No problems - looking forward to future releases :)
@ermal:
For the second i have to add an option under system advanced to enable a feature that allows that to work during switching.
The code was disabled because it created issues for some other people.EDIT: I added the code to enable this feature when needed. Its under System->Advanced->Miscellaneous
Wow - thanks for that! Did you enable the option in the June 1 build?
-
Just tested the most recent build and can see the option is there. Looks like there's a bug in the HTML though, with both 'sticky connections' and 'gateway switch' having the same checkbox element name - enabling 'gateway switch' and submitting the form actually turns on sticky connections.
... -
Fixed thanks for finding out.
Problem of copy paste :) -
Great work on this ermal - this has actually solved both my problems! ;D
Since the default gateway is now updated when a link fails, I don't need a firewall rule to push my LAN traffic to the gateway group - I just let it go to the default gateway. I also no longer specify a gateway with my DNS servers - the result being that DNS queries go via the default gateway rather than scattered over both my links.
-
Yes you can play it that way as well.
-
Ok i must be being stupid here
I have the multiwan setup for clients
Ie pinging an external ip fails over very nicely from WAN101 - WAN102 and backBut DNS still only appears to work when WAN101 is connected
am having issues here
any ideas?
Thanks
-
Have you updated to the latest snapshot? I got around the problem you're describing by updating to the latest snapshot, enabling gateway switching under system -> misc, and routing my traffic to the default gateway rather than to the gateway group in the LAN firewall rules. You'll also need to manually specify your DNS servers (without gateways specified), and switch off 'allow override by PPP/DHCP connections'.