Failover WAN - Cannot determine gateway status
-
Hi,
I have been trying to setup pfSense 2.0 (june 5th snapshot) with 2 WAN. For starters, I'm just using one WAN that I switch from one port to another to see if the failover works.
It doesn't. What I see in the system logs is "cannot determine gateway status, considering all gateway up/active". I am using latency/packet loss as the way to determine which WAN link to use. I even made sure to use a monitor IP for the "down" link that doesn't work for sure (10.10.10.10) from this network.
How does pfSense determine which gateway works? Does it use the gateway or the alternate monitor IP?
How do I start troubleshooting this? I'd be glad to just reach the point where the gateway status shows the correct one as being "active" and "inactive".
-
To answer my own call for help, it seems that taking an ISP link and switching it from one port to another isn't working, but if I do take two different links it works.
Probably due to some caching or other stuff, but it works fine when used in a normal setting, not so much in a made-up-for-tests one.
-
…and I`m back.
pfSense can successfully change from WAN1 to WAN2 when WAN1 is down (thumbs up), but when WAN1 comes back up everything still happens on WAN2.
Since WAN2 is a much more expensive/slower link, I'd like my traffic to use WAN1 if available, and WAN2 is not.
How do I get pfSense to (automagically) switch back to WAN1 when it`s back up?
I am using a gateway group when WAN1 is tier 1 and WAN2 tier 5. Both monitor IP are pingable from their respective links. And the fact that it falls back to WAN2 when needed tells me I'm close to the solution.
-
You can clear states after every filter reload. Disable Gateway Monitoring /system_advanced_misc.php and then tweak this shell script so it fits you need
http://forum.pfsense.org/index.php/topic,7808.msg46725.html#msg46725 -
Thanks. I hesitate to do this stuff because, if I understand correctly, it means I can't just cleanly upgrade when a new version comes along.
But thank you, I'll weight the pros and cons of doing this.
-
I have exactly the same problem.
I have two pfSense both with 2 WAN lines. In one pfSense those 2 lines are set as failover and in the other pfSense those two lines are set as individual lines.
I begin to notice this gateway problem recently. In RC1 I never seen this problem. Ever since this gateway issue I started to see routing and NAT problem. In my failover pfSense the failover isn't working anymore when the primary WAN is down and in the other pfsense port forwarding for the non-default gateway WAN line from Internet is now only work intermittently. I cannot determine the reason or any particular sequence/pattern for this problem.
Both pfSense have been used for more than six months now without any problem and their configuration have not been changed. Please help.
-
To Mike
Thanks. I hesitate to do this stuff because, if I understand correctly, it means I can't just cleanly upgrade when a new version comes along.
I place my script in /usr/local/pkg/ and a upgrade will have no impact on it (on nanobsd /cf/conf is the only directory that survive afaik an upgrade). As your problem isn't a fault there will be no fix for it.
To 292957
Start a new post (this one took another direction) with as much information as possible diagram,screenshots etc