Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Default Route issues with MultiWan (2.0-RC3 32bit)

    Routing and Multi WAN
    1
    1
    2576
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jls last edited by

      Hi all,

      Looking for some help with this issue I have run into.

      Current Setup is as follows +diagram

      MultiWan with Carp
      Core1 Net xx.xx.204.0/29 -> Carp Address xx.xx.204.4/29
      Core2 Net xx.xx.204.8/29 -> Carp Address xx.xx.204.12/29

      NAT Lan
      LAN Net 10.50.58.0/24 -> Carp Address 10.50.58.233/24
      Client in LAN with gateway set to Carp Address

      Routed Subnet DMZ
      DMZ Net xx.xx.204.128/26 -> Carp Address xx.xx.204.129/26
      Server in DMZ with gateway set to Carp Address

      The cloud is a multi router environment all talking OSPF to the Core Switches. The firewalls do not talk OSPF.

      Now the Details….
      Note: Changing the CARP master has no affect on the following.

      Condition, ALL OK

      NAT traffic works
      DMZ traffic both in and out works
      Pings to all the public firewall interfaces work from a router in the cloud.

      Fail condition one (Core Switch 2 FAILED)
      Note: static route xx.xx.204.129/26 -> xx.xx.204.12 on Core Switch 2 falls out of OSPF, cloud only sees route via Core Switch 1

      NAT traffic works
      DMZ traffic in and out works
      Pings to Carp Address xx.xx.204.4 work
      Pings to firewall interfaces in the Core2 Net xx.xx.204.8/29 fail (Because its down)

      Fail condition two (Core Switch 1 FAILED)
      Note: static route xx.xx.204.129/26 -> xx.xx.204.4 on Core Switch 1 falls out of OSPF, cloud only sees route via Core Switch 2

      NAT traffic works
      Pings to firewall interfaces in the Core1 Net xx.xx.204.0/29 fail (Because its down)
      DMZ traffic out works, traffic in from cloud fails.
      Pings to firewall interfaces in the Core2 Net xx.xx.204.8/29 fail (See just below)

      When in this fail condition, if I manually force the default route on the firewalls to the Core 2 network, DMZ traffic and pings start working. (on a side note, the system cant check for its own updates when in this state)

      How do I get the fail over system to modify the default route so that when Core Switch 1 goes down it sets the default route to the secondary Wan (Core2) connection. (and vice versa) ??? or am I missing something basic?

      Also settings screenshots attached, let me know if you need any others.

      Cheers
      Josh














      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy