4. Default Route issues with MultiWan (2.0-RC3 32bit)

Default Route issues with MultiWan (2.0-RC3 32bit)

  • J

    Hi all,

    Looking for some help with this issue I have run into.

    Current Setup is as follows +diagram

    MultiWan with Carp
    Core1 Net xx.xx.204.0/29 -> Carp Address xx.xx.204.4/29
    Core2 Net xx.xx.204.8/29 -> Carp Address xx.xx.204.12/29

    NAT Lan
    LAN Net 10.50.58.0/24 -> Carp Address 10.50.58.233/24
    Client in LAN with gateway set to Carp Address

    Routed Subnet DMZ
    DMZ Net xx.xx.204.128/26 -> Carp Address xx.xx.204.129/26
    Server in DMZ with gateway set to Carp Address

    The cloud is a multi router environment all talking OSPF to the Core Switches. The firewalls do not talk OSPF.

    Now the Details….
    Note: Changing the CARP master has no affect on the following.

    Condition, ALL OK

    NAT traffic works
    DMZ traffic both in and out works
    Pings to all the public firewall interfaces work from a router in the cloud.

    Fail condition one (Core Switch 2 FAILED)
    Note: static route xx.xx.204.129/26 -> xx.xx.204.12 on Core Switch 2 falls out of OSPF, cloud only sees route via Core Switch 1

    NAT traffic works
    DMZ traffic in and out works
    Pings to Carp Address xx.xx.204.4 work
    Pings to firewall interfaces in the Core2 Net xx.xx.204.8/29 fail (Because its down)

    Fail condition two (Core Switch 1 FAILED)
    Note: static route xx.xx.204.129/26 -> xx.xx.204.4 on Core Switch 1 falls out of OSPF, cloud only sees route via Core Switch 2

    NAT traffic works
    Pings to firewall interfaces in the Core1 Net xx.xx.204.0/29 fail (Because its down)
    DMZ traffic out works, traffic in from cloud fails.
    Pings to firewall interfaces in the Core2 Net xx.xx.204.8/29 fail (See just below)

    When in this fail condition, if I manually force the default route on the firewalls to the Core 2 network, DMZ traffic and pings start working. (on a side note, the system cant check for its own updates when in this state)

    How do I get the fail over system to modify the default route so that when Core Switch 1 goes down it sets the default route to the secondary Wan (Core2) connection. (and vice versa) ??? or am I missing something basic?

    Also settings screenshots attached, let me know if you need any others.

    Cheers
    Josh














    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy