Multi-WAN works … How to test Multi-WAN remotely?



  • Hello Everyone,

    I followed the documents on this forum and in the wiki to configure multi-wan; I've created the routing group and also updated my firewall rules to use the new gateway group.

    Now how do I test multi-wan failover?

    If I disable an interface, it seems to invalidate the routing group and causes the multi-wan failover to fail.

    Is there a way to test multi-wan failover short of pulling the plug on my modems?

    I would prefer to be able to do it remotely to should I need to manually failover one connection to another without changing the routing group in the firewall rules.

    Thanks.



  • The best way to test failover is to create a failure.  Whats wrong with pulling the plug?

    If you just must, I suppose you could remotely log into the modems one at a time and reboot them.  It should give you several seconds to check it.

    <<<



  • @kejianshi:

    The best way to test failover is to create a failure.  Whats wrong with pulling the plug?

    If you just must, I suppose you could remotely log into the modems one at a time and reboot them.  It should give you several seconds to check it.

    My Thomson modem doesn't have a remote reboot function, and my Speedstream DSL modem is inaccessible due to the private IP (tried the suggested settings to access the internal pages).

    Another reason is to also manually enable/disable a connection for a reason, for example, if a connection is acting up (i.e. partial routing failure).

    So there is no way to manually failover without changing the firewall rules? No one click button to press? :)



  • Yeah - There is.  Manually click the enable/disable interface button in the pfsense interface assignment menu.
    "How can I break my internet most effectively, and remotely no less?" is not a common question.

    If you need any more help breaking your WAN, just ask.  I'm here for you man (;



  • It's a good question. I would also sometimes like to do this when testing stuff. Then I can test on a remote system that has a configuration I want to check. I would want to test without changing the config. Maybe there is a suitable FreeBSD command that will effectively disconnect a hook at layer 1/2 of a NIC, that will seem to all the layers above as if the cable fell out of the NIC?

    Obviously, only do such a thing remotely if you have multiple WANs working, believe that the failure test you are doing is going to work, and either don't care if the remote system goes offline for the night or have your bag packed ready to travel.



  • disabling the interface should work, or change the monitor IP to something that doesn't ping back for that gateway, that should work as well.



  • I was being serious whilst simultaneously joking.  I think taking the interface offline will probably do the trick.  Could also make a firewall block rule that blocks the monitor IP function for failover.  Point and click enable/disable on that rule to test.  Thats probably safer.

    Monitor IP works via ICMP?  So, if you temporarily block the protocol (A very specific block, not ALL ICMP) your pfsense should think your WAN is offline and fail over.

    I'm sure you are aware that any of this could, in theory, result in jet fuel costs…

    If none of this suits your needs, let me know...  I'll DDOS your WAN if need be.  I'm helpful like that.



  • @kejianshi:

    Yeah - There is.  Manually click the enable/disable interface button in the pfsense interface assignment menu.
    "How can I break my internet most effectively, and remotely no less?" is not a common question.

    I don't think this works when you do this it screws up the routing group and causes failover not to work. I get a bunch of errors in my logs and Internet doesn't switch over. Best I've been able to do is switch the gateway groups in my firewall ruled or switch the failover thresholds.



  • Maybe - Changing monitor IP to something that can't be pinged should surely work.


Log in to reply