Dual WAN with Failover Not Working
-
I not using 8.8.8.8 or 8.8.4.4 for my DNS (I've actually used Comcast's DNS 1 for WAN 75.75.75.75 and Comcast's DNS 2 for OPT WAN 75.75.76.76).
Should the monitor IP addresses for each WAN be blank then? Or should they be the respective default gateway IPs??
Thank you!!
-
Leave them blank.
-
That was a good idea. It didn't work though. By leaving the monitor IP blank, pfSense uses the default gateway as the monitor then and the default gateway is always ping-able even when the Internet is down.
For instance, our static IP is 173.xx.xx.xx3 and our default gateway is 173.xx.xx.xx4 (the .xx4 address "belongs" to the Comcast gateway). I can ping .xx4 and unplug the coax cable to the Comcast gateway and .xx4 STILL pings. That's why I was trying to use a monitor IP that was external to my network.
Now, the weird thing is that even monitoring 8.8.8.8, when I take WAN 1 down, the PING diag tool in pfSense will show 100% loss when pinging 8.8.8.8 (or any Internet IP for that matter); however, in STATUS>GATEWAYS it shows the WAN as still pinging/online?????????
And I did setup an explicit (STATIC ROUTE) for 8.8.8.8/32 thorugh the 192.168.5.254 WAN gateway.
???
-
That happens when both WANs have the same gateway address like if they're from the same ISP. Use 8.8.8.8 as monitor and DNS address for WAN1 and 8.8.4.4 for monitor and DNS address for WAN2. pfSense should automatically create the appropriate interface based static routes. You'll need to reboot to clear it up.
-
I have yet to figure out… Why won't pfsense let you configure a single monitor IP for multiple WANs as gateway monitor?
-
Ok, tried that too and it didn't work. It shouldn't be a DNS issue because we're trying to ping an IP address so there is no name for DNS to resolve.
Flaw in the software??
-
pfSense itself won't use the failover unless you've enabled the gateway switching checkbox.
-
No, mine works fine with multiple WANs with the same gateway. In my case the gateway doesn't respond to pings so I'm using 8.8.8.8 and 8.8.4.4. Settings them as the DNS servers for each WAN causes pfSense to create static routes forcing them through a particular logical interface.
-
Where is the gateway switching check box?
-
It's somewhere in the general settings. That checkbox is only for pfSense's traffic itself to failover. Conditional routing for LAN clients will still failover regardless. This is why you must specify a gateway for each DNS server. That way DNS forwarding works even if gateway switching is disabled.
-
Here is my routing table and gateway status.
Notice that in STATUS>GATEWAYS it is still showing that it's pinging on WANGW (WAN 1) even though Internet traffic is disabled for that gateway.
 -
Here is Firewall Rule for LAN, Gateway Groups, and Gateways.
-
Here is my General Setup…
Also, I cannot find the checkbox for gateway switching.
Hopefully these screenshots help; please let me know if another shot would help.
THANKS!
 -
Also, just for informational purposes… here is a Visio diagram of the setup I have for testing purposes of dual WAN with failover. I have to do this in a lab environment to prove the concept before I can do this for a client and have their site taken down.
On "Router 1" in the diagram, I can physically disconnect that ethernet cable to the pfSense WAN and the pfSense WILL failover to the OPT WAN (WAN2); however, as noted in the diagram, when I create a firewall rule on "Router 1" to block any/all Internet traffic the pfSense does not see this... it thinks it can still ping its monitor IP even though the client PC and the pfSense ping tool cannot ping the monitor IP. In essence, the pfSense is failing over for physical loss but NOT packet loss.
Hope this may add some clarity too.
 -
Anyone??
I'd like to get the pfSense working… just for proof of concept, I tried the exact same network schema setup with a Cisco RV042 Dual WAN router and it worked beautifully with about 10 min of setup.
Please help.
Thanks,
Steve
-
Here is my General Setup…
Also, I cannot find the checkbox for gateway switching.
Hopefully these screenshots help; please let me know if another shot would help.
THANKS!
That b'cos you're looking at the wrong menu. It's under System -> Advanced -> Misc " Allow default gateway switching"
Give this thread a read http://forum.pfsense.org/index.php/topic,64612.msg350227.html#msg350227
I've explained fail-over clearly in there. Good Luck! -
I found gateway switching but checking that box hasn't made this work either.
Also, srk3461, I think I've done what your other article says to do… What am I doing wrong? Do I need to have all 3 groups and LAN rules even if I'm NOT load balancing?
-
First make it work with a single pfSense box with two public IP WAN interfaces so you understand exactly how to configure pfSense. Then build your (unnecessarily) complex network around it.
-
Nothing works better for fail-over than two of the same ISP…
-