Failover doesn't work
-
G'evening :-[
-WAN1: VDSL
-WAN2: Cable, default gateway (GW).
-OpenVPN-client: runs on WAN2.One gateway group: WAN2 Tier1, WAN1 Tier2. Of course firewall rule to send traffic out on this GW-group.
Disconnect WAN2 modem cable: no failover to WAN1; LAN can not go out to the internets.
[url=https://lists.pfsense.org/pipermail/list/2013-August/004478.html]https://lists.pfsense.org/pipermail/list/2013-August/004478.html
I believe that the page http://doc.pfsense.org/index.php/Multi-WAN_2.0 requires to be edited to reflect the fact that for *Allow default gateway switching * must be enabled for it Multi-WANs failover to work. Also, the details on System -> Advanced -> Miscellaneous -> Load Balancing should also be modified to read FailOver & Load Balancing - I think.
However, the description in the advanced settings says:
If the default gateway goes down, switch the default gateway to another available one. This is not enabled by default, as it's unnecessary in most all scenarios, which instead use gateway groups.
Well, I use a GW-group, but it still didn't work without enabling that setting…
Further more, and this is very important too:
NOW the OpenVPN client, configured to go out on WAN2 (which was down), suddenly is bound to WAN1 and so is up and is happily accepting traffic from LAN out to the internets…(!)
This especially should not happen, as WAN1 is backup only, and if WAN2 goes down OpenVPN client traffic should stop too.
Is this a bug or a feature? And if it is a feature, how can I undo this feature? If I bind VPN client to WAN2, pfsense shouldn't decide by itself to send the VPN client to WAN1 if WAN2 is down.
Thank you.
pfsense 2.2.1, as in my sig.
EDIT: forgot, this worked for 1 year, so must have been something after upgrading to 2.2.1.
-
Did you change the gateway to failover on default allow to any rule on LAN?
-
Did you change the gateway to failover on default allow to any rule on LAN?
Yes, I did, thank you for your reply (pics) ;D
-
One gateway group: WAN2 Tier1, WAN1 Tier2. Of course firewall rule to send traffic out on this GW-group.
Umm your screenshot and above quoted really helped my dyslexic brain to stop functioning ; )
Okay, let's do the obvious things, have you tried resetting the states?
-
One gateway group: WAN2 Tier1, WAN1 Tier2. Of course firewall rule to send traffic out on this GW-group.
Umm your screenshot and above quoted really helped my dyslexic brain to stop functioning ; )
Okay, let's do the obvious things, have you tried resetting the states?;D ;D ;D ;D ;D
(I admit it is a stupid naming convention: it is only because VDSL was first, so WAN1, and after that came cable hence WAN2, much faster so the new default, hence Tier1. It also helps to confuse the IRS, and even hackers, I think ;D ).
Yes, I did the obvious. Even beyond that: I rebooted the box, as I since 2.0 know an undocumented feature is that some things don't work until after a reboot.
-
You've also posted in a few other threads, showing that you have pretty badly configured pfSense (possibly even broken install) which leads me to believe that your pfSense box is really not functional.
-
How is the gateway monitoring set up?
