WAN failover….just a failure - pls help!

  • Hi guys. This is my first post here and as many other, I got here looking for help as I am almost close to give up on pfsense.

    I know it should be easy, but it's not.  :'(

    I have a fairly simple setup: two wans and one LAN. I've read and seen many "tutorials" to no results. I managed to make it work somehow using the following setup but once main in up it does not switch back to it:

    • WAN1(RDS): pppoe gigabit connection
    • WAN2 (UPC): docsis Cisco router 150Mbps, providing DHCP for internal network (
    • DNS servers: two servers for each GW, each pair for its ISP (see attachment)
    • three gateway groups: Load balancing (tier1 +tier 1 + high latency), WAN1(RDS) failover (packet loss), WAN2(UPC) failover (packet loss). A mention here: If I set the WAN1 Tier1 and WAN2 Tier 2 for WAN1failover (opposed from the screenshots) and by the book, failover its not working at all.
    • Three Firewall rules, one for each gateway group
    • Advanced settings, miscellaneous - Enable default gateway switching ON

    Frankly, dont really need load balancing, I only need failover for the main WAN (RDS, 1Gbps) but all the tutorials instructed to create three GW groups.

    Please see the attachments. Thanks.

    Gents, I am kindly asking you for an opinion on this. Help is highly appreciated.

    ![dns servers.PNG](/public/imported_attachments/1/dns servers.PNG)
    ![dns servers.PNG_thumb](/public/imported_attachments/1/dns servers.PNG_thumb)
    ![Firewall rules.PNG](/public/imported_attachments/1/Firewall rules.PNG)
    ![Firewall rules.PNG_thumb](/public/imported_attachments/1/Firewall rules.PNG_thumb)
    ![Gateway groups.PNG](/public/imported_attachments/1/Gateway groups.PNG)
    ![Gateway groups.PNG_thumb](/public/imported_attachments/1/Gateway groups.PNG_thumb)

  • @yanakis:

    Frankly, dont really need load balancing, I only need failover for the main WAN (RDS, 1Gbps) but all the tutorials instructed to create three GW groups.

    what tutorial instruct to create three GW groups? cuss honestly, that just plain bullshit.

    in your situation you only need 1 GW group, the one called "upcfailover" . That one will use the RDS gateway and switch over if it fails. (not sure about your naming skills)

    also: remove the second and third firewall rule on LAN (only anti-lock & upcfailover should remain)

    also: you can probably uncheck default gateway switching, because that would only be required for services running on pfsense itself (like squid)

  • Hi heper.

    I quickly found a couple:


    Initially, I tried exactly the way you said below but it did not worked so I had to dig deeper, read more…and things got even more complicated.

    Now, the "new" setup: one GW group, one FW rule, unchecked GW switching, reset states, reboot. Still not working.

    I tried to ping the dns servers assigned to failover GW (UPC) and they reply back.

    I got no other ideas.

    Edit: it seems it switched to failover (UPC) after 10 minutes and now is staying to it although I brought back main Wan (RDS)

    ![FW rule failover to UPC - GW detail.PNG_thumb](/public/imported_attachments/1/FW rule failover to UPC - GW detail.PNG_thumb)
    ![FW rule failover to UPC - GW detail.PNG](/public/imported_attachments/1/FW rule failover to UPC - GW detail.PNG)
    ![FW rule failover to UPC1.PNG](/public/imported_attachments/1/FW rule failover to UPC1.PNG)
    ![FW rule failover to UPC1.PNG_thumb](/public/imported_attachments/1/FW rule failover to UPC1.PNG_thumb)
    ![RDS down.PNG](/public/imported_attachments/1/RDS down.PNG)
    ![RDS down.PNG_thumb](/public/imported_attachments/1/RDS down.PNG_thumb)

Log in to reply