Question on WAN Failover
-
You can do whatever you want. Set your primary to Tier 1 and your secondary to tier 2 and you'll have failover.
-
Ok, thank you just wanted to make sure that would work.
I wasn't sure if the load balancing had to be part of it for the fail over to work. I didn't think it needed to be, but thought I would ask since every tutorial I have seen shows the loadbalacning part in with the failover part
-
And even without a failover event you are always free to policy route out the secondary link should you have the need. You can still set the destination on a route or rule to the gateway itself instead of the failover group. You can also set up a failover group with tier 1 and tier 2 reversed and policy route out that group too. You would then simultaneously have both circuits in use, with both failing over to the other if one goes down.
-
ahhh that is good to know. I thought about routing all the kids devices out the microwave connection.
so basically If I am understanding you correct, I could set up the Failover rule. But also set up all the kids devices to route out the slower connection.
Is it easier to set up a 2nd DHCP scope to accomplish this. I currently have DHCP static reservations on everything in the house
-
If you have one subnet/LAN then static reservations is the way to go. I'd pick a spot on a subnet boundary, say 192.168.1.192/26. Set your kids devices to DHCP assignments from 192.168.193 - .254
Then, on LAN, down at the bottom pass any any rule that policy routes to the gateway group, right above it place a rule that routes with a source of 192.168.1.192/26 dest any to the microwave gateway (or the gateway group with the microwave as tier 1).
If they're smart they can circumvent it with a static IP but…
-
How do I set which WAN I want to be the primary to start with and when the primary WAN comes back online how do I fail back over to the primary ?
-
In your gateway group Tier 1 is primary and Tier 2 is secondary. Fail back is automatic.
-
Yeah I have been trying to rack my head on how to read that. In my screen shot, did I make OPT1 (FTTC)primary ?
I want the OPT1 (FTTC) to be the primary WAN interface
-
Yeah I have been trying to rack my head on how to read that. In my screen shot, did I make OPT1 (FTTC)primary ?
I want the OPT1 (FTTC) to be the primary WAN interface
For that route to OPT1failoverWAN1
-
You Lost me there, Where do i do that at ?
This is what i have so far. At this point I want to make sure I am set up to Failover from OPT1 (FTTC) to WAN1.
And if I understand what you said earlier it should auto fail back
Attached is what I have done so far.
-
Right there in the firewall rules. Get rid of the second one. It will never be matched (it matches the same traffic as the rule above it so it will never be hit by matching traffic..)
-
get ride of the WAN > OPT1 Rule ?
-
Yes. it is unnecessary and will never match any traffic.
-
ninjaneer, This worked for you? I'm Kind of stuck here (trying to do my first failover on pfsense), so I am guiding myself with your post (I'm not so good with Firewall/NAT rules when it comes to forward traffic). Please, if something worked for you, let us know.
-
I'm not so good with Firewall/NAT rules when it comes to forward traffic
You should probably figure that out before tackling more advanced topics like multi-wan and the policy routing it entails.
-
Can you suggest me some topic(s)? I think I expressed myself in the wrong way, I meant, "I'm not so good with Firewall/NAT rules when it comes to forward traffic on pfSense, because I got lost very easily with the interface" (Too many options at once) I'm still searching on the forum and the documentation, but it gets confusing because, or only a few people are having the problems that I have, or maybe I'm looking on the wrong direction (I'm thinking this is the main reason…)
Thanks in advance!
-
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
ninjaneer, This worked for you? I'm Kind of stuck here (trying to do my first failover on pfsense), so I am guiding myself with your post (I'm not so good with Firewall/NAT rules when it comes to forward traffic). Please, if something worked for you, let us know.
I understand your frustration, having the links to the DOC's don't help everyone. I am a visual learner so the DOCs are nice if you want to understand a setting but doesn't help explain exactly what goes where.
I used this link (below) in the beginning, but I didn't care about the load balancing part. Then I start this post and derelict posted and helped me out. In the end it worked for me. If OPT1 fails, it switchs to my WAN port. Once it detects the my OPT1 is up again it auto switches back.
https://forum.pfsense.org/index.php?topic=28121.0
-
childgear, if this helps you here are screenshots of my final configuration. I think with the groups I only needed the OPT1failoverWAN1 group, I don't think i needed to have the one that starts with WAN. Its still there because I was following instructions from another post and I believe its needed if you continue on to do the load balancing part
this guys youtube video is pretty good also, if you comment with questions he replies pretty fast
DUAL WAN ON PFSENSE 2
Youtube VideoEdited to add youtube link
-
Thank you everyone!, I'll try this when the workload gets down, so I can use both links. If it worked, I'll be back with some kudos XD
