The pfSense Store

Author Topic: 2 WANs failover not working  (Read 357 times)

0 Members and 1 Guest are viewing this topic.

Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
2 WANs failover not working
« on: July 13, 2017, 11:19:09 am »
Hello folks,

I need help; I am new to pfsense, i have 2 WANs and 1 LAN, i want to apply load_balancing and fail_over, i am not sure if i went through all the process but i think so. This how it is:

   WAN 1:10.0.2.8/24
   LAN   :192.168.1.1/24
   WAN 2:10.0.3.8/24

I have troubles with my pfsense adapters, only one adapter at a time is being used to provide internet but when i check the status i find the gateways on both adapters online, for that reason the "fail_over" is failing because when the principal one goes down pfsense is not able to shift to the second one.

Any kind of help is highly appreciated.

Thank you!
 


Offline costasppc

  • Full Member
  • ***
  • Posts: 230
  • Karma: +2/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #1 on: July 13, 2017, 05:42:30 pm »
Have you created a gateway group and set your LAN > WAN firewall rule to use that group?

Best regards

Kostas

Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #2 on: July 14, 2017, 02:31:28 am »
Thank you Kostas,

Yes i created the gateway group and set the  for LAN firewall rule only, do i have to create also the firewall rules for both LAN?

Regards,

Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #3 on: July 14, 2017, 03:22:44 am »
I also set the floating rule

Offline DarkBeard

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #4 on: July 15, 2017, 04:52:44 am »
And how long are you waiting for this redirection to work?
It will primarily depend on the timeout of TCP sessions?
In the fall of one of the GW, sessions are broken?

Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #5 on: July 17, 2017, 02:16:10 am »
Thank you DarkBeard,

Perhaps i was not waiting for the TCP SESSIONS to time out, now it is being redirected , however i can't ping or trace-route outside but i can browse and navigate on the internet.
what should be the problem with that?


Thank you guyz for your help!

Offline heper

  • Hero Member
  • *****
  • Posts: 2627
  • Karma: +246/-10
    • View Profile
Re: 2 WANs failover not working
« Reply #6 on: July 17, 2017, 03:49:33 am »
Rules 3-5 will never get triggered.

Only the first and second rule will ever match.
https://doc.pfsense.org/index.php/Multi-WAN#Firewall_Rules

Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #7 on: July 19, 2017, 01:47:19 pm »
Thank you Heper,
You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

Thank you guyz for your help. 

Offline heper

  • Hero Member
  • *****
  • Posts: 2627
  • Karma: +246/-10
    • View Profile
Re: 2 WANs failover not working
« Reply #8 on: July 19, 2017, 05:10:22 pm »
Thank you Heper,
You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?
why?
has the wiki page solved your misunderstanding about your ruleset ?

there is (generally) no point in creating a seperate/multiple failover gateway_groups (like failover1_2 / failover2_1); especially so, when trying to match the same traffic.
thats like stopping at a crossroads with roadsigns pointing left saying "texas' / pointing right saying 'texas'

Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #9 on: July 20, 2017, 06:26:43 am »
yes the wiki link gave me an insight!

However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

I also need to load-balance.

I am always grateful for your answers!

Offline heper

  • Hero Member
  • *****
  • Posts: 2627
  • Karma: +246/-10
    • View Profile
Re: 2 WANs failover not working
« Reply #10 on: July 20, 2017, 09:58:58 am »
yes the wiki link gave me an insight!

However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

only open sessions will remain on WAN2, new sessions will/should go over WAN1 when it gets back online.

I also need to load-balance.
if you need loadbalancing (=identical tiers), then you shouldn't use failover groups (=differencing tiers) in the first place .....




Offline NORT

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: 2 WANs failover not working
« Reply #11 on: July 20, 2017, 10:53:33 am »
What a joy! now the Failover is working properly, i din't know that when the WAN 1 is back, the new session will be updated thanks again Heper!

Now the load-balancing:

If i put the load balancing rule(same tier) under to failover1 which is above  on the 2nd place , is it really triggered?



Offline heper

  • Hero Member
  • *****
  • Posts: 2627
  • Karma: +246/-10
    • View Profile
Re: 2 WANs failover not working
« Reply #12 on: July 20, 2017, 01:29:25 pm »
no .... it wont get triggered......

just remove the 'adsllinkfailover1' rule & only use the 'wanloadbalancer' rule