Netgate SG-1000 microFirewall

Author Topic: Multi Wan and wrong default gateway  (Read 488 times)

0 Members and 1 Guest are viewing this topic.

Offline jcorreajr

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Multi Wan and wrong default gateway
« on: October 06, 2017, 01:46:28 pm »
Hello!
I use the Multi-Wan configuration in my Pfsense 2.3.4 with two Wans (Wan1 and Wan2)
I know the operating logic and Multi-Wan routing policy as specified in the manual: https://doc.pfsense.org/index.php/Multi-WAN

My problem is with Squid. I know I need to enable the configuration below so that it works properly with Multi-Wan

--
using default gateway switching under System > Advanced on the Miscellaneous tab
---

Besides my two Wan, I also have a VPN gateway.
And in case of problems in my main link, sometimes the VPN gateway is erroneously set as the default gateway instead of the secondary link. Because Squid queries the Default Gateway for browsing, it attempts to navigate through the VPN.

Has anyone managed to resolve this issue? Can I make Pfsense, in the case of a problem on my main link, not choose Default Gateway as my VPN gateway, but the gateway of my secondary link?

============
Em portugues
----

Olá!
Utilizo a configuração Multi-Wan em meu Pfsense 2.3.4 com duas Wans (Wan1 e Wan2)
Conheço a lógica de funcionamento e política de roteamento Multi-Wan conforme especificada no manual: https://doc.pfsense.org/index.php/Multi-WAN

Meu problema está no funcionamento do Squid. Sei que preciso habilitar a configuração abaixo para que ele funcione adequadamente com Multi-Wan
--
using default gateway switching under System > Advanced on the Miscellaneous tab
---

Além das minhas duas Wan, também tenho um gateway VPN.
E em caso de problemas no meu link principal, algumas vezes, o gateway de VPN é erroneamente definido como gateway default ao invés do link secundário. Como o Squid consulta o Default Gateway para fazer a navegação ele tenta navegar pela VPN.

Alguem conseguiu resolver esta questão? Posso fazer com que o Pfsense, no caso de problema no meu link principal, não escolha como Default Gateway meu gateway da VPN e sim o gateway de meu link secundário?

Offline tbird

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Multi Wan and wrong default gateway
« Reply #1 on: October 08, 2017, 11:43:11 am »
Hello,

I have a similar problem :)
I`m using 3 WAN`s from 4G modems.. with a group gateway and rule in firewall LAN to use the balanced group. The problem it is that the round-robin
is using 70% of the time the default gateway and at the end i have 50-70% more traffic on the default gateway.  The gateway switch it is enable, its doing the job. There a way to set pfsense to use as default the group ?

Offline jcorreajr

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Multi Wan and wrong default gateway
« Reply #2 on: October 11, 2017, 12:12:33 pm »
Since Squid only works with Default gateway, I understand that the solution comes from the way Pfsense switches the default gateway.

In my case I have 3 gateways
Wan1 (Default Gateway)
Wan2
OVPN_GW

Does anyone know, what does Pfsense look for to change the default gateway when selecting the "Enable default gateway switching" option?


--- Em português ---
Como o Squid apenas trabalha com Default gateway, entendo que a solução venha do modo como o Pfsense troca o gateway padrão.

No meu caso tenho 3 gateways
Wan1 (Default Gateway)
Wan2
OVPN_GW

Alguém sabe, o que o Pfsense leva em consideração para a troca do default gateway ao selecionar a opção "Enable default gateway switching"?

Offline tbird

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Multi Wan and wrong default gateway
« Reply #3 on: October 12, 2017, 02:37:53 pm »
I think i know the answer : ) Please put me 10 in the catalog :D
Someone it can correct me if im wrong. The pfsense ( hard coded software ) it looks at default gateway to be online, if dpinger is reporting that the gateway is offline " enable switch default gateway " take  the action and is changing the gateway to the next availabe one.

Offline jcorreajr

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Multi Wan and wrong default gateway
« Reply #4 on: October 23, 2017, 11:58:34 am »
And is there an option to change the order of the next available gateway?

Offline broonu

  • Jr. Member
  • **
  • Posts: 95
  • Karma: +6/-0
    • View Profile
Re: Multi Wan and wrong default gateway
« Reply #5 on: November 11, 2017, 04:50:44 pm »
Did you solved this? I have exactly same problem, when ISP1 is offline, pfsense chage default gateway to my VPN gateway, instead of ISP2.
I'm using gateway group for ISP1 anda ISP2.

Offline jcorreajr

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Multi Wan and wrong default gateway
« Reply #6 on: December 11, 2017, 11:04:52 am »
Hello, in my case I was able to solve it like this:
I noticed that I did not need the VPN gateway, so I enabled gateway monitoring and also enabled it to always be off. So the VPN gateway in my case and to the present moment was not identified as default gateway

---------
Olá, no meu caso consegui resolver do seguinte modo:
Notei que eu não precisava do gateway da VPN, então habilitei o monitoramento do gateway e também habilitei para ficar sempre off. Assim o gateway da VPN no meu caso e até o presente momento não foi identificado como default gateway