The pfSense Store

Author Topic: 3G outbound failover not working  (Read 3562 times)

0 Members and 1 Guest are viewing this topic.

Offline Geppo

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
3G outbound failover not working
« on: March 22, 2011, 05:04:27 pm »
I would like to use a 3G modem connection as outbound automatic failover connection (ADSL is configured as primary wan), but I am not able to make it working.
I configured the 3G modem (Huawei E180) in Interfaces-PPPs, then I added a "3G" gateway in System-Routing-Gateways and I created a "GW_Failover" gateway group in System-Routing-Gateway Groups, adding Wan (Tier1) and 3G (Tier2).
Then I assigned "GW_Failover" to the Lan outbound rule in Firewall-Rules-Lan as explained at http://forum.pfsense.org/index.php/topic,10407.0.html.

What I expected:
bringing down the primary Wan (ADSL), the 3G modem should become active (dial up) and the traffic should be routed through the 3G connection. When the primary ADSL connection comes up again, the 3G modem should disconnect and the traffic should be routed through the ADSL connection. I don't need balancing, just failover.

What really happens:
bringing down the primary Wan (ADSL), the 3G modem remains idle and the internet connectivity is lost.
If I succeded (in whatever manner) to make the 3G modem dialing up, all the traffic is router through the 3G connection, and the internet connectivity is restored, but when the primary ADSL connection comes up again, the 3G modem remains connected.
I didn't find any way to bring down 3G connection..... the disconnect button available in Status-Interfaces doesn't work.
I tried also to configure automatic gateway or a fixed one to the 3G interface, but I got the same behaviour.


Here is my configuration:

System-Routing-Gateways:
WAN (default)  WAN    192.168.100.1   192.168.100.1    Interface WAN Dynamic Gateway
3G                   3G      Dynamic         193.204.114.105  Interface 3G Dynamic Gateway        


System-Routing-Gateways Groups:
GW_Failover    WAN   Tier1
                      3G    Tier2


Firewall-Rules-LAN:

ID   Proto     Source   Port        Destination   Port     Gateway     Queue   Schedule   Description

         *         *          *         LAN Address    22          *              *                     Anti-Lockout Rule
                                                               80
                                                              443
         *      LAN net    *                  *           *    GW_Failover    None                  Allow All (LAN -> Any)


What is going wrong?

« Last Edit: March 23, 2011, 01:16:42 pm by Geppo »

Offline Geppo

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #1 on: March 24, 2011, 10:30:00 am »
Any suggestions?  :(

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #2 on: March 24, 2011, 05:39:28 pm »
Currently there is no way in having 3G modems stay unconnected.
It needs the connection up to send icmp(ping) probes to the monitor ip.


Offline Geppo

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #3 on: March 25, 2011, 12:27:00 am »
Than you for you help!
I think this is a strange behaviour....... generally, 3G connectivity is not "flat". It does not make sense to keep a 3G connection always on :-( Is this a bug?
I currently use several commercial routers with 3G support and they always consider 3G modems as a dial-up connection. I you use a 3G modem as a failover connection this must be on only when needed (on-demand)!

I also tried to put a checkmark on "dial-up" in the advanced settings, but this seems to be ineffective.

Analyzing system's log I found a message like "Gateway is invalid - Ignored" appearing after the primary wan goes down. It doesn't sound good, but apparently I cannot find anything wrong......

Offline greybeard

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #4 on: March 25, 2011, 01:48:13 am »
I've used 3g backup connections on a number of commercial applications and, for our ISPs, there is no cost involved in keeping a permanent connection. So I've allways configured the backup link as allways on.
The downside, and I've witnessed this time after time, with only having a backup link connect when the primary fails is you don't know if the backup link is going to fail until it's to late.
By keeping the backup link active at all times you can monitor it for failure just like the primary link and then you have opportunity to do something about it before it's needed.
The classic failure mode on 3G backup links is the sim card expiring because no one thought to renew it.
ymmv.

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #5 on: March 25, 2011, 03:34:29 am »
Well we monitor the link to know its up.
The only improvement i can agree is needed is just that the monitoring on the 3G link should start only when traffic starts passing through it and not send constant pings through the 3G side.
And IMO its the only improvement needed since as stated it does not add any cost.

Offline Geppo

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #6 on: March 26, 2011, 12:56:17 pm »
Hum..... unfortunately most of our 3G contracts are not "flat" and you are charged for the time you stay connected (often in 15' chunks). This means if you connect and you drop the connection after 10'' you are charged 15', if you stay on 16', you are charged 30'. This is the standard in Italy...... :-(
All 3G routers I know use 3G modems as a dial-up connection to be on only when needed because a 3G failover connection always on is completely useless if you have this kind of contract. I hope that this feature will be implemented soon....
« Last Edit: March 27, 2011, 12:52:23 am by Geppo »

Offline Geppo

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #7 on: March 27, 2011, 03:07:00 am »
Currently there is no way in having 3G modems stay unconnected.
It needs the connection up to send icmp(ping) probes to the monitor ip.



I don't understand.......
Ermal, can you please explain me what are used for the following options in PPP Advanced options (Dial on demand - Idle timeout)?
They look like just what I need, but they are not working....


« Last Edit: March 27, 2011, 03:11:42 am by Geppo »

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3365
  • Karma: +3/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #8 on: March 28, 2011, 04:31:46 am »
Dial on demand is the one required for not having it on.
But the monitoring utility that is on backround always sends ping through the the 3G that is why they seem to not work.

I think you can open a Feature request on redmine.pfsense.org for 2.1

Offline GrandmasterB

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #9 on: April 16, 2011, 01:30:46 am »
Well we monitor the link to know its up.
The only improvement i can agree is needed is just that the monitoring on the 3G link should start only when traffic starts passing through it and not send constant pings through the 3G side.
And IMO its the only improvement needed since as stated it does not add any cost.

I totally agree.
I also use the 3G failover and with only pinging all day long, 5mb of traffic is generated!
I only have a 500mb a month dataplan, so this is not going to work for me.
Without any regular traffic my dataplan is used up.

Does someone already has opend a ticket?

Offline Geppo

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 3G outbound failover not working
« Reply #10 on: April 25, 2011, 01:18:59 pm »
I don't agree....... in Italy you pay for the TIME you stay connected, not for generated traffic!
All known routers supporting 3G modems work like I am asking for.....

I opened a feature request:

http://redmine.pfsense.org/issues/1388