Text only | Text with Images

OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: janne on August 28, 2019, 10:17:39 AM

Title: Failover
Post by: janne on August 28, 2019, 10:17:39 AM
Hi.Where can I find how to configure traffic over backup wan?
I have configured failover and it works outwards but how do you get all traffic to work both outbound and inbound on wan2 and on wan1? Have looked and read but .....
Would have been good if there was a wizard for backup wan
Grateful for help.
Title: Re: Failover
Post by: hbc on August 28, 2019, 11:23:11 AM
There are some manuals and howtos about multiwan:

https://docs.opnsense.org/manual/multiwan.html (https://docs.opnsense.org/manual/multiwan.html)
https://docs.opnsense.org/manual/how-tos/multiwan.html (https://docs.opnsense.org/manual/how-tos/multiwan.html)
https://www.thomas-krenn.com/de/wiki/OPNsense_Multi_WAN (https://www.thomas-krenn.com/de/wiki/OPNsense_Multi_WAN) (German)

I do not know whether inbound for dynamic ip works, for static ips and business oriented providers dynamic routing or vrrp may be solutions. We for example use redundant wan switches that connect 2 CPE routers and 2 OPNsense firewalls. Router and Senses are running VRRP/CARP and route between their virtual ips.
Title: Re: Failover
Post by: adrianschneider on August 28, 2019, 12:39:25 PM
For the incoming data: Setup port forwarding (NAT -> Port forward) and assign both interfaces for every rule. It's important, that "Diasble Reply-To" in the advanced settings is not checked.

This enables port forwarding, but does not do failover. I set up a dynamic IP from behind the firewall with ddclient so that a domain always points to the active WAN.
Title: Re: Failover
Post by: janne on August 30, 2019, 08:46:59 AM
Still can't get traffic into WAN2.
Followed the instructions according to documentation but it does not want to work.
Has for safety moved existing incoming WAN1 to WAN2, failover works perfectly ok, but it is not possible to access from outside and in which works perfectly on WAN1.  ::)
Title: Re: Failover
Post by: mimugmail on August 30, 2019, 09:25:01 AM
Do you use interface groups for port forwards?

https://docs.opnsense.org/manual/firewall_groups.html
"For multiwan setups be careful with groups, since groups are not bound to a specific interface, they will use the normal routing system to determine the next hop when applied on WAN type interfaces (reply-to is not used here)."
Title: Re: Failover
Post by: janne on September 09, 2019, 09:25:56 PM
Hi.Sorry you didn't respond, been sick. ;)
I have not used interface groups. Everything works ok from the router but I can't get any traffic into the interface I programmed as backup.
I have also tried moving my fixed connection between gateways but it is not possible on backup gateway.
I also use DYN dns to control the traffic and ip is changed but the traffic does not work inward on the backup gateway.?????
What am I doing wrong? ;) :(
Title: Re: Failover
Post by: mimugmail on September 09, 2019, 09:34:01 PM
Screenshot of port forwards please
Title: Re: Failover
Post by: janne on September 09, 2019, 10:13:53 PM
Hi.Here comes the screenshot.
Title: Re: Failover
Post by: mimugmail on September 10, 2019, 05:50:09 AM
You need two of them, one for each interface
Text only | Text with Images