Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: awptechnologies on October 07, 2024, 08:25:38 AM

Title: Wan Switching
Post by: awptechnologies on October 07, 2024, 08:25:38 AM
Right now when my main wan goes down the backup kicks in. This works great. I was wondering how to ensure all connections close on backup wan and move back to main wan. Right now some connections still stay active on backup wan. This normally wouldn't be an issue but since my backup wan is a cellular hotspot with a limited amount of data it is. I need all connections on backup to close as soon as the main wan comes back up so i dont waste data.
Title: Re: Wan Switching
Post by: dseven on October 07, 2024, 10:01:49 AM
https://github.com/opnsense/core/issues/5387 might be worth a read....
Title: Re: Wan Switching
Post by: awptechnologies on October 08, 2024, 05:18:33 AM
I added this script to /usr/local/etc/rc.syshook.d/start

#!/bin/sh

#Config
primary_wan_if="igc0"
backup_wan_if="igc1"

#check if an instance is already running
otherInstance=`ps auxf | grep autoStateKill.sh | grep -v 'grep' | wc -l | tr -d ' '`
if [ ${otherInstance} -gt 2 ]; then exit 0; fi

#Do a sleep of 30 seconds at the beginning, in case script autostarts with the system
sleep 30

#Setup variables
primary_wan_gw_ip=""
backup_wan_gw_ip=""

#Get default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_if_old=${default_gw_if}

#Inform the logging system
logger "AutoStateKill-Script: Started, default gateway is ${default_gw_if}"

#Main loop
while true; do

        #get current default gateway
        default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
        default_gw_ip=`netstat -rn | grep default | awk '{print $2}'`

        case ${default_gw_if} in

                "${primary_wan_if}")    #primary wan interface is default gateway
                        primary_wan_gw_ip=${default_gw_ip};

                        if [ "${default_gw_if_old}" == "${backup_wan_if}" ] && [ "${backup_wan_gw_ip}" != "" ]; then #primary is up again, kill the states of the backup wan
                                killedStates=`/sbin/pfctl -k gateway -k ${backup_wan_gw_ip} 2> /dev/stdout`
                                logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${backup_wan_gw_ip}... ${killedStates}"
                        fi
                        default_gw_if_old=${default_gw_if}
                        ;;

                "${backup_wan_if}")     #backup wan interface is default gateway
                        backup_wan_gw_ip=${default_gw_ip};

                        if [ "${default_gw_if_old}" == "${primary_wan_if}" ] && [ "${primary_wan_gw_ip}" != "" ]; then #backup is up again, kill the states of the primary wan
                                killedStates=`/sbin/pfctl -k gateway -k ${primary_wan_gw_ip} 2> /dev/stdout`
                                logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${primary_wan_gw_ip}... ${killedStates}"
                        fi
                        default_gw_if_old=${default_gw_if}
                        ;;

        esac

#Sleep for 1minute and check again
sleep 60

done


What do you think about this method. It seems to work good as soon as i switch back to my main wan all states are wipped off the backup.

I use ntopng so i can see it happen in real time.
Text only | Text with Images