OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: CeeMac on April 13, 2020, 11:48:24 pm

Title: Default route persists when upstream gateway down
Post by: CeeMac on April 13, 2020, 11:48:24 pm

I'm not sure if I'm misunderstanding how gateway monitoring is supposed to work or if I'm missing some configuration. What I am trying to achieve is that when the Wan/upstream gateway is unreachable and goes offline, the default route should be removed from the kernel routing table.

Is something that is achievable?

Thanks

Sent from my ONEPLUS A5000 using Tapatalk

Title: Re: Default route persists when upstream gateway down
Post by: opnfwb on April 14, 2020, 05:30:10 am

I presume this is a scenario in which you have multiple gateways defined within the router and you want the router to switch to a new gateway if another one fails? Do you have any gateway groups and gateway weighting defined yet? That should accomplish what you want if you have multiple WAN interfaces and you want one of them to fail over if one is marked "down".

Another option that is helpful for multiple WAN (gateways) is to enable state killing on gateway failure. This prevents some clients on the LAN from re-using an existing connection through a gateway that has failed. You can set this under Firewall/Settings/Advanced/Gateway Monitoring.

Title: Re: Default route persists when upstream gateway down
Post by: CeeMac on April 14, 2020, 07:35:09 am

Hi,

Sorry I probably should have outlined my scenario but wanted to try and keep the question simple.

So, I have this firewall pair in site A. Frr advertises the default route into the core with metric 100 via bgp. I have a second firewall pair in site B, frr advertises the default route into the core with metric 200 via bgp. When the Wan gateway fails on firewall pair A I want the default route to stop getting advertised into the core so the backup route via site B firewalls takes precedence.

For this to occur, the default route on firewall pair A must be removed from the kernel routing table when the gateway goes down. I thought gateway monitoring could do this but that doesn't seem to be the case?

Thanks

Sent from my ONEPLUS A5000 using Tapatalk

Title: Re: Default route persists when upstream gateway down
Post by: CeeMac on April 14, 2020, 07:35:51 am

Oh, I'll take a look at state killing though. Thanks.

Sent from my ONEPLUS A5000 using Tapatalk

Title: Re: Default route persists when upstream gateway down
Post by: CeeMac on April 18, 2020, 12:18:03 pm

Ran through a test scenario again yesterday and sadly state killing didn't help with the larger issue of the default route.

Is anyone aware of any alternative methods of providing the upstream gateway that may be more 'dynamic' or ways of automatically deleting the default route when the Wan gateway is offline?

Sent from my ONEPLUS A5000 using Tapatalk