OPNsense Forum

English Forums => General Discussion => Topic started by: Livius on August 30, 2017, 08:58:22 am

Title: Multi-Wan dns failover cpanel and http proxy issues
Post by: Livius on August 30, 2017, 08:58:22 am

Hello,
 I'm using OPNSense since winter and it's the most stable and reliable product I've ever seen, 200 days uptime, great job. Had some issues with new Intel nics pci-x, went for older ones.

So I have two requirements and I don't know how to solve them:

1. Failover multi wan setup with proxy
The network computers have internet access through http proxy (not transparent) only.
The network file server has full internet access and port forwarding.
When the main gateway fails OPNSense switches the backup one, but the computers no longer have internet access, only the server has.
How can this be fixed?

2. I'm achieving dns failover using a small c# service which updates the IP for the subdomain automatically in cpanel.
The subdomain points to both OPNSense wan IP, backup and main, I've added port forwarding rules for both gateways.
The dns resolution is provided by a hosting company, short TTL.
The simple c# service running on the file server does a "my IP" check each minute and if that has changed it updates it with a https request to the hosting cpanel API.

How can this process be performed on OPNSense, is it possible to trigger a script when the main gateway failed, or can I write a plug-in for that?
Where to start with this?

Thank you

Title: Re: Multi-Wan dns failover cpanel and http proxy issues
Post by: Livius on September 01, 2017, 12:48:17 pm

Can opnsense trigger a https request or a script when one gateway goes down?
How can I achieve that?

I realized that I wasn't clear about the setup, domain is: example.com:
- hosting takes care of email, dns and stores a webpage
- opnsense is used as a router for a lan
- inside the lan there's a fileserver which has to be accessed from web.
- the lan has two ISP (mainIP and backupIP)

The dns on hosting has 1 subdomain defined twice:
A ps.example.com   ttl=30  mainIP
A ps.example.com   ttl=30  backupIP

Opnsense has the main and backup wan configured, and I defined port forwarding on both.

When a web client connects to the subdomain it gets one of the two ip, all goes well.
When one wan goes down, 50% of clients can't connect, so the dns has to be updated.
When the failed wan goes up the dns has to be updated.

Now I replaced the c# service with a php page on my hosting server.

That page is contacted each 30 sec by the file server using a simple https request.
The page checks some credentials and uses the client IP for updating the hosting dns automatically.
http://www.4webhelp.net/scripts/php/ip.php
https://stackoverflow.com/a/13987221


After reading about apinger issues, looking at the code length and seeing the solution do nothing no funding. I believe I should find another path.

So I'll make the hosting server check both wan and update the dns accordingly.