Messages

Hello Fabian,
thanks a lot, this sounds just like what I am trying to achieve.
Where exactly is that "IPv4 gateway rules" option you refer to, I can't seem to find it anywhere.
I have turned on "Disable force gateway" in the Firewall -> Advanced section, but I think that is not what you meant?

Looking for that option I found "Failback states" in the gateway configuration which is supposed to delete the states on a gateway if another one with higher priority becomes available.
This wasn't enabled for my second gateway (which I already set to lower priority without any noticeable effect) and after testing it, the gateway is marked as Offline with a red plug symbol.
The second ppp session is active however and I can establish connections via my static IP.
So maybe that was what I missed to get the priorities working, but I'd still like to explore your suggestion, since outgoing connections on the second ppp session still seem impossible...

Hi Fabian,
what you suggest works (i.e. I have internet access) as long as I configure both WAN gateways as failover.
But only one gateway has a route at a given time, so the other one is technically unusable.
This defeats what I want to achieve, since I want to do policy based routing and therefore need both gateways functional at the same time.
Failover is pretty much pointless for me, since both WAN interfaces connect to the same ISP via the same physical interface (and cables).

I could settle for forcing the default route / active gateway to be always the same and use one WAN interface just for incomming connections, but right now I can't find a way to make sure one defined gateway stays active and has the default route all the time.

My ISP does a forced disconnection every 24 hours and this makes causes one of the gateways to become the active one randomly, even with the option 'allow default gw switching' disabled.
If I enable default gw switching I can reconnect the 'wrong' session manually which will make the other active, but I have to do this manually on a daily basis...

But thank you very much for trying to help me and sharing your configuration hints!

Hi Franco,
that wasn't what I hoped to hear, but somehow anticipated it...
Do you have any suggestions how I could force one pppoe session to always be the active default route?
Whatever traffic arrives on the second is replied to on the same pppoe session, and so I could live with only one (and same) session for outgoing traffic/connections.

I also could move one pppoe session to a different physical interface, but I don't think this will improve the situation or give me more/other options, would it?
Or is moving the second connection to a different VM or machine my only option here?
Peter

Hi,
after getting a FTTH connection at home I decided to go for a OPNsense based router and am pretty unexperienced with OPNsense.
I have a routing / GW problem though and can't seem to wrap my head around this nor find any clear answer, so hopefully someone here can point me in the right direction.

I have two sets of credentials from my ISP for two pppoe connections, which are established on the same physical interface and same VLAN.
The reason for this is that one pppoe session is for a 'standard' connection and the second one is for optional extra features (i.e. a static public IPv4 address).
For both connections I get the same GW IP address (100.68.0.1), but only one of the connections is assigned with a route to the GW.

I set up internal VLANs and want to force specific VLANs to send (and receive) traffic to the internet via the one or other pppoe session, but outgoing traffic seems only possible on one of the two at a time.

When one pppoe session is established, for the second one I see the following error in my logs:

Code Select Expand

/usr/local/etc/rc.configure_interface: The command '/sbin/route add -'inet' '100.68.0.1' -interface 'pppoe1'' returned exit code '1', the output was 'add host 100.68.0.1: gateway pppoe1 fib 0: route already in table'
Well, in this case this is somewhat true; I do have a route to 100.68.0.1 already, yes - but it's on the pppoe0 interface and pppoe1 is left without any routing entries.

After some reading I found multiple mentions of the possibility to circumvent the system routing table by enforcing a specific GW in firewall rules, but whatever traffic I try to get out to the internet over the pppoe session that comes up second doesn't seem to go anywhere whatever I try.

I already tried to experiment with the options 'Default gateway switching', 'Sticky connections', 'Disable force gateway', 'Disable reply-to' and various settings in the firewall rules without any success.

I'm running OPNsense 25.1.12 .

Since I can't figure out how to get both connections functional at the same time and/or get policy based routing up and running, I came here looking for help.
What options need to be set/unset in this case, how should the gateways be set up?
Is there any documentation that I may have overlooked or not found?
If needed, what configuration or logs should I provide? (How should I export/extract those and upload here?)

Peter