Failover problem 23.1

[RTSW]

Greetings everyone,

I have an issue with failover configuration. Basically, I have followed the steps outlined in this link: https://docs.opnsense.org/manual/how-tos/multiwan.html

It's worth noting that the only parameters I have configured are the ones described in that link. Additionally, the installation is new, and I'm setting up the router from scratch.

At the moment, everything is working fine. Even the DNS rule is functioning correctly. I have tested by hot-disconnecting ISP1 or ISP2, and the failover is working as expected.

The problem arose when I tried to test the failover behavior by pinging both 8.8.8.8 and 8.8.4.4 from a PC continuously. Let's assume that everything was going through ISP1. When I disconnected the ISP1 link, the failover switched to ISP2, and I was able to confirm it by accessing a webpage. However, the pings stopped responding and never resumed. The only way to make them work again was to cancel the infinite ping command, wait a few seconds, and then run it again. Only then did I receive responses.

This behavior is the same if I perform the failover in reverse.

I understand that this behavior should not be the case because if I have client software within the LAN that connects to an internet server, and if the software has some form of keep-alive, the connections should never be able to reestablish unless the software is manually paused. For example, SIP phones that use a cloud-based PBX.

Has anyone experienced this? Am I doing something wrong or missing some configuration?

Thank you very much in advance.

[RTSW]

Well it seems that no one can give any feedback on this, in fact i got a reply from a reddit user that gave me some usefull information, this is a known issue that persists across versions.

To anyone looking for feedback o anything to workaround this, you may need to do a custom script to list the states and then kill them all or just the states that are stuck.

ATM, im listing the states with "pfctl -s state -vv" this gives not only the states but with the unique id corresponding for each one, see tag "id:"
Then i take the id that is stuck and kill them with "pfctl -k id -k ID" where ID is the value.

See:
https://forum.opnsense.org/index.php?topic=10385.0
https://github.com/opnsense/core/issues/4652
https://forum.opnsense.org/index.php?topic=31985.0
https://man.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8

[axsdenied]

Ya that would be expected behavior from what I've seen on apps that don't re-establish sessions.  I.e. I would expect that behavior from ping but a Hulu stream for instance does recover gracefully.  If it loses connection, it tries a new connection which creates a new session state.  Going back is a whole other issue.  Since the connection is still good, a lot of times it never releases

What you're looking for is the router to force kill the sessions for those apps/connections that don't try to re-establish.  In that case, I believe your only recourse is exactly what you've already discovered.