multi-wan / default gateway switching

Started by dirtyfreebooter, October 15, 2024, 04:13:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 15, 2024, 04:13:10 PM
a question or check of my setup. i recently added a backup internet connection.

WAN1: 1 gbps quantum fiber
WAN2: 150 mbps / 20 mbps xfinity/comcast cable

i started out by looking at the opnsense docs and the multi-wan section with gateway groups. but it seems like for my simple setup, "Default gateway switching" and setting the gateway priorities seems to just work without any gateway groups, etc.

is that correct? if so, that is much simpler and awesome!

the only other adjustments i had to make were:

  • any port forwards, i had to add both WAN interfaces to the forward definitions.
  • forwarding 80/443 to public for caddy reverse proxy, so had to duplicate that rule on each WAN interface

i disabled sticky connections in settings > firewall > advanced, as this is a pure failover situation and not load balancing.

really only a few minutes to make these config changes and everything seems great. OPNsense is such a gem :)
November 21, 2024, 12:39:48 AM #1
I am facing an issue with Multi-WAN myself using OPNsense 24.7.9_1-amd64

What I am observing is that the recommended setting from the documentation is not working as described in the documentation: https://docs.opnsense.org/manual/how-tos/multiwan.html#step-4-policy-based-routing.

When I configure this, the next-hop never fails over to the backup ISP when the primary fails the monitor.
Setting the Gateway to default provides the expected behavior of changing the egress WAN interface according to the monitor health.

Either the policy route function is broken in 24.7 or the documentation needs to be corrected to state that this configuration should only be used with say, load-balancing.
December 07, 2024, 05:32:20 AM #2


I have a similar setup. I too didn't see a need to execute the 'policy-based routing' section. Although, I have yet to thoroughly test the failover.

One question I did have on the following:

Quote from: dirtyfreebooter on October 15, 2024, 04:13:10 PM
a question or check of my setup. i recently added a backup internet connection.

the only other adjustments i had to make were:

  • any port forwards, i had to add both WAN interfaces to the forward definitions.
  • forwarding 80/443 to public for caddy reverse proxy, so had to duplicate that rule on each WAN interface

in rule configuration there's a gateway option whose tooltip says eave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing. . So, in theory, additional rules definition shouldn't be required?

Print
Go Up Pages1
User actions