Periodic WAN Gateway flapping on OPNsense

Started by bx2, July 24, 2025, 02:59:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 24, 2025, 02:59:34 PM Last Edit: July 24, 2025, 03:01:23 PM by bx2 Reason: Fixing IMG links
Hello team,

I have two DEC2752 units I'm working on for our remote office. Both are configured as HA. For some reason, the primary/master unit is often showing my WAN Gateway down, when it is not.

I've got a /27 subnet with 3+ available public IPs that I am using. No IPv6.

Between my ISP router and the HA cluster, connectivity is to a basic HPE wan switch. I have my ISP connection on a VLAN and the OPNsense WAN connections are untagged/access to that VLAN.

I've reviewed my HA settings and everything looks fine but I'm not sure why this is occurring. I have enabled gateway monitoring (why would I want it off?) and only monitoring my ISP gateway.

Here is what I see in Reporting --> Health --> Quality = WAN

FW#1:







FW#2:









I have confirmed that my ethernet cabling is tested good and I don't have any funky configuration on the wan switch (it acts as a dumb switch to forward traffic, nothing special configured on it).

I'm really not sure where to go from here as I know my WAN connection is 100% fine since we have another connecting using an available IP from my /27 block, providing a critical service and it doesn't go down.


Thank you
July 25, 2025, 10:33:56 PM #1
Well I guess I'll document this myself.

Frusterated by this, I factory reset both devices, logged in, deleted the LAN interface and setup my core VLAN. Setup my public IP addresses for each device, the gateways and left them connected to the internet.

Not configured in HA, both devices show regular activity for their WAN gateways. Again, not going to disable gateway monitoring as I want to see the status/functionality of my gateway.

FW #1:


FW #2:



So this looks normal to me. I know my ISP (Bell Canada) and my service is stable since I have other services (VPN) using the same static IP range connected to a different firewall.

I will leave this connected over the weekend and check in and see how it is going. I suspect something was mis-configured but I'm a bit surprised that following the guides I did had me experience this.

I do think the OPNsense team needs to work on their community building more. Lack of support/interaction on many posts (not just mine) doesn't drive users to donate or buy official hardware.
Print
Go Up Pages1
User actions