Failover WAN and wanting to access both modem UIs when primary gateway is active

[plm]

I've seen a number of examples of how to route traffic to a cable modem web UI when it's on a different subnet than the DHCP network it is providing, and that works fine for me.

The troube is, I have the same type of setup on my 5G failover modem, which I don't want to pass traffic across unless the cable modem circuit is down, and I'm struggling to find the right way to configure each of the interfaces so I can route traffic to the respective web UIs, but have the internet connection properly identified as up or down, and have the secondary link only pass any traffic in a failver scenario.

Does anyone have any posts, documentation, or other pointers I can look at for how to most effectively set this up?

Thanks.

[t84a]

I followed this and mine works perfectly.

https://docs.opnsense.org/manual/how-tos/multiwan.html

[plm]

Thanks. I've got the failover working just fine though, which is what this guide covers.

What's not working is when gateway 1 is active I can't get to the web UI on gateway 2, and vice versa. If I'm on the failover gateway I'd like to be able to look at the web UI for gateway 1 to see what's up with the link, but I'm stuck on being able to see the web UI on gateway 2 only.

I know there'll be a way to do this. I just can't figure out what the neatest way of doing it is.

[plm]

Bump.  Anyone know how to keep the web UI accessible on a gateway that's a backup gateway for failover?

[viragomann]

Normally, this should work without doing some special configurations. So I asume, that there is something wrong in your setup not passing the traffic to the non-default gateway.
Did you policy-route the traffic to the gateway group by any chance?

[plm]

Normally, this should work without doing some special configurations. So I asume, that there is something wrong in your setup not passing the traffic to the non-default gateway.
Did you policy-route the traffic to the gateway group by any chance?

I do. The idea being to ensure that the general rules push traffic to the group, which is configured for failover, rather than to the specific interfaces.

I do have static routes defined, but after you've mentioned that I wonder if I actually need need specific rules to pass the management traffic to the indivudual interfaces instead or as well as the static routes?

[viragomann]

The policy-routing rule with gateway group forces the traffic to the current upstream gateway. For plausible reasons you cannot access the modem on WAN2 if the traffic is forced to WAN1.

If you policy-route any traffic to the gateway group, put a rule for local destinations above of the policy-routing, so that this is probed before and applied to the respective traffic.