Failover

Started by janne, August 28, 2019, 10:17:39 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 28, 2019, 10:17:39 AM
Hi.Where can I find how to configure traffic over backup wan?
I have configured failover and it works outwards but how do you get all traffic to work both outbound and inbound on wan2 and on wan1? Have looked and read but .....
Would have been good if there was a wizard for backup wan
Grateful for help.
August 28, 2019, 11:23:11 AM #1
There are some manuals and howtos about multiwan:

https://docs.opnsense.org/manual/multiwan.html
https://docs.opnsense.org/manual/how-tos/multiwan.html
https://www.thomas-krenn.com/de/wiki/OPNsense_Multi_WAN (German)

I do not know whether inbound for dynamic ip works, for static ips and business oriented providers dynamic routing or vrrp may be solutions. We for example use redundant wan switches that connect 2 CPE routers and 2 OPNsense firewalls. Router and Senses are running VRRP/CARP and route between their virtual ips.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
August 28, 2019, 12:39:25 PM #2
For the incoming data: Setup port forwarding (NAT -> Port forward) and assign both interfaces for every rule. It's important, that "Diasble Reply-To" in the advanced settings is not checked.

This enables port forwarding, but does not do failover. I set up a dynamic IP from behind the firewall with ddclient so that a domain always points to the active WAN.
August 30, 2019, 08:46:59 AM #3
Still can't get traffic into WAN2.
Followed the instructions according to documentation but it does not want to work.
Has for safety moved existing incoming WAN1 to WAN2, failover works perfectly ok, but it is not possible to access from outside and in which works perfectly on WAN1.  ::)
August 30, 2019, 09:25:01 AM #4
Do you use interface groups for port forwards?

https://docs.opnsense.org/manual/firewall_groups.html
"For multiwan setups be careful with groups, since groups are not bound to a specific interface, they will use the normal routing system to determine the next hop when applied on WAN type interfaces (reply-to is not used here)."
September 09, 2019, 09:25:56 PM #5
Hi.Sorry you didn't respond, been sick. ;)
I have not used interface groups. Everything works ok from the router but I can't get any traffic into the interface I programmed as backup.
I have also tried moving my fixed connection between gateways but it is not possible on backup gateway.
I also use DYN dns to control the traffic and ip is changed but the traffic does not work inward on the backup gateway.?????
What am I doing wrong? ;) :(
September 09, 2019, 09:34:01 PM #6
Screenshot of port forwards please
September 09, 2019, 10:13:53 PM #7
Hi.Here comes the screenshot.
September 10, 2019, 05:50:09 AM #8
You need two of them, one for each interface
Print
Go Up Pages1
User actions