Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered) (Read 3197 times)
thowe
Jr. Member
Posts: 91
Karma: 11
Open Source can do a lot.
Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
on:
April 18, 2020, 10:05:24 pm »
Hello everybody
I am a feeder for LiveATC.net and would like to achieve high availability of my stream. Therefore I have attached a cheap TPLink 4G router (WAN2) to the OPNsense next to my main cable modem (WAN1) with a flat rate. The SIM for WAN2 is coupled with a prepaid subscription, where the data volume does not expire but costs per MB used.
Now I have configured OPNsense for dual WAN as described in the Doc (
https://docs.opnsense.org/manual/how-tos/multiwan.html
). That means especially with the fixed assignment of one DNS server each for WAN and for WAN2.
The setup works. But due to the monitoring ping and possibly DNS resolutions on WAN2, there is permanently a minimal load. Not much - but enough so that the prepaid subscription is used down to zero every three months.
Is there any way I can ensure that WAN2 is not at all used during normal operation (when WAN1 normally available)? Only in case of WAN1 failure, the traffic should go over WAN2 without WAN2 being permanently used for pings and DNS queries.
Thanks & best regards
Thomas
Logged
System 1: PC Engines APU2C4
System 2: PC Engines APU2E4
System 3: Proxmox-VM on Intel NUC
tong2x
Full Member
Posts: 223
Karma: 9
Re: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
Reply #1 on:
April 20, 2020, 07:13:31 pm »
it will be be used to some extent... since opnsense will monitor your wan2.
in gateway you can disable monitoring for wan2(setting of wan2)
give your wan1 a higher priority (by giving a lower priority number, wan1 should be marked "active")
you may also opt for gateway group, in failover mode.
and used that group as your gateway in your firewall
i dont think pings can used alot of MB maybe it is activated?
try the above first, disable monitoring for wan 2(may have side effects though not being able to detect if it is online).
set failover group and use that... set proper link priority...
you may want to check, reporting then insigth, and verify the used data if it matches your sim2 data volumn.
you can drill down the data to specific wan, and length/days
«
Last Edit: April 20, 2020, 07:16:16 pm by tong2x
»
Logged
shadesh
Newbie
Posts: 41
Karma: 2
What?
Re: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
Reply #2 on:
April 20, 2020, 08:52:26 pm »
Are you sure you're using a Active / Standby Setup? I have here a similar setup (VDSL with LTE backup). If my VDSL is stable for a long time, i only have a very few data (from the ping monitoring) on my LTE WAN. There should be no DNS resolving on Tier2 (WAN2) if you're using it as standby line. It's not recommended to disable gateway monitoring if you're using a multi wan setup. Afaik you have to set gateway priority only if you're using a active / active setup with load balancing over both lines.
Logged
thowe
Jr. Member
Posts: 91
Karma: 11
Open Source can do a lot.
Re: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
Reply #3 on:
April 20, 2020, 09:34:22 pm »
Thanks for your hints. I rechecked my config, and to me it looks as everything would already be set as it should be.
I already have WAN1 in Tier1 and WAN2 in Tier2 within the Gateway Group.
The second DNS entry on System - Settings- General is set to use WAN2. The first to use WAN1.
I checked the usage: I have about 150MB traffic on WAN2 per month (50MB out / 100MB in). It's never active - always standby.
So I assume everything works as expected. Is it normal to see about 150MB of usage on an otherwise unused line?
Logged
System 1: PC Engines APU2C4
System 2: PC Engines APU2E4
System 3: Proxmox-VM on Intel NUC
russella
Newbie
Posts: 21
Karma: 2
Re: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
Reply #4 on:
April 21, 2020, 03:41:47 pm »
I have a similar setup with a Fibre connection for my primary WAN and a mobile (4G) for backup WAN. I haven't checked the data consumed from my mobile provider, but the Interface Statistics for my backup WAN connection work out at around 70MB per month. I have the probe interval for my backup WAN connection set to 2 instead of the default 1 so it would follow that if you have the default value set you would use twice as much data as me.
You could try increasing the probe interval (System->Gateways->Single->Edit Wan->Probe Interval) on your backup 4G WAN from 1 (Default) to something higher. I use 2 but as it is purely a backup, it doesn't really need to be checked that often.
Logged
thowe
Jr. Member
Posts: 91
Karma: 11
Open Source can do a lot.
Re: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
Reply #5 on:
April 22, 2020, 08:29:22 am »
Rusella, thanks for the hint.
My probe interval has been set to a value of "10" already. This was one of the first steps I took, when I became aware of the consumed data on the backup WAN2. I've increased it now to a value of "15".
Maybe something is causing the traffic from the outside...? Scanner? Monitoring?
Is there a possibility to analyze the volume by initial direction of a communication?
Logged
System 1: PC Engines APU2C4
System 2: PC Engines APU2E4
System 3: Proxmox-VM on Intel NUC
tong2x
Full Member
Posts: 223
Karma: 9
Re: Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)
«
Reply #6 on:
April 25, 2020, 09:17:27 am »
you need to proabbaly install ntop
to monitor what packets goes to the connection...
150mb is alot for pings only...
may be your wan1 sometimes goes down?
or is detected to be down hence goes to wan2
but yeah you need a plugin to monitor and log the actual data
passing through and how often..
in reporting->insight you could see the spread of that 150mb data
in top right you could select the date range in hours and days
in the middle portion you could select the adapter you want to monitor
that should help, se what ports are access, ips access.. that should help some
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Dual WAN - WAN2 should really be used only in case WAN1 is dead (WAN2 metered)