Single WAN, but Multi Gateway not working

[soko]

Hi guys,

I was running OPNsense successfully with one LAN and two WANs (one gateway each) with a Gateway Group for failover according to https://docs.opnsense.org/manual/how-tos/multiwan.html.

Now after a change in my network I'm having the failover gateway in the same WAN-network as the main gateway.

So I thought "No biggy!" and

• Added the new gateway to System-Gateway-Single
• Swapped in the Gateway-Group the old failover (tier 2) for the new failover gateway
• Adjusted the DNS servers in System-Settings-General
• Deleted the old failover gateway and the 2nd WAN

But now, once my main gateway fails, the failover gateway is marked "active" but I have no internet on my LAN side.

Does anybody know why?

Here are a little more details....

Original/old/working config:
LAN: 192.168.254.0/24 (OPNsense static 192.168.254.253)
WAN: 192.168.179.0/24 (OPNsense static 192.168.179.253, Gateway 192.168.179.254)
WANFailover: 192.168.253.0/30 (OPNsense static 192.168.253.1, GatewayFailover 192.168.253.2)

New/not-working config:
LAN: 192.168.254.0/24 (OPNsense static 192.168.254.253)
WAN: 192.168.179.0/24 (OPNsense static 192.168.179.253, Gateway 192.168.179.254, GatewayFailover 192.168.179.1)

thanks
Soko

[franco]

Hi Soko,

No Internet or no DNS?


Cheers,
Franco

[soko]

Hi Franco,

No internet.

From a LAN PC i was constantly pinging an internet server.
Then I shutdown 192.168.179.254 and the ping was timing out until I turned it on again.
192.168.179.1 was up and had internet connection.

Soko

[soko]

...

[soko]

Hi,

I'm trying to wrap my head around that issue and I think all this should work with no Gateway Group at all...

So I've tried the following config (IPv6 is generally disabled):

System: Gateways: Single:

• WAN_GW:  Prio=254 Upstream=true GW=192.168.179.254 MonitorIP=103.086.096.100
• FAILGW:  Prio=255 Upstream=true GW=192.168.179.001 MonitorIP=046.182.019.048

Usually there is (active) written behind WAN_GW

System: Settings: General:

• The monitor IPs of above are the DNS Servers with the according use gateway of above
• Allow default gateway switching = true

Interfaces: WAN:

• IPv4 Upstream Gatway = Auto-detect

System: Routes: Status:

• Destination=default Gateway=192.168.179.254
• Followed by two more entries for the monitor/DNS IPs as Destination with the corresponding Gateway

Firewall: Rules: LAN:

• The Default allow LAN to any rule has nothing selected as Gateway set

Firewall: Settings: Advanced:

• Sticky connections = false
• Shared forwarding = false
• Disable force gateway = true (Why? see below)

The test:

Now I shut down my WAN_GW (device with 192.168.179.254).

After a little wait I have the following:

System: Gateways: Single:

• WAN_GW Status=offline
• FAILGW Status=online and the (active) is now written behind this Gateway

System: Routes: Status:

• Destination=default Gateway=192.168.179.1
• Followed by two more entries for the monitor/DNS IPs as Destination with the corresponding Gateway

So everything should work => but it doesn't. I have no internet connection.

What doesn't help

• Setting FAILGW as Gateway for the Default allow LAN to any rule
• Disable force gateway = false: The auto-floating-rule created when this is false has still WAN_GW as Gateway. Even when it's offline.

What does help

• IPv4 Upstream Gatway = FAILGW for under Interfaces: WAN:

Conclusion
I my knowledge of networks I don't get why the above test is not working even when:

• The WAN interface has Auto-detect as GW
• No rule has a Gateway set
• The routing table has the correct default route to 192.168.179.1

Maybe someone can shed a light on this...
Or maybe a Multi-GW + Single WAN config has to be completely different to work.

thx
Soko