Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
Second WAN but just for some devices
« previous
next »
Print
Pages: [
1
]
Author
Topic: Second WAN but just for some devices (Read 1725 times)
mimizone
Newbie
Posts: 23
Karma: 1
Second WAN but just for some devices
«
on:
April 10, 2023, 07:27:18 pm »
Hello,
I am looking at adding a second WAN connection on our OPNSense router, using 4G LTE.
It is just for emergency use when power is down, to send metrics and alerts for a few minutes to our cloud based alerting system.
I would like this link to be only useable:
- when the main link is down (so failover mode)
- only by some devices on the network (don't want to overload the small uplink with traffic from some devices that are also still running on batteries during an outage).
The failover I believe is straight forward, following the documentation.
For the second requirement, is it just a list of firewall/routing rules or there is more to it?
I've never used 4G LTE as a WAN on a router. Not sure of how static is the gateway/route setup on those.
The plan would come from T-Mobile, AT&T or Verizon in the US.
Thanks for any insights you can share.
Logged
tiermutter
Hero Member
Posts: 1097
Karma: 61
Re: Second WAN but just for some devices
«
Reply #1 on:
April 11, 2023, 12:42:55 am »
What I understand is:
You would like to use WAN always when available by every device, but using LTE as failover only for specified devices?
Unclear what docs exactly you followed, do you use policy based routing (setting default allow to GW group)?
If not: do so, that's the way to go.
Then first create an alias containing MACs or IPs of devices that should never be routed over LTE. Second create a default allow rule, containing the alias as source but WAN as gateway; place it above existing default allow and make sure you have checked "quick" checkbox (default).
Don't forget setting the same for IPv6 if applicable (therefore MAC in alias is so much nicer than IP).
For sure you can do vice versa, creating an alias containing devices that are allowed to use LTE while adding this as source to "default allow; set failover group default GW" and creating a "default allow, set WAN default GW" behind this rule.
Logged
i am not an expert... just trying to help...
mimizone
Newbie
Posts: 23
Karma: 1
Re: Second WAN but just for some devices
«
Reply #2 on:
April 12, 2023, 08:55:08 pm »
thanks for all those details.
I don't use policy routing yet, still have a basic one WAN link.
Thanks for the reminder to consider it.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
Second WAN but just for some devices