Multi WAN

[Julien]

Dear All,
i have posted many times about multi WAN and no one have ever helped me.
i have configured the Multi WAN as following https://docs.opnsense.org/manual/how-tos/multiwan.html
internet does works, every time when the WAN1 or WAN2 down goes we have to reboot the firewall in order it will swap the Gateways.
Can someone please advise here why is this happening and what I am missing in the configurations ?

[Julien]

Extra Notices,
what I have noticed is we have a Group NICS Productions with VLAN10-11-12-13 and the LAN 192.168.1.1 where the VLANS are nested.
would this be the issue with Multi WAN ?
Can someone now please provide advice ?

[mimugmail]

Please provide:

- Number of WAN uplinks
- Type of WAN uplinks (pppoe, static, dhcp)
- Gateway monitoring active on WAN?
- Gateway switching enabled/disabled
- Sticky connections enabled/disabled
- LAN setup (Vlan, LAGG, Trunk, plain interface)
- Tiering and GW Groups
- LAN access to GUI possible or why reboot required
- system.log when switchover occurs

[Julien]

Please provide:

- Number of WAN uplinks
- Type of WAN uplinks (pppoe, static, dhcp)
- Gateway monitoring active on WAN?
- Gateway switching enabled/disabled
- Sticky connections enabled/disabled
- LAN setup (Vlan, LAGG, Trunk, plain interface)
- Tiering and GW Groups
- LAN access to GUI possible or why reboot required
- system.log when switchover occurs

Dear mimugmail.
please kindely see the below for your answers.

- Number of WAN uplinks.   2 UP WAN
- Type of WAN uplinks (pppoe, static, dhcp) STATICS
- Gateway monitoring active on WAN?  yes on both WANS I have, if you mean with active I have entire 8.8.8.8 on the monitor ip
- Gateway switching enabled/disabled , where can find this option ?
- Sticky connections enabled/disabled, yes sticky connection is enabled under firewall, settings ,advanced
- LAN setup (Vlan, LAGG, Trunk, plain interface). yes we have LAN and VLAN 10.12.13.14 are on a production.
- Tiering and GW Groups. yes I have a group WAN , trigger level " Member Down "
- LAN access to GUI possible or why reboot required, I can access the LAN and everything and even I can ping 8.8.8.8 and not www.google.com however the dns rule is already applied on the LAN side. I don't know why reboot is required too, is the only options to get the internet back
- system.log when switchover occurs, on the log it doesn't shows anything about the gateways or swathing, the only think I can see is the log in successfully to the admin which is the last time I logged in using the web interface

a big thank you for your support

[Julien]

 In system, settings, general:
Prefer IPv4 over IPv6=checked
Gateway switching =unchecked


I hope someone can help with this issue, I never got Multi WAN working.

[mimugmail]

Firewall - Settings - Advanced

There's gw switching (please enable) and Sticky connections (please enable).

Have you gw monitoring for both gateways 8.8.8.8 or each gateway a different IP?

Do you use as DNS server the IPs you monitor?

[Julien]

Firewall - Settings - Advanced

There's gw switching (please enable) and Sticky connections (please enable).

Have you gw monitoring for both gateways 8.8.8.8 or each gateway a different IP?

Do you use as DNS server the IPs you monitor?

Thank you for your answer,
both WAN has different Monitoring IP. one uses 8.8.8.8 and other 8.8.4.4
yes both IP has own DNS server, or you do mean something else ?
see below screenshots how they are not.
thank you for your continue support.

[mimugmail]

Ok, and with this setup when one interface/WAN goes down you can ping external IP addresses but no dns resolution. Only way to fix this is reboot, correct?

[Julien]

Ok, and with this setup when one interface/WAN goes down you can ping external IP addresses but no dns resolution. Only way to fix this is reboot, correct?

correct Sir,
its the only reason to get internet back online.
when we use on the any to any rules the gateway group, the internet does not works.
it works only when we use any to any with default gateway on the LAN rule to get the internet working.

Can you please explain why ?

[Julien]

i noticed when we use on the LAN the WANgroup as default gateway the internet does not works in the VLANS
it does works only when we have to use the any to any with default gateway. see screenshots.
thank you so much

[NilsS]

why dont you use your DNS Servers as Monitoring IPs, are they also still pingable beside the 8.8.x.x

I see you use the local DNS Resolver/Forwarder ... any more infos on that? unbound?
is Systen -> Settings -> General:  Do not use the DNS Forwarder/Resolver as a DNS server for the firewall  set?

Is the name resolution not working on the LAN/VLANs or also not working on OPNsense itself?

Does reseting states (Firewall -> Diagnostics -> States Reset) work? instead of reboot

[Julien]

why dont you use your DNS Servers as Monitoring IPs, are they also still pingable beside the 8.8.x.x

I see you use the local DNS Resolver/Forwarder ... any more infos on that? unbound?
is Systen -> Settings -> General:  Do not use the DNS Forwarder/Resolver as a DNS server for the firewall  set?

Is the name resolution not working on the LAN/VLANs or also not working on OPNsense itself?

Does reseting states (Firewall -> Diagnostics -> States Reset) work? instead of reboot

Dear Niels,
Do you mean use our ISP DNS servers instead of using google DNS?
Systen -> Settings -> General:  Do not use the DNS Forwarder/Resolver as a DNS server for the firewall is not selected ( seee screenshot), do i have to enable this options ?
on the Pfsense i can resolve google.com i can ping google.com but the computers not.

internaly we have a active directory which is using the firewall ip of the vlans and lan 10.10.10.1/10.10.20.1/10.10.30.1/192.168.1.1 as forwared

thank you