Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Set gateway group as default gateway
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: Set gateway group as default gateway (Read 17360 times)
nicovell3
Newbie
Posts: 12
Karma: 0
Set gateway group as default gateway
«
on:
February 02, 2018, 09:23:03 am »
Hello,
In a setup with two wan routers and one OPNsense firewall I've configured the two gateways with a gateway group to use the secondary gateway while the first one is down. The problem is that I don't want to configure just one firewall rule with that gateway group, I want the gateway group to be the default gateway for all rules, but there is not such option.
I tried configuring a route for all !RFC1918, but the gateway group does not appear in the gateway list. Which is the most correct and elegant way to set up this?
Thanks in advance
Edit: Wow, I just realized I posted in the wrong section and I don't know how to move the post. Sorry.
«
Last Edit: February 02, 2018, 09:24:44 am by nicovell3
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Set gateway group as default gateway
«
Reply #1 on:
February 02, 2018, 09:27:41 am »
Hi there,
This isn't allowed, but you can turn on Firewall: Settings: Advanced: "Allow default gateway switching".
Which picks a viable default gateway on gateway status changes.
Cheers,
Franco
Logged
nicovell3
Newbie
Posts: 12
Karma: 0
Re: Set gateway group as default gateway
«
Reply #2 on:
February 02, 2018, 09:50:17 am »
Hi Franco,
Thanks for your quick reply. But I see two problems there:
- I have more gateways to let my firewall connect to other networks (like laboratory routers), so I cannot simply rely on the firewall to decide which gateway to use. It can try to route my connections to a gateway which can't reach internet.
- That option you talk about has the following description: "If the link where the default gateway resides fails switch the default gateway to another available one. This feature has been deprecated.". So I thought setting this can't be the correct way.
What do you think?
Thanks for your help.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Set gateway group as default gateway
«
Reply #3 on:
February 02, 2018, 10:00:34 am »
The feature needs work. It would be beneficial to restrict it by gateway group as you said.
So far, we have no master plan for that area, hence the (to some degree unfounded) deprecation.
Cheers,
Franco
Logged
GreG.P.
Newbie
Posts: 16
Karma: 0
The Best of Free or nothing!
Re: Set gateway group as default gateway
«
Reply #4 on:
February 02, 2018, 11:51:14 am »
Hi nicovell3,
Did you have put some static route to reach specific/particular private network (like labotory network) ?
There are also possibilities with firewall policy based routing (need to check if OPNsense permit this feature)
Regards,
Greg
Logged
nicovell3
Newbie
Posts: 12
Karma: 0
Re: Set gateway group as default gateway
«
Reply #5 on:
February 02, 2018, 05:25:57 pm »
Hi Greg,
Yes, I have set up static routes for those private networks. I also set up other routes with policy based routing, but I prefer the firewall to route these networks with global routes to avoid specify multiple times the gateway in my rules, as I'd like to do with the multi-wan thing.
Anyway, I'd have to get those gateways declared to use policy routing, so changing that wouldn't solve my problem...
Regards,
Nico.
Logged
panupong
Newbie
Posts: 3
Karma: 0
Re: Set gateway group as default gateway
«
Reply #6 on:
August 04, 2019, 12:01:27 pm »
Hi my name is jack
In a setup with two wan routers and one OPNsense firewall I've configured the two gateways with a gateway group to use the secondary gateway while the first one is down.
The problem is that I don't want to configure just one firewall rule with that gateway group, I want the gateway group to be the default gateway for all rules, but there is not such option.
I tried configuring a route for all !RFC1918, but the gateway group does not appear in the gateway list.
Which is the most correct and elegant way to set up this?
Thanks in advance
«
Last Edit: August 04, 2019, 03:51:54 pm by AdSchellevis
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Set gateway group as default gateway
«
Reply #7 on:
August 04, 2019, 02:33:07 pm »
If you only need failover and no loadbalancing you don't need to set up a gateway group.
Go to System : Settings : General and set default gateway switching.
Then go to System : Gateways : Single and set your WAN Gateways as "upstream" and give them priorities, like 1 and 2.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
drivera
Jr. Member
Posts: 80
Karma: 0
Re: Set gateway group as default gateway
«
Reply #8 on:
August 04, 2019, 09:52:37 pm »
I'm interested in failover and preference: i.e. use circuit A if it's available, if not then use B, but if A comes back, go back to A.
That doesn't work with "upstream" because opnSense will just choose one, without consideration for preference. At least, that's how it did for me. Perhaps there's another setting that I'm ignoring that helps resolve this?
Cheers!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Set gateway group as default gateway
«
Reply #9 on:
August 05, 2019, 05:55:49 am »
There are now priorities with 19.7, jist try it Out
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
drivera
Jr. Member
Posts: 80
Karma: 0
Re: Set gateway group as default gateway
«
Reply #10 on:
August 22, 2019, 05:01:12 am »
Ok so it didn't quite work.
I just had an outage where the uplink on the primary circuit (priority 1) was effectively dead: the CableModem still had an IP (and as such so did the firewall), but the probe-IP configured (a known point beyond the CM, within the provider's network) was unreachable. The Gateway was even recognized as down.
But the default gateway did not switch to the secondary (priority 2).
Both the primary and secondary individual gateways are the only gateways marked as "upstream". All other gateways are VPNs, and are priority 255 (for obvious reasons - if there's no base circuit, there can be no VPN over them). Gateway switching is indeed enabled in System settings.
I'll run a more controlled test tomorrow/weekend. For now, I'm sad to report that the feature does not appear to be working.
I'm fully updated, btw (OPNsense 19.7.2-amd64, FreeBSD 11.2-RELEASE-p12-HBSD, OpenSSL 1.0.2s 28 May 2019).
Cheers!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Set gateway group as default gateway
«
Reply #11 on:
August 22, 2019, 07:39:55 am »
System : Settings : General, enable default gateway switching
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
drivera
Jr. Member
Posts: 80
Karma: 0
Re: Set gateway group as default gateway
«
Reply #12 on:
August 22, 2019, 02:29:56 pm »
Like I said above, Gateway switching is enabled.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Set gateway group as default gateway
«
Reply #13 on:
August 22, 2019, 04:56:04 pm »
Logs from system.log would be cool
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
drivera
Jr. Member
Posts: 80
Karma: 0
Re: Set gateway group as default gateway
«
Reply #14 on:
August 22, 2019, 05:22:53 pm »
It seems that the default firewall setting has a rather short limit on log size. I'm going to increase it for the future. Also: the log size field processing has a bug - I tried to set the size to 3GB (in bytes = 3,221,225,472), but when I reset the log files, the first log file was already over 100GB when I forcibly rebooted to avoid choking the disk...
I set it to 2GB-1 (2,147,483,647) and that seemed to work just fine.
Annoyingly, I had configured a remote syslog server to capture all these logs but for some reason it stopped listening and wasn't receiving so even that history was boned.
I'll submit logs the next outage I have.
Cheers.
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Set gateway group as default gateway