PfSense: Failover setup.

Hectic

Hectic

Executive Member
Joined
Sep 15, 2009
Messages
6,269
Reaction score
5
Location
Kirkwood, EC
I did not want to hijack the other thread anymore, so created this one.

This thread refers, post #16.

@DrJohnZoidberg

Put your primary connection as Tier 1 and the backup on Tier 2.

You can then create a group for each WAN connection, eg:

1. Group 1 with Tier 1 on WAN0 and Tier 2 (failover) on WAN1.
2. Group 2 with Tier 1 on WAN1 and Tier 2 (failover) on WAN0.

Then replace the gateways in your firewall rules with the newly created groups.
Click to expand...

I've created 2 groups as you suggested.

I'm not sure about the gateway rules to replace?
Would that be under WAN or under LAN?
If under LAN, would that be each rule I created? If so, assume I would then select "Gateway" and select my Tier 1 connection?

Do I have to change anything with the IPv4 / IPv6 Default allow LAN to any rule?

Should failover occur, would it default back from Tier 2 to Tier 1 if the default connection is restored?

How can I test if failover successfully occurs and successfully reverts back? (Prays that isn't a very stupid question)
 
I've had this thread open in a new tab for a while, just haven't had time to reply. Will explain procedure later when I get home.
 
Thank you.
Whenever it suits you.
It is not urgent.

I'm just great full for any help I get.
:)
 
RoMark said:
I did not want to hijack the other thread anymore, so created this one.

This thread refers, post #16.

@DrJohnZoidberg



I've created 2 groups as you suggested.

I'm not sure about the gateway rules to replace?
Would that be under WAN or under LAN?
If under LAN, would that be each rule I created? If so, assume I would then select "Gateway" and select my Tier 1 connection?

Do I have to change anything with the IPv4 / IPv6 Default allow LAN to any rule?

Should failover occur, would it default back from Tier 2 to Tier 1 if the default connection is restored?

How can I test if failover successfully occurs and successfully reverts back? (Prays that isn't a very stupid question)
Click to expand...

Okay, that suggestion I gave you is totally untested by me but I don't see why it shouldn't work.

Well, lets quickly start at the Gateway Groups, I've created two groups here called ISPA_FAIL2_ISPB and ISPB_FAIL2_ISPA. Those names being pretty self explanatory:

Screenshot%202014-11-12%2021.15.35.png


Now you have already set up firewall rules on your LAN interface for the account switching, these may look something like this:

Screenshot%202014-11-12%2021.23.08.png


Instead of using your PPPoE connections (like WAN_PPPOE and WAN2_PPPOE in this example) we just replace this with our Gateway groups like so:

Screenshot%202014-11-12%2021.25.05.png


Now it will use those groups as the default gateway on your schedule (in theory).
 
Ah okay thank you.
Will do the setup now.

Is there a way I can test the failover. Can just disable Tier 1 connection in Pfsense or is there a better way?
Also, if failover occurs, will it automatically revert back to Tier1 (default?) when the Tier 1 ISP recovers?
 
Last edited:
RoMark said:
Ah okay thank you.
Will do the setup now.

Is there a way I can test the failover.
Also, if failover occurs, will it automatically revert back to Tier1 (default?) when the Tier 1 ISP recovers?
Click to expand...

You just have one DSL line and connecting both ISPs from the same modem? If so then you can try and just disconnect the interface you want to test by going to Status -> Interfaces and disconnect. Not sure if this will work exactly but worth a shot.

If you're using two lines then it's obvious that you just disconnect one of the phone lines :D

Failover may also get tricky if for instance one of the accounts gets capped as you may still be able to reach the gateway which tests if the connection is alive (the apinger service) and therefor the connection will not fail over. If you want to be certain a capped account will fail over then you should probably set an alternative monitor IP (System -> Routing -> Your gateway) to something which won't work when capped (e.g. 8.8.8.8), just remember your quality graphs will be affected by this.
 
I've been testing this before I saw your reply.
It is one line and various ISP's with capped accounts, although only 1 has been setup as a failover.

I used the interface to disconnect and it seems like it is working.

I then reconnected the default WAN and after about 30 seconds it does revert back to the default connection. I checked this by checking the IP on bitfarm page.

I played a video and streamed a radio station and it never stopped.
Seems like a bit of loadbalancing going on.

The Tier 2 connection still shows "Online".
Should it not change to "offline" under Status/Gateways?

Anyways, I'm done for the evening.
Thank you for the help so far.
:)
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X