PfSense: Switching ISP accounts automatically on a schedule.

S

slvR

Expert Member
Joined
Jan 10, 2014
Messages
3,502
Reaction score
4
Hello!

I'd like some assistance with my PfSense box regarding switching ISPs automatically at certain times.

Using DrJohns brilliant guide here I have setup the 2 WAN interfaces with their own PPP connections and that works, I just need to be able to automatically have the firewall change routes from one interface to the other on a schedule. Sounds pretty simple and my amazing 10 minutes of Google didn't help too much unfortunately.

Anyone with some experience want to lend a hand or two?

Thanks all,
Mike<3
 
Hey, may as well do a quick guide on this :D

1. First create your schedule by going to Firewall -> Schedules.

Screenshot%202014-07-01%2022.41.31.png


2. In Schedules click on the plus button (+) to add a new schedule (ignore my schedules for now).

Screenshot%202014-07-01%2022.42.47.png


3. Give your schedule a name (no spaces or special characters) and optional description. To select an entire day, click on the day headings (i.e. Mon, Tue, etc) on the calendar widget then select the times. For this example I am making after hours run from Mon -> Fri 6pm to 9am the next day and weekends. We will need to create 3 separate time ranges, here is the first one:

Screenshot%202014-07-01%2022.44.05.png


So basically you get the picture, in the end you should have 3 ranges that look like this:

Screenshot%202014-07-01%2022.45.42.png


4. Save your schedule then navigate to Firewall -> Rules and select your correct tab for your LAN (internal) network. Click the plus sign (+) to add a new rule, depending on what other rules you have setup please make sure you have it in the right sequence (i.e. if you want other rules processed first make sure this new rule is last).

5. Change Protocol to "any" and set an optional description.

Screenshot%202014-07-01%2022.47.46.png


6. Scroll down and set Schedule to your newly created schedule and under Gateway select the WAN connection you want to route traffic through for this schedule and the click Save.

Screenshot%202014-07-01%2022.48.24.png


7. Apply the rules on the firewall and repeat above steps for different schedules.

You will now see a little icon which shows you if the schedule is active on your firewall rule list. The schedule function is really flexible and you can do a lot more with it than just schedule different connections, for instance here I have schedule only NNTP traffic to go run over a specific connection during office hours:

Screenshot%202014-07-01%2023.05.08.png
 
Just attempted to redo this config again, and I see it did not start routing traffic automatically.
Just to clarify, all I have to add is the schedule and add it to the LAN rules list along with the WAN2 Gateway?

It says "Traffic matching this rule is currently allowed" which means the schedule works, but it's just not routing correctly. Do I need to add a deny rule for WAN1 during this time?

Thanks<3
 
Woodlands said:
/snip
Click to expand...

Update on this, noticing while services see the WAN1 IP, all traffic is actually being passed through WAN2 as per the usage graph. Is this normal and will it not have effects on how the ISP sees capped usage?
 
Woodlands said:
Update on this, noticing while services see the WAN1 IP, all traffic is actually being passed through WAN2 as per the usage graph. Is this normal and will it not have effects on how the ISP sees capped usage?
Click to expand...

What does your firewall rule look like? Sounds like something is maybe misconfigured.
 
DrJohnZoidberg said:
What does your firewall rule look like? Sounds like something is maybe misconfigured.
Click to expand...







Okay so after letting it do its thing I found the problem. Once the schedule rule activates at midnight traffic starts to pass through WAN2, but not all of it. It's like it splits the traffic to both WAN interfaces, which is obviously not what it should.


This is what the schedule looks like;
f4b8340074.jpg
dc463f392e.jpg

The Rule looks like;
be4c6d9b79.jpg
b9479b27a3.jpg
9a0d252f08.jpg


Anything that looks like it shouldn't be there or have I missed something? I only added 1 schedule because I want this to run everyday from midnight to 7am.
 
Woodlands said:
Okay so after letting it do its thing I found the problem. Once the schedule rule activates at midnight traffic starts to pass through WAN2, but not all of it. It's like it splits the traffic to both WAN interfaces, which is obviously not what it should.



Anything that looks like it shouldn't be there or have I missed something? I only added 1 schedule because I want this to run everyday from midnight to 7am.
Click to expand...

Doesn't look like anything should be causing an issue with the schedule.

When you say some traffic, is it specific types of traffic not going through the correct interface?
 
DrJohnZoidberg said:
Doesn't look like anything should be causing an issue with the schedule.

When you say some traffic, is it specific types of traffic not going through the correct interface?
Click to expand...

Let's use this as an example.
At 2am last night I made sure the rule was active, which it was, so I tried a speed test. I left the traffic graphs open so I could monitor it and saw the Speedtest page show my WAN1 external IP, I ran the test anyway and saw that 7.9Mbs came from WAN2 but 1.3Mbs came from WAN1.

I then fired up a torrent and saw around 5.6Mbs going through WAN1 and about 3Mbs through WAN2

Then this morning at 10am I checked again and saw the rule was now, as expected, turned off. I then redid the tests and no traffic ran through WAN2 at all, which is what I wanted.

So the only problem is WAN1 being used alongside WAN2 at night, like pfsense is load balancing, which it should not since no load balance is configured. It's a basic fresh install with some basic packages.
 
Woodlands said:
Let's use this as an example.
At 2am last night I made sure the rule was active, which it was, so I tried a speed test. I left the traffic graphs open so I could monitor it and saw the Speedtest page show my WAN1 external IP, I ran the test anyway and saw that 7.9Mbs came from WAN2 but 1.3Mbs came from WAN1.

I then fired up a torrent and saw around 5.6Mbs going through WAN1 and about 3Mbs through WAN2

Then this morning at 10am I checked again and saw the rule was now, as expected, turned off. I then redid the tests and no traffic ran through WAN2 at all, which is what I wanted.

So the only problem is WAN1 being used alongside WAN2 at night, like pfsense is load balancing, which it should not since no load balance is configured. It's a basic fresh install with some basic packages.
Click to expand...

That is strange.

Maybe try setting the source on your firewall rule to LAN net. Shouldn't be that but worth a try. I've had plenty of rules set up before and never seen this problem.
 
I have just played with this and it really does work well.
I downloaded a driver, using a download manager, but setting it up that it changed from ISP A to ISP B during the download.

When the ISP switch over happened, the download stopped, but did not die.
The download speed just showed "0 kB/s"
After about 90 seconds the download proceeded and completed successfully, using the newly connected ISP.

I also had my regional radio streaming the whole time.
It never skipped a beat during the transition and kept on playing.

Very nice function and thank you for the write up.

Apologies for the bit of off topic, but what would happen if the default WAN connection died for some reason?
Would the internet die totally and connect to another ISP only if the scheduler allows for connection?
 
RoMark said:
Apologies for the bit of off topic, but what would happen if the default WAN connection died for some reason?
Would the internet die totally and connect to another ISP only if the scheduler allows for connection?
Click to expand...

Set up gateway groups.

System -> Routing -> Groups

Screenshot%202014-10-16%2013.23.49.png


Put your primary connection as Tier 1 and the backup on Tier 2.

You can then create a group for each WAN connection, eg:

1. Group 1 with Tier 1 on WAN0 and Tier 2 (failover) on WAN1.
2. Group 2 with Tier 1 on WAN1 and Tier 2 (failover) on WAN0.

Then replace the gateways in your firewall rules with the newly created groups.
 
RoMark said:
Thank you very much for all the feedback and help.

:)
Click to expand...

No problem. pfSense is awesome :)

You can also use the above groups for load balancing, if you have multiple ADSL lines (or just want to load balance over separate PPPoE connections) then just put all the connections on Tier 1.
 
DrJohnZoidberg said:
No problem. pfSense is awesome :)

You can also use the above groups for load balancing, if you have multiple ADSL lines (or just want to load balance over separate PPPoE connections) then just put all the connections on Tier 1.
Click to expand...
Don't think I will use the function at this stage.

I think I will only need two more functions.

The one is the QoS and the other is to choose between Squid and something else.
I can't recall the name now, but think it is Dark angel or something like that. Not sure which one to go for, but the Dark angel looks interesting.

Edit:
Dansguardian, not Dark Angel
:D
 
Last edited:
Woodlands said:
Let's use this as an example.
At 2am last night I made sure the rule was active, which it was, so I tried a speed test. I left the traffic graphs open so I could monitor it and saw the Speedtest page show my WAN1 external IP, I ran the test anyway and saw that 7.9Mbs came from WAN2 but 1.3Mbs came from WAN1.

I then fired up a torrent and saw around 5.6Mbs going through WAN1 and about 3Mbs through WAN2

Then this morning at 10am I checked again and saw the rule was now, as expected, turned off. I then redid the tests and no traffic ran through WAN2 at all, which is what I wanted.

So the only problem is WAN1 being used alongside WAN2 at night, like pfsense is load balancing, which it should not since no load balance is configured. It's a basic fresh install with some basic packages.
Click to expand...
How did you solve this?

Edit:
Okay it seems that I was busy with a driver download and the change over did not go as smooth as I hoped.
Once the download completed, it worked properly.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X