Mastodawn

Help #pfsense #opnsense #network colleagues! My imagination is failing me.

I have two locations, each with its own special snowflake pfsense and WAN, also joined by a (meagre but reliable) link. These are the things I cannot change.

I have dreamed for years of allowing the locations to fail over between one another seamlessly: if one WAN goes down, limp-along traffic passes over the minimal link and out the other WAN.

Show thread

Kirk Zurell 1d ago

We have failed over manually, in a panic; I have switches between the modems and firewall, so we can be as acrobatic as we like.

What I can't manage is the vision, how to structure two asymmetrical gateways to live in harmony.

Show thread

Kirk Zurell 1d ago

Thanks for any wisdom.

Show thread

Mac 1d ago

@kzurell Create a Gateway Group and use the standard WAN as the default gateway and fail over to the secondary gateway (the link) based on packet loss?

Show thread

Kirk Zurell 1d ago

@macberg That's a good idea and might get me failed over in one direction (which is useful).

I'm suspecting there might be asymmetrical routing issues: GW1 fails, the outbound state via GW2 is on pf1 but the reply via GW2 is processed by pf2.