Hi all, I just joined the forums and am hoping someone here can help with an advanced configuration that is causing me headaches.
I currently have 2 ISPs connected to my Netgate, which is configured for load balancing and failover. I have purchased a /29 block from ISP1, with one of the addresses assigned to my UDM SE sitting behind the Netgate. On the UDM SE, I’ve got a Talk instance up and running. The problem I’m facing arises when I failover to ISP2. Because I have my UDM SE addressed in the /29 (only using 1 WAN interface), there is no advertised route from ISP2’s network back to my UDM SE’s public IP address. I’ve implemented NAT on my Netgate, which has allowed the majority of traffic to successfully traverse the link. What fails is my whole UniFi Talk setup.
I’ve been playing around with NAT and port forwarding rules, and have been able to get outbound calls to establish, but inbound calls continue to fail. Does anyone know what is needed for inbound calls to work? Current rules attached for review.
Thanks, I hadn’t seen that recipe yet. It does give me some ideas to play with, especially trying out the physical Netgate with a VM as the HA pair.
I’m not currently in a HA configuration, and the /29 I have is on the LAN side of my Netgate. So I don’t think this will work with to route inbound calls.
Thanks, that helped clean up some of my mess. Inbound and outbound calling work if both WANs are up, but inbound fails when AT&T is down. With both up, I have SIP traffic preferring the Failover Gateway (AT&T Tier 1, Comcast Tier 2), instead of the default Load Balancing Gateway (both Tier 1, AT&T Weight 2, Comcast Weight 1).
My theory is that in the failover configuration, traffic from WAN2 going to Comcast works because of the NAT rules, while inbound SIP traffic fails because there is no advertised route to the public IP assigned to the UDM SE WAN port. I’m not sure how to overcome this, unless I can find someone in Comcast that will add the route.
