Hi,
I have a Netgate 6100, where WAN 1 is my local ISP, and WAN 2 is set to Starlink. Starlink is setup in bypass mode.
I have setup WAN failover so when my local ISP goes out it will use Starlink, but as of recently i’ve been having some issues with this setup. All gateway kill states are set to the default values and have setup a monitor ip for both WAN (local ISP) and WAN2 (Starlink). For each VLAN, under firewall rules, I have explicitly selected the WAN failover group.
When Starlink goes down, which it seems to do frequently, but my local ISP is up and running, i lose all access to the firewall and all local devices. The only thing that brings everything back up is to pull the power plug on the 6100 so that it reboots.
Is anyone else having this issue or anyone able to point me in the right direciton.
To add more info - when WAN 1 fails, then everything does shift to WAN 2, and when WAN 1 is back, everything will start using WAN 1 again - so it all works.
The following are the errors i get in system logs when this happens:
I don’t use the Member Down trigger level. I use the High Packet Loss or High Latency. I think when you set it to member down it is expecting the physical interface to be down. I could be wrong.
I used to use High packet Loss or High Latency, but my Local Internet would fluctuate sometimes and would keep trying to switch when this happens and was causing issues. So I had to put it to Member down.
This did not work. I still lose access to the firewall, and local devices lose ip addresses when WAN2 fails or gets removed from the WAN_Failover gateway group.
On the gateways, what are the monitor ip settings for the starlink ? It should be an external dns server and different to the other wan setting
When you say I lose access to the firewall , please expand. Losing connection on the wan , should not affect local machines just internet access - machines should still be able to access internal lan devices
Are the devices getting the correct ip address from the correct network ?
Hi,
Each WAN has different monitor ips, 1.1.1.1 for WAN1 and 8.8.8.8 for WAN2 (Starlink).
So all devices do get proper IP addresses and are working, but when Starlink goes down (WAN2), something happens where i can’t reach the firewall nor any computers, and appletv home hub becomes unavailable from inside the network (on LAN). At this point i have to restart the firewall to get everything back up.
Interestingly, I can console into the 6100, and i see the normal menu’s and no errors. So it looks like the webui stops working.
As i mentioned previously, my appletv home hub becomes unavailable, and from my computer, i can’t access the pfsense webUI.
Also, when WAN goes down, it comes back up and no issues. I can access everything from inside my network, home hubs stay up and i am able to access the firewall webUI.
Regarding Starlink, i’ve read that Starlink renews the WAN ips every min or so, although they try to give out the same WAN ip. I have also added WAN2 to ignore DHCP leases from 192.168.100.1 which is Dishy’s IP address.
So before resetting Starlink and setting it up via a double nat. I use to have Service Watchdog monitor unbound, but I deleted it form Watchdog - i haven’t had the issue yet.
Is it bad to have Service Watchdog monitor unbound?
So this happened again, but WAN2 went down first and then WAN1 went down. All my devices lost their IP addresses. I know this because i looked at my computer and it had no ip address, and my unifi switches showed no ip address either.
I had to hard reboot the firewall to get things back up.
So I had the issue again, and was able to console into the system. I tried rebooting, and halting the system and it would not do either. Trying to look at logs via console didn’t show anything out of order.
Something weird, when consoled in WAN 2 or ix3, didn’t have an IP address, and since the system would not reboot or halt, it only came back up after i hard restarted it.
I had to physically unplug and replug in the 6100.
I’ve reset starlink and connected the 6100 to the starlink router so will see if this resolves the issue.
Wanted to provide an update. I reset Starlink and have pfsense connect to the router. So now the 6100 is double NAT’d and has a Private IP. It’s been stable and no issues.
I would prefer to use bypass mode, since the starlink router also broadcasts wifi, but its all stable now so will keep it this way for a while.
