I have been running pfSense 22.05 with a 1000/100 Mbps cable connection as WAN. This cable connection have served me well for past 2-3 years and I have had no issues stability, latency or packet loss.
I now have a new fiber connection (1000/1000 Mbps) and decided to configured pfSense with dual WAN in a failover configuration.
I have configured the fiber as the primary connection and the cable as failover. Both WAN connections have been setup with dpinger gateway monitoring and different monitoring adresses (1.1.1.1 and 8.8.8.8). I have also configured the gateways and gateway groups (Tier1/Tier2). Everything is setup according to Toms instruction video: https://www.youtube.com/watch?v=O0e13_q-ImY&t=2s.
The setup works fine and so does the failover. However… the secondary WAN (cable), which is the failover, loses connection approximatly every 2 hours, and is down for 1 hours + 10 minutes. There are no issues with the primary (fiber) WAN.
I have checked the configuration over and over again, and I just can’t figure out what is going on. I have tried rebooting the firewall, changing the monitoring IP addresses etc. However, nothing helps. I am stting to wonder if there is some issue with my hardware. I am on a Hunsen NUC with 2.5 GB Intel NICs.
I have tried using the ISP gateway for monitoring, which worked well when WAN2 was my only WAN. However this makes no difference. I am starting to get the feeling that its is my ISP that is periodically closing the connection due to the traffic pattern?
I am a bit in doubt on how to configure the Default Gateway IPv4 under System/Routing/Gateways? Should that be set to “Automatic” or to the failover gateway group? Also, should I set the Gateway (Advanced settings) in the LAN rules to “Default” or to the failover gateway group?
Under “System → Routing” you set the Default gateway IPv4 to be the fail over group you created. Also, might be the ISP, connect some other non-pfsense device to that connection and setup monitoring.
Tried to switch the Tiers around, so that WAN2 is Tier 1 and the fiber is Tier 2. In this configuration with the traffic going through WAN2 there is no periodic disruption of WAN2. Seems that WAN2 (Cable) does not like to run idle. I am wondering if there is some strange rule on the ISP side that drops the connection periodically under near idle conditions.
You can change the priority to the troubled connection so it will be primary and see if it drop the connection. Also wonder if the troubled connection is trying to renegotiate the link speed which is kicking out the connection like clockwork. I haven’t done any googling on statically setting the link speed but might be something to look into? Maybe check the firewall logs to see if there are errors on the port flap.
Changing the priority solves the problem, but I would prefer to have the fiber WAN connection as priority 1 (Tier 1). I have tried setting the link speed manually to 1000Base-T but that does not help. I have also tried to allocate some of the traffic (by FW rules) to the cable WAN but that also makes no difference. It seems that the cable WAN is doing these drops whenever its not the default gateway.
Turned out that the 1-hour periodic drops (packet loss) was caused by dpinger. Setting the “Monitor IP” to the IP address of the cable modem, or enabeling the option “Disable Gateway Monitoring Action” solved the problem.
I wonder what it is that causes the packet loss when dpinger is monitoring an external IP (e.g. 1.0.0.1), and why this was not a problem when I was running only with the cable modem as WAN.
It seems that the “Disable Gateway Monitoring Action” did not work. The cable connection simply does nok like that dpinger is continously pinging something on the outside of the modem. Maybe its does to the only traffic being the pings from dpinger?
