Recently added a 4G backup WAN connection to my pfSense FW. I have created a gateway group, setting my primary internet feed as Tier 1 and the 4G backup to Tier 2. I only have the gateway monitoring function enabled on the primary WAN, which appears to be working ok.
For testing I have enabled the clear states on interface down option in advanced settings. I have configured the gateway group trigger to “member down” - and unplugged the network connection from the service providers NTU.
Happy days - the states table is reset, and kapow - all sessions re-establish via the 4G backup. Perfect!
However - upon reconnecting the primary WAN… nothing happens. I can see in the dashboard that it eventually turns green, and the monitor statistics start displaying again, however the default gateway icon doesn’t automagically swap back to the primary. I need to make a change(any change) to either the primary or secondary wan interface, apply the change and THEN the default swaps back.
My question is - how do I enable the automatic restore of the primary wan becoming the default route outbound? Have i missed something in the config somewhere??
Any assistance would be greatly appreciated.
Thanks
Don’t believe Gateway group works as you think, it would need to be triggered to swap back.
If your WAN is always faster than 4G use “Packet Loss or High Latency” as your trigger level, it might also work better if the tiers are the same as you then have some load balancing. However, I’m not sure if the connection is on Tier 2 it will then be triggered to go back to Tier 1 (perhaps the Tiers only go from High to Low). However, you can just test it also.
Have my VPN in a Gateway Group where they are swapping from time to time and they are on the same tier.
From what I could gather in the documentation the group was what I needed, with the 2 Tiers. The “member down” was only used as a test, and since has been changed back to “packet Loss or High Latency”.
As the WAN connection is usually pretty stable I’ll need to wait until my ISP has an outage to test this I guess.
Does the weight of the route listed in the gateway configuration work the same as say a preference in an ISR? What I’m thinking is, if I weight the route I want as the primary as a higher preference, then traffic will always traverse it unless its not available(when it gets pulled down due to monitoring action) at which point the traffic naturally takes the second?
This is only theoretical but there might be a way to trip the trigger to switch back to the WAN. If you set a limit on the 4G which is below the speed of the ISP, then I believe once the WAN comes back up it ought to switch. Though I am not sure what the threshold is. That is the principle for my VPN gateway group.
I was considering that! it seems however that the stability of the 3g/4g in my area is not the best. Even using an external antenna with a 7db gain, the signal still fluxuates alot, and the resultant speed and latency vary alot.
Im yet to test it, but a shell script and a cron job for say every 5 minutes looking at the results of a route command might be the way to go.
Thanks heaps again for you input so far, its got the old grey matter working again
