Bug #13654
open
Wireguard does not fail back failover WAN setup.
0%
Description
I have this main WAN connection that is quite unstable. So I set up a 4G router on the OPT port on netgate 1100. This port is configured as a tier 2, and is only used if main WAN connection is down. This works great for ordinary traffic, but not for wireguard. Wireguard fails over to OPT-port OK when WAN connection goes down. But not back when WAN connection is up again. I have to disable and then enable the opt port to manually change interface for wireguard.
Wireguard version is 0.1.6_2.
Updated by Frode Martin about 2 years ago
Still has this problem. Are there any progress on this?
Updated by Craig Coonrad about 1 year ago
Tested/confirmed on 4100 hardware, pfSense Plus 23.09.1.
Dual ISP in gateway group with tier 1/2.
Wireguard traffic originated by the local 4100 to single remote endpoint.
Failover from primary to secondary is fast and works fine.
Once tier 1 is back online, WG traffic stays on tier 2.
Updated by
Updated by Andrew Collings 3 months ago
I'm having this issue in 24.11 with 6 different 6100s. It fails over flawlessly but will not fail back. I can go into Status > Services and restart Wireguard which gets everything humming along again but that requires me to actively monitor for connectivity loss. We have several locations with relatively frequent (but short) Comcast outages so we're getting several hundred dollars a month in overages from it getting stuck on cellular.
Updated by Wayne Sherman about 1 month ago
I can confirm this problem also exists with pfsense CE 2.7.2-RELEASE and WireGuard package 0.2.1.
For reference, this issue was originally reported in 2021:
https://redmine.pfsense.org/issues/11630
A similar bug report was closed here:
https://redmine.pfsense.org/issues/12811
After a failover to WAN2, and subsequent failback to WAN1 (i.e. the default gateway switches back to Tier 1), I can manually force Wireguard to use the WAN1 default gateway by:
1) unplug the network cable from WAN2 and re-plug
or
2) restarting the wireguard service
Updated by Andrew Collings about 1 month ago
Any update from the Netgate team on this issue? I just received another bill from AT&T with almost $1100 in data overages because we had a failover event at a branch that I missed.