Default gateway IPv4 set to a group fails after restart on 2.4.4
We set the default gateway IPv4 to be a group, called WAN_Failover. That group consists of WAN1 Fiber at tier 1 and WAN2 Cable at Tier 2.
After a reboot of the PFSense hardware, the PFSense can see no default gateway by which traffic can be routed, no client have any internet access. We locally can get to the PFSense box and log in without issue. We went to the Diagnostic | Ping page; the PFSense can ping out by WAN1 or by WAN2, but if you set the source address to be Automatically selected (default), PFSense cannot perform a ping test, stating that no route is available. We then go back to System | Routing and change the Default Gateway IPv4 to the WAN1 (fiber circuit), go back to ping out, and can ping via automatic (as WAN is the default). Now the odd part starts, we change the Default Gateway IPv4 back to WAN_Failover and everything works fine - clients get to the internet, ping out automatic works fine - all is fine. After a firewall reboot, no outbound traffic will be passed until we change the Default Gateway IPv4 to WAN and apply - after this traffic is then passed without issue. We now can change the Default Gateway IPv4 back to the gateway group WAN_Failover and all will still work fine.
This is repeatable.
#1 Updated by Travis McMurry 3 months ago
I thought I was going crazy, because I have this same configuration 2 wans (1 cable, 1 4G/LTE) in a gateway group. This caused me to scratch my head a little. I selected the default gateway to be the gateway group and things were fine. I shut down, added an additional CPU core to pfSense to address a different issue (snort), started it back up and saw two things:
1) Your symptoms as reported, verbatim. Go to diagnostics -> routes, there is no default route set on IPv4.
2) However, I noticed IPv6 had a default route.
Only after manually setting wan1 as the default route in routing for IPv4 does the default get set. Changing WAN1 back to the gateway group, everything still works. However a subsequent gateway group failover will pull the default route again and not set it back to the active gateway - which may be a different problem altogether.
I found it strange when things weren't working, that pinging 126.96.36.199 from pfsense's console revealed "no route to host" WHILE pfSense (dpinger) was successfully pinging a different IP from wan1 and reporting no packet loss and nominal latency, yet no internet access. Swapping the DG manually- changing no other setting - made everything work.
If I'm making an incorrect assumption on the behavior of this new feature, I'd like to know what it should be. Documentation is not up to date with the current 4.4 release @ https://www.netgate.com/docs/pfsense/routing/gateway-settings.html.
#2 Updated by Daniele Palumbo 2 months ago
Daniel Williams wrote:
This is repeatable.
+1, i have had the same.
A default gateway can now be a part of a group. In previous pfSense versions default gateway switching didn’t have any particular order, and users didn’t have control over which gateways were picked upon outage. With version 2.4.4, users can specify in a group which gateway to use first, second, third, etc.
Also improved is gateway monitoring. Users can now set the gateway monitoring probe interval to a much higher value. This is very useful with low bandwidth connections such as mobile networks / 3G / 4G.
Was something changed in the backend as well?
#3 Updated by Daniele Sorrenti about 2 months ago
+1. This problem also affects my environment. Default route is not set after restart if default gw is a group gw, and also default route not update after a fail. I need to change manually the default gw to another, and go back to the group gw every time.
#8 Updated by Peter Schovits about 1 month ago
I had the same problem at a customer of mine. He has two WANs, one fiber and one LTE (configured as Backup-WAN - not loadbalancing). He is using pfsense 2.4.4p1.
Using a ssh session i found out, that there was no "default route" (= default gateway) when I checked the routing table with "netstat -r"
What I've done was to add the default route with "route add default xxx.xxx.xxx.xxx" with the package "shellcmd". "xxx.xxx.xxx.xxx" is the ip-address of the gateway, which I've configured as "Tier 1" in the gateway group.
After that the gateway group works as it should!
Hope this helps you too...