Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kiwisbrown
New Contributor

Created on ‎03-29-2023 07:44 AM Edited on ‎04-04-2023 05:09 AM

Dual-WAN failover to LTE modem issue

Hi! I am currently trying to setup my Opnsense router with an additional WAN (WAN_LTE) interface to get failover in case primary WAN (WAN_1) drops.

From earlier, I have a VPN gateway (WAN_VPN) active as well, for a separate VLAN and wifi, which is set up following this guide .

My hardware is: Router/firewall: ESXi server with Opnsense VM, with 3 interfaces; WAN_1, WAN_2 and LAN. Each interface has its own virtual switch in ESXi, which has a single uplink each (eth0/1/2).

LTE moden: Huawei LTE/4G/wifi router.

WAN_1 is connected to ISP router in bridge mode, giving WAN_1 a public IP.

WAN_2 is connected to a port in LTE modem with dhcp active, giving the WAN_2 interface a private IP of 192.168.2.2, and gateway IP 192.168.2.1.

LAN interface of Opnsense is connected to Unifi devices serving my two wireless networks; Default (no vlan assigned) and VPN (VLAN 30).

VPN VLAN interface has IP 172.16.0.1

I have followed the Multi-WAN failover guide  from Opnsense, and have my WAN_LTE gateway group active, containing both interfaces WAN_1 and 2, and all is OK. VPN work well and all wifi clients are happy.

My headache starts when I test the failover and disconnect my primary WAN by removing the uplink to the virtual switch in ESXi. Opnsense respond as expected and shows the WAN_1 as offline, and WAN_2 active. The VPN goes offline for a short period, and is back online. Clients connected to VPN wifi get aninternet connection.

But clients connected to Default wifi get no internet connection. I can not figure out what I am doing wrong, and firewall logs doesnt show any blocked traffic. So I assume there must be something else.

Do I have to create a static route? Which settings should I check and how to set them? Anything else? I can provide screenshots, but I need to know what to screenshot.

Please help me :)

Edit: Tried a different solution, by moving the failover from Opnsense to ESXi virtual switch: Added the lte connected port as second uplink to the WAN port group, and set it up with failover and priority on uplinks. Switching to lte when I disconnect primary wan, but the WAN_1 interface needs to renew its IP to work, as it jumpa from a public connection to a private IP from the lte router. Would probably solve it self after a while, bit I did a manual release/renew to get the connection active.

But I still would prefer to have the failover to be handled by Opnsense, so a tip to solve my initial issue is mostly appreciated!

 

 

 

film plus apk

Labels:
301
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎04-02-2023 09:54 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
267
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎04-03-2023 10:48 PM

Hello,

 

The solution has been provided in your reddit:

 

https://www.reddit.com/r/opnsense/comments/10szbwn/dualwan_failover_to_lte_modem_issue/

 

Regards,

Anthony-Fortinet Community Team.
250
0 Kudos
gfleming
Staff
Staff

Created on ‎04-05-2023 10:02 PM

This is a Fortinet support forum. Sounds like you are having issues with an Opensense system which we cannot assist you with here.

Cheers,
Graham
233
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.