Dynamic DNS with WAN failover

General questions
,
1

Running VyOS 1.5-rolling-202401250024. I have 2 WAN interfaces, a static IP fibre (eth0) and a dynamic IP LTE (eth1) for failover.

I set up dynamic DNS (Cloudflare) using a web request so that various host addresses will follow whichever interface is being used at the time.

The issue I’m having is that it seems while failover is working correctly for all LAN traffic, VyOS seems to be preferring the failover connection for its own traffic. Running ‘curl api.ipify.org’ returns the IP of the failover connection when both interfaces are active, rather than the primary. At the same time, LAN traffic is being identified as from the primary interface.

I assume that there is an issue with my NAT table, but I don’t understand it enough to debug it. At the moment, the source nat table just contains the below. Thanks!

 rule 101 {
     outbound-interface {
         name eth0
     }
     source {
         address 10.70.0.0/16
     }
     translation {
         address masquerade
     }
 }
 rule 102 {
     outbound-interface {
         name eth1
     }
     source {
         address 10.70.0.0/16
     }
     translation {
         address masquerade
     }
2

It’s probably a bug (at least it looks like)
We need to check the logic, and how it tied or not to wan-loadbalancing
@sarthurdev I think it’s need to be addressed in new implementation of wan-loadbalance

3

Can you post the load balancer/failover config?

4

@sarthurdev sure, thanks

***@vyos# show load-balancing
 wan {
     flush-connections
     interface-health eth0 {
         failure-count 2
         nexthop dhcp
         success-count 2
         test 10 {
             resp-time 2
             target 1.1.1.1
             ttl-limit 1
             type ping
         }
         test 20 {
             resp-time 2
             target 8.8.4.4
             ttl-limit 1
             type ping
         }
     }
     interface-health eth1 {
         failure-count 5
         nexthop dhcp
         success-count 5
         test 10 {
             resp-time 2
             target 8.8.8.8
             ttl-limit 1
             type ping
         }
         test 20 {
             resp-time 2
             target 1.0.0.1
             ttl-limit 1
             type ping
         }
     }
     rule 1 {
         description "Ignore local traffic"
         destination {
             address 10.70.0.0/16
         }
         exclude
         inbound-interface eth+
         protocol all
     }
     rule 100 {
         failover
         inbound-interface eth2
         interface eth0 {
             weight 5
         }
         interface eth1 {
             weight 1
         }
         protocol all
     }
     rule 120 {
         failover
         inbound-interface eth2.20
         interface eth0 {
             weight 5
         }
         interface eth1 {
             weight 1
         }
         protocol all
     }
     rule 130 {
         failover
         inbound-interface eth2.30
         interface eth0 {
             weight 5
         }
         interface eth1 {
             weight 1
         }
         protocol all
     }
     rule 140 {
         failover
         inbound-interface eth2.40
         interface eth0 {
             weight 5
         }
         interface eth1 {
             weight 1
         }
         protocol all
     }
     sticky-connections {
         inbound
     }
 }
5

Seems like there’s no LB logic configured for local generated traffic, than main routing table will be used. Check if default route on LTE interface is “best” (preferred), try altering its distance.

6

Good point.

@SCCFIT try set load-balancing wan enable-local-traffic

7

Ah, I must have missed that in the documentation… I’ve set that and it seems like it is working now, thanks!

8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.