I’m not quite sure how to explain this but will try.
Per this topic, I’ve got WAN load balancing (failover) set up and happy for all outbound traffic. Interfaces can up/down as they please and everything appears to work properly.
For inbound traffic, VyOS is configured as a wireguard endpoint. Devices are looking for an endpoint url that is tracking the currently active interface using dynamic dns and a TTL of 1min.
Steps to reproduce:
- Set primary WAN down. Wireguard clients connect over backup WAN
- Set primary WAN up. Clients attempt to connect over primary, which fails
- Set backup WAN down. Clients successfully connect over primary
- Set backup WAN up. Clients continue to successfully connect over backup, until next time the cycle starts again with the primary going down
The same symptoms are occuring with clients trying to connect to an internal web server from outside.
I assume there is a config issue with either NAT or possibly sticky connections, but I don’t know where to look or how to debug, any assistance or suggestions welcome.
Thanks