Dual WAN, DDNS, Wireguard, self hosting issues...

Follow

Putnamj

• January 02, 2022 18:44
• Edited

Afternoon,

First time I am utilizing a Dual WAN setup here and having some weird issues. 

Is there any way to force the DDNS service to utilize a specific interface?  It tends to default to ETH1, which has a higher routing metric, which results in my WireGuard & self-hosted services to become unreachable after a few minutes of uptime.  Or become reachable sporadically.

Is there any way to have the DDNS services take the same interface as the default route?  Some of my services still work if I manually plug in my public IP.

Things I have tried. 

Manually bringing down the secondary link, DDNS takes the ETH0 public IP for a few minutes then swaps back to ETH1.

Setting routes did nothing.

Any ideas?

 

Edit- Kind of working around this with a separate docker that updates my domain, and I modify the wireguard config to connect to that vs the DDNS FWG reports.

0

• 

  Firewalla

  • January 02, 2022 19:15

  When you are using Dual WAN, are you using load balancing or Primary/Standby? 

  0

  Comment actions Permalink
• 

  Putnamj

  • January 02, 2022 20:43

  I have it running in load balancing.  To keep a long story short, the ISP contracted out to the housing units here were tasked to solve a whole home wifi issue.  So, their fix was to drop a 100M fiber modem upstairs and a 100M fiber modem downstairs.  I won't complain since the 2x 100M lines are faster than my old 50M ADSL line.  

  I am setting it to 60/40 (in favor of ETH0), see if that changes anything.

  0

  Comment actions Permalink
• 

  Putnamj

  • January 03, 2022 02:51

  3 AM update, DDNS swapped to ETH1.

  0

  Comment actions Permalink
• 

  CCPK1

  • January 03, 2022 03:12

  I'm seeing similar issues with my load balanced WAN.  Here is what I've done so far:

  1. Feature Request - Limit Wireguard VPN to specific WAN link – Firewalla (Vote up if this would help you)

  2. Feature Request: Dedicated DDNS for Multi-WAN – Firewalla (Vote up if this would help you)

  On the second, there are some example scripts and docker ideas that might allow you to keep you own DDNS updated with the correct link. 

  I have a few ideas about manually configuring wireguard to use my DDNS and just manually setup the forwarding on that individual WAN interface, but haven't gotten around to trying it yet.

  1

  Comment actions Permalink
• 

  Support Team

  • January 03, 2022 05:31

  Thanks for the feedback. We have an upcoming feature in 1.974 to support both 1 and 2 above.

  1

  Comment actions Permalink
• 

  Putnamj

  • January 03, 2022 05:57

  CCPK1, 

  Thanks for linking those two feature request, they will definitely get an upvote from me.  As for the other ideas, I am currently running a docker container to keep my domain updated.  

   

  0

  Comment actions Permalink
• 

  Putnamj

  • January 08, 2022 19:43

  I might have found a fix…. I set a route for the firewalla.org domain, for all LAN devices, interface Ethernet0. The DDNS record has been from modem one for the last couple of days.

  0

  Comment actions Permalink
• 

  Putnamj

  • January 09, 2022 15:17

  Latest update, that seemed to work for me. My record for the last couple of days has been based off of the primary WAN public IP (Ethernet 0).

  0

  Comment actions Permalink
• 

  CCPK1

  • January 11, 2022 04:02

  Thanks for providing the follow up.  I'm curious... if your Ethernet0 gets disconnected, of course your VPN won't work, but are you still able do administration of your Firewalla with that route in place?  Thanks

  0

  Comment actions Permalink
• 

  Putnamj

  • January 11, 2022 16:57

  Well reporting back that it didn’t end up solving the issue.  This morning when I couldn’t connect via WireGuard I saw that the IP reverted back to the second modem.  For the last couple days I guess my timing was super lucky when checking the built in DDNS…. 

  0

  Comment actions Permalink

Please sign in to leave a comment.