Hey all,
I’m looking at migrating from pfSense to VyOS and I have a few questions about how multi-WAN and HA work on VyOS.
Has anyone else made this transition? If so, what are your thoughts?
My questions:
- Can HA be configured using just a single public PPPoE or DHCP IPv4 address? On pfSense, the recommended configuration was to have a public /29, and configure each HA peer with a statically-assigned IPv4 address from within that /29 (for outbound access from the peer). A floating VIP would then be used to NAT client connections. Naturally, this wasn’t an ideal solution for home users. Can VyOS handle this use case? And if so, can the backup router still access the internet?
- Do VyOS failover peers need to be running identical hardware? On pfSense / FreeBSD, interface names are based on the driver used to initialise the hardware, so in a HA configuration it wasn’t possible to use a Realtek NIC on one failover peer, and an Intel NIC on another, for example.
- How does multi-WAN failover work in VyOS / Linux? In pfSense, ping and packet loss are the main inputs to the algorithm for detecting a failed link (hard to avoid this). For this to work on low bandwidth links however, reliable QoS needs to be present. Does VyOS network scheduler work well on mixed interface types (e.g. VLAN upon a bridge upon a LAGG)?
- How are client TCP sessions handled on failover / failback? Is it practical to use a 4G link as backup (i.e. will all my data be used up by dangling states after failback?).
Finally, one more unrelated question:
Are there any issues with config corruption when scripting or using the API? For example, if my script happens to update a firewall group 3 times in 1 second, will I risk config corruption?
Thanks very much!
You must log in or register to comment.