Gateway / Firewall for Failover and LoadBalancing

[LL0rd]

Hi,

can someone help me out? I have 3 WAN Connections. 1x Cable with 100 MBit/s and 2x 5G with 400 MBit/s. The problem is, that the 5G Connections are limited to about 100GB a Day and then they are rate limited to a 64 kb/s.

Currently I'm using OPNSense, but it has some problems. For example to detect a connection, that is down. OPNSense is using Ping for monitoring. But the ping is still able to be sent out with the rate limit. So a rate limited Interface isn't detected properly. And there is no way to set a Traffic limit to 100GB for an Interface to take the interface manually down, if the limit is reached.

I think VyOS and a Firewall based on VyOS (Ubnt EdgeRouter) has the ability to set custom monitoring scripts. But my problem with VyOS is the missing GUI. That makes it dificult to use it. For example to set up a static DHCP Record for a static IP Address. And also firewall features like Zenarmor are missing. And even for VyOS I will have to write some custom monitoring Script. That kinda sucks.

So does anyone here have a solution? Even with a paid firewall / subscription / whatever?

 

[DavidWJohnston]

I can think of a bit of a hacky way of doing it for free, if you're tech-savvy, it's not exactly a solution but maybe a workaround.

You could create a VM or docker container that tests the speed of all your WANs by downloading tiny bits of data periodically in a loop or cron job and watches for the speed drop on each gateway.

This VM/container will have 3 IPs that you can use as the gateway monitoring IPs in OPNSense. You can then have your script take the appropriate interface down when the speed drops to simulate that gateway being down, as it will break ping to that IP.

There might even be a way to do it all in a script inside OPNSense without using a separate VM/container.