Page MenuHomeVyOS Platform
Create Task
Maniphest T5647

Extend failover route functionality to use dynamically assigned interface next hops
Open, NormalPublicFEATURE REQUEST
Actions

Assigned To
None
Authored By
JeffWDH
Oct 11 2023, 4:57 PM
Tags
Referenced Files
None
Subscribers
danhusan
giuavo
Harliff
I-n-d-y
JeffWDH
KaydenD
marc_s
View All 13 Subscribers
Tokens
"Like" token, awarded by giuavo."Like" token, awarded by marc_s."Like" token, awarded by KaydenD."Like" token, awarded by Viacheslav.

Description

In my use case I only require a failover (4G) to be used only when the primary connection fails. I am wondering if failover route monitoring could be extended to allow for a more bare bones failover solution. This would require the addition of automatically grabbing the next hop from various interfaces (via DHCP, PPPoE, etc) as it currently only allows for static routes.

Example:

set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description Primary

set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description Secondary

set interfaces ethernet eth2 address 192.168.0.1/24
set interfaces ethernet eth2 description LAN

set firewall group network-group LAN network 192.168.0.0/24

set protocols failover route 0.0.0.0/0 dhcp-interface eth0 check target interface
set protocols failover route 0.0.0.0/0 dhcp-interface eth0 check timeout ‘10’
set protocols failover route 0.0.0.0/0 dhcp-interface eth0 check type ‘icmp’
set protocols failover route 0.0.0.0/0 dhcp-interface eth0 metric ‘1’

set protocols failover route 0.0.0.0/0 dhcp-interface eth1 check target interface
set protocols failover route 0.0.0.0/0 dhcp-interface eth1 check timeout ‘10’
set protocols failover route 0.0.0.0/0 dhcp-interface eth1 check type ‘icmp’
set protocols failover route 0.0.0.0/0 dhcp-interface eth1 metric ‘2’

set nat source rule 100 description ‘SNAT - LAN - Outbound Primary’
set nat source rule 100 outbound-interface ‘eth0’
set nat source rule 100 source group network-group LAN
set nat source rule 100 translation address ‘masquerade’

set nat source rule 101 description ‘SNAT - LAN - Outbound Secondary’
set nat source rule 101 outbound-interface ‘eth1’
set nat source rule 101 source group network-group LAN
set nat source rule 101 translation address ‘masquerade’

The above syntax is just a suggestion and can be modified.

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

JeffWDH created this task.Oct 11 2023, 4:57 PM
pasik subscribed.Oct 11 2023, 5:01 PM
Viacheslav awarded a token.Oct 11 2023, 6:12 PM
Viacheslav updated the task description. (Show Details)Oct 12 2023, 10:54 AM
JeffWDH added a comment.EditedOct 12 2023, 1:53 PM

An additional "nice to have" would be a hook that runs on route state change.
Examples:

set protocols failover route 0.0.0.0/0 next-hop 100.100.100.1 hook '/config/scripts/failover-hook-100.100.100.1'

set protocols failover route 0.0.0.0/0 dhcp-interface eth0 hook '/config/scripts/failover-hook-eth0'

Similar to the WAN load balancing hook, a variable with the state could be passed to the script.

JeffWDH updated the task description. (Show Details)Dec 20 2023, 2:35 PM
Harliff subscribed.Dec 20 2023, 3:56 PM
JeffWDH mentioned this in T5942: Failover Route using DHCP provided gateway.Jan 14 2024, 1:53 PM
Viacheslav triaged this task as Normal priority.Jan 14 2024, 8:13 PM
Viacheslav mentioned this in T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.Feb 16 2024, 4:25 PM
JeffWDH added a comment.Apr 29 2024, 2:24 PM

If this ever becomes a thing, support for directly connected routes (ie. PPPoE) would be great as well.

KaydenD awarded a token.May 7 2024, 11:59 PM
KaydenD subscribed.
masterit subscribed.May 15 2024, 10:38 AM
masterit added a comment.May 15 2024, 11:46 AM

Is there any movement on implementing this? As per T2760 this is the only way to resolve IPsec on dynamic ip's

marc_s awarded a token.Jun 15 2024, 8:44 PM
marc_s subscribed.
marc_s added a comment.Jun 15 2024, 8:49 PM

Forum thread with a nice workaround by giuppo77: https://forum.vyos.io/t/wan-failover-with-dhcp/
Not a generic solution but maybe an inspiration for implementation.

giuavo awarded a token.Jun 16 2024, 5:06 PM
giuavo subscribed.
mhamzahkhan subscribed.Jun 27 2024, 8:22 PM
JeffWDH added a comment.Aug 21 2024, 7:27 PM

Is there any way to incentivize the addition of this?

JeffWDH unsubscribed.Oct 30 2024, 5:11 PM
JeffWDH subscribed.
syncer edited projects, added VyOS Rolling; removed VyOS 1.5 Circinus.Oct 30 2024, 10:55 PM
syncer moved this task from Need Triage to Backlog - Feature Requests on the VyOS Rolling board.
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM
I-n-d-y subscribed.Nov 28 2024, 6:01 AM
danhusan subscribed.Jun 6 2025, 6:14 PM
pratik.g subscribed.Jul 29 2025, 12:22 PM
pasik added a comment.Sep 13 2025, 9:14 AM

Just found my way to this task, and yes, this would be a very useful feature to have with multiple DHCP based wan connections.

JeffWDH added a comment.Oct 21 2025, 2:32 PM

Now that T5942 has been merged, is there any interest in extending it to add PPPoE support? The state change hooks would be nice as well. Thanks!