Bug #14717: A default route can remain after setting the default gateway to None - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #14717

closed

A default route can remain after setting the default gateway to None

Added by yon Liu about 1 year ago. Updated 12 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

Marcos M

Category:

Gateways

Target version:

2.7.1

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

23.09

Release Notes:

Default

Affected Version:

2.7.0

Affected Architecture:

Description

pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i have been setup pfsense system_gateways.php Default gateway IPv6 to none or automatic,
then pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.

This causes all the traffic of frr ipv6 bgp to go to pppoe wan.I hope that when I run ipv6 bgp, don't set the default route to ISP pppoe wan.

Related issues

Related to Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon

Resolved

Viktor Gurov

03/17/2021

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Kris Phillips about 1 year ago

Hello,

Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not understanding what issue you're having. If your IPv6 Default Gateway is set to None, it should never use anything by default and will rely on Policy-Based Routing.

Actions

Copy link

Updated by yon Liu about 1 year ago

Actions

Copy link

Updated by yon Liu about 1 year ago

This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv6 network does not implement RPKI measures. pfsense directly forces the default ipv6 route to be WAN pppoe and cannot be changed. As a result, the wrong IP can still be routed out through WAN pppoe, causing security risks.I want to give users the ability to choose the default route according to the situation.When my frr bgp is running normally, I hope to disable the default route of the WAN port unless setting a static route to specify wan.

Actions

Copy link

Updated by Marcos M about 1 year ago

Project changed from pfSense Plus to pfSense
Category changed from Gateways to Gateways
Affected Plus Version deleted (~~23.05.1~~)

Actions

Copy link

Updated by Marcos M about 1 year ago

Related to Bug #14634: The default gateway icon is not updated when the default gateway is changed to none added

Actions

Copy link

Updated by Marcos M about 1 year ago

It's possible that frr is playing a part here - please try reproducing the issue with frr disabled or removed. For example, a peer may advertise a default route which is added after the normal default route is removed.

Actions

Copy link

Updated by Marcos M about 1 year ago

Status changed from New to Feedback

Actions

Copy link

Updated by Marcos M about 1 year ago

Related to deleted (Bug #14634: The default gateway icon is not updated when the default gateway is changed to none)

Actions

Copy link

Updated by yon Liu about 1 year ago

my frr only has ipv6 bgp sessions, no ipv4 bgp session. frr has no setup ipv4 default gateway

Actions

Copy link

#10

Updated by yon Liu about 1 year ago

frr has no setup ipv6 default gateway.so WAN pppoe auto setup default gateway in pfsense.

Actions

Copy link

#11

Updated by Marcos M about 1 year ago

Subject changed from Always automatically set static default ipv6 to pppoe wan to A default IPv6 route remains after setting the default IPv6 gateway to None
Status changed from Feedback to New

Actions

Copy link

#12

Updated by Kris Phillips about 1 year ago

Tested this without FRR on a stock setup of the latest 23.09 Plus build. When setting Default IPv6 gateway to "none", even after restarting dpinger, there is still a globe next to the IPv6 gateway and under Diagnostics --> Routes there is still a default route under IPv6. Also rebooted the firewall after applying this and both are still present.

Actions

Copy link

#13

Updated by Marcos M about 1 year ago

Subject changed from A default IPv6 route remains after setting the default IPv6 gateway to None to A default route can remain after setting the default gateway to None
Status changed from New to Pull Request Review
Assignee set to Marcos M
Target version set to 2.8.0
Plus Target Version set to 23.09
Affected Version set to 2.7.0

The function which removes the default route specifically checks for the STATIC flag in the default route. When the flag is missing (it's unclear to me why the flag is sometimes missing), the route will not be deleted. The intent is to avoid removing a default route added by a dynamic routing protocol. Hence, instead of checking for the STATIC flag which may not exist, we can specifically check for a PROTO* flag.

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1080

Actions

Copy link

#14