Bug #2495
pfsense doesn't seem to know what its WAN IP is
| Status: | New | Start date: | 06/14/2012 | ||
|---|---|---|---|---|---|
| Priority: | Normal | Due date: | |||
| Assignee: |  Renato Botelho |
% Done: | 50% |
||
| Category: | Interfaces | ||||
| Target version: | 2.1 | ||||
| Affected version: | 2.1 | Affected Architecture: |
Description
Having upgraded from stable to 2.1-BETA0 (i386) (built on Mon Jun 11 03:04:03 EDT 2012), a strange issue has occurred. The WAN interface IP is configured as 31.24.0.195/26 and there's 3 IP aliases to this interface:
31.24.0.198/32
31.24.0.196/32
31.24.0.200/32
pfsense thinks the WAN interface IP is 31.24.0.196. This shows in a few different ways:
- The IPSec Local IP is 31.24.0.196 - this causes ipsec to break.
- None of the firewall rules permitting access to "WAN address" work - rather they allow access to 31.24.0.196 instead
- I cannot edit the 31.24.0.196 IP alias as it says an alias cannot be the WAN address
Interestingly, changing the WAN IP subnet from /26 to /25 fixes this issue and pfsense correctly identifies its WAN IP. This is what I have put in place, presently, pending a better fix.
History
#1
Updated by Corey Quinn 12 months ago
I can confirm this; OpenVPN is binding to a random IP that's IP Aliased.
#2
Updated by Renato Botelho 6 months ago
- Status changed from New to Feedback
- Assignee set to Renato Botelho
I couldn't reproduce it on recent 2.1-BETA1 snapshot. Could you please confirm if it's still happening?
#3
Updated by Phil Lavin 6 months ago
It's a production router - I'll try to update when most of the populous have gone home and I'll let you know.
Phil
#4
Updated by Jim P 6 months ago
In the meantime, please show the output of:
ifconfig -a
Feel free to mask the IPs if you like, but leave enough to identify which is the "correct" IP and which are the IP aliases.
#5
Updated by Phil Lavin 6 months ago
[2.1-BETA0][root@prop-router-rugby.local]/root(1): ifconfig -a
msk0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:95
media: Ethernet autoselect
msk1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:94
media: Ethernet autoselect
msk2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:93
media: Ethernet autoselect
msk3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:92
media: Ethernet autoselect
sk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80008<VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:91
inet6 fe80::290:7fff:fe3f:cd91%sk0 prefixlen 64 scopeid 0xa
inet 31.24.0.201 netmask 0xffffffc0 broadcast 31.24.0.255
inet 31.24.0.202 netmask 0xffffffff broadcast 31.24.0.202
inet 31.24.0.195 netmask 0xffffff80 broadcast 31.24.0.255
inet 31.24.0.198 netmask 0xffffffc0 broadcast 31.24.0.255
inet6 2a02:b90:7004::1 prefixlen 50
inet 31.24.0.196 netmask 0xffffffc0 broadcast 31.24.0.255
inet 31.24.0.200 netmask 0xffffffc0 broadcast 31.24.0.255
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
sk1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80009<RXCSUM,VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:90
inet6 fe80::290:7fff:fe3f:cd90%sk1 prefixlen 64 scopeid 0xb
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
sk2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80009<RXCSUM,VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:8f
inet6 fe80::290:7fff:fe3f:cd8f%sk2 prefixlen 64 scopeid 0xc
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
sk3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80009<RXCSUM,VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd8e%sk3 prefixlen 64 scopeid 0xd
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (none)
status: no carrier
pflog0: flags=100<PROMISC> metric 0 mtu 33200
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0xf
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
sk1_vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:90
inet6 fe80::290:7fff:fe3f:cd95%sk1_vlan1 prefixlen 64 scopeid 0x12
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2a02:b90:7004:4000:: prefixlen 50
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 1 vlanpcp: 0 parent interface: sk1
sk1_vlan4: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,IPFW_FILTER> metric 0 mtu 1500
ether 00:90:7f:3f:cd:90
inet6 fe80::290:7fff:fe3f:cd95%sk1_vlan4 prefixlen 64 scopeid 0x13
inet 10.20.0.1 netmask 0xffffff00 broadcast 10.20.0.255
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 4 vlanpcp: 0 parent interface: sk1
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:0f:75:e7:bc:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: sk2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 12 priority 128 path cost 55
member: sk0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 55
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
sk3_vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd95%sk3_vlan100 prefixlen 64 scopeid 0x28
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (none)
status: no carrier
vlan: 100 vlanpcp: 0 parent interface: sk3
sk3_vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd95%sk3_vlan10 prefixlen 64 scopeid 0x14
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (none)
status: no carrier
vlan: 10 vlanpcp: 0 parent interface: sk3
sk3_vlan5: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,IPFW_FILTER> metric 0 mtu 1500
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd95%sk3_vlan5 prefixlen 64 scopeid 0x27
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (none)
status: no carrier
vlan: 5 vlanpcp: 0 parent interface: sk3
pptpd0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet6 fe80::290:7fff:fe3f:cd95%pptpd0 prefixlen 64 scopeid 0x16
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
pptpd1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd5: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd6: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd7: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd8: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd9: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd10: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd11: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd12: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd13: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd14: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd15: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
[2.1-BETA0][root@prop-router-rugby.local]/root(2):
#6
Updated by Phil Lavin 6 months ago
Note the above is with a subnet of /25. Seems most people have pissed off home - I'll run the update now and let you know in an hour or so.
Let me know if there's any more debug you want post-update.
Phil
#7
Updated by Jim P 6 months ago
ok, check the ifconfig output again after the upgrade.
Somehow the IPs are ending up on the interface in the wrong order. Normally the actual interface IP is at the top of the list, and the aliases are below. Even if you could end up this way through some combination of adding/deleting/changing IPs and aliases, a normal reboot should have cleared it up.
#8
Updated by Phil Lavin 6 months ago
All is well with a /26 subnet now. Definitely rebooted it a bunch of times since reporting this bug both for upgrades to the latest snapshot and regular power cycles etc.
Issue started on upgrade from stable to 2.1-BETA0 so I guess the issue has been fixed - deliberately or otherwise :)
Thanks
[2.1-BETA1][root@prop-router-rugby.local]/root(1): ifconfig -a
msk0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:95
media: Ethernet autoselect
msk1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:94
media: Ethernet autoselect
msk2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:93
media: Ethernet autoselect
msk3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 00:90:7f:3f:cd:92
media: Ethernet autoselect
sk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80008<VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:91
inet6 fe80::290:7fff:fe3f:cd91%sk0 prefixlen 64 scopeid 0xa
inet 31.24.0.195 netmask 0xffffffc0 broadcast 31.24.0.255
inet6 2a02:b90:7004::1 prefixlen 50
inet 31.24.0.198 netmask 0xffffffc0 broadcast 31.24.0.255
inet 31.24.0.196 netmask 0xffffffc0 broadcast 31.24.0.255
inet 31.24.0.200 netmask 0xffffffc0 broadcast 31.24.0.255
inet 31.24.0.201 netmask 0xffffffc0 broadcast 31.24.0.255
inet 31.24.0.202 netmask 0xffffffff broadcast 31.24.0.202
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
sk1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80009<RXCSUM,VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:90
inet6 fe80::290:7fff:fe3f:cd90%sk1 prefixlen 64 scopeid 0xb
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
sk2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80009<RXCSUM,VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:8f
inet6 fe80::290:7fff:fe3f:cd8f%sk2 prefixlen 64 scopeid 0xc
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
sk3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80009<RXCSUM,VLAN_MTU,LINKSTATE>
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd8e%sk3 prefixlen 64 scopeid 0xd
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
pflog0: flags=100<PROMISC> metric 0 mtu 33200
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x11
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
sk1_vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:90
inet6 fe80::290:7fff:fe3f:cd95%sk1_vlan1 prefixlen 64 scopeid 0x12
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2a02:b90:7004:4000:: prefixlen 50
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 1 vlanpcp: 0 parent interface: sk1
sk1_vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:90
inet6 fe80::290:7fff:fe3f:cd95%sk1_vlan4 prefixlen 64 scopeid 0x13
inet 10.20.0.1 netmask 0xffffff00 broadcast 10.20.0.255
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 4 vlanpcp: 0 parent interface: sk1
sk3_vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd95%sk3_vlan10 prefixlen 64 scopeid 0x14
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (none)
status: no carrier
vlan: 10 vlanpcp: 0 parent interface: sk3
sk3_vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd95%sk3_vlan5 prefixlen 64 scopeid 0x15
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (none)
status: no carrier
vlan: 5 vlanpcp: 0 parent interface: sk3
sk3_vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:90:7f:3f:cd:8e
inet6 fe80::290:7fff:fe3f:cd95%sk3_vlan100 prefixlen 64 scopeid 0x16
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (none)
status: no carrier
vlan: 100 vlanpcp: 0 parent interface: sk3
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:81:2a:c6:f7:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: sk2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 12 priority 128 path cost 55
member: sk0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 55
pptpd0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
pptpd3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd5: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd6: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd7: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd8: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd9: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd10: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd11: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd12: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd13: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd14: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
pptpd15: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
[2.1-BETA1][root@prop-router-rugby.local]/root(2):
#9
Updated by Renato Botelho 6 months ago
- Status changed from Feedback to Closed
Submitter reported problem is not happening on recent snapshots. Closing it.
#10
Updated by Renato Botelho 5 months ago
- Status changed from Closed to New
Reopen it since I could reproduce locally
#11
Updated by Renato Botelho 5 months ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Alias address are being set before main address when IPv6 is set to Track, it is fixed now.
#12
Updated by Christoph Filnkößl 3 months ago
Jim guided me here - I have got a similar problem on the recent 2.1-snapshot (March 7th).
Details are already described here: #2647
Short abstract:
We have to use DHCP for our static public IP. Additional virtual IPs are static.
When dhclient runs, IPs get mixed up and pfSense discovers a virtual IP as its WAN IP.
(normal public IP is at the end when using ifconfig, possible error in dhclient?)
#13
Updated by Renato Botelho 3 months ago
- Status changed from Resolved to New
- % Done changed from 100 to 50
#14
Updated by Christoph Filnkößl about 1 month ago
Is this bug currently being worked on?
Is there any way to help fixing the bug?