Project

General

Profile

Actions

Regression #11433

closed

Gateways with "Use non-local gateway" set are not added to routing table

Added by Daniel Berteaud 7 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Gateways
Target version:
Start date:
02/17/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

I'm using a non-local gateway as my default gateway (ticking the "Use non-local gateway through interface specific route" on the gateway advanced settings)
After upgrading from 2.4.5_p1 to 2.5.0, no default gateway is added on boot. I have to manually add it back with

route add x.x.x.x/32 -iface vtnet0
route add default x.x.x.x


Files

gateway_pfs_2_5_0_boot.png (114 KB) gateway_pfs_2_5_0_boot.png Daniel Berteaud, 02/17/2021 11:54 AM
pfsa-1.JPG (374 KB) pfsa-1.JPG 2.4.5 staic IPv4, out of network gateway address - working M Felden, 02/18/2021 07:05 AM
pfsb-1.JPG (266 KB) pfsb-1.JPG 2.4.5 out of network gateway address - working M Felden, 02/18/2021 07:05 AM
pfsc-1.JPG (108 KB) pfsc-1.JPG Post upgrade to 2.5.0 - instance offline, no default route / GW M Felden, 02/18/2021 07:16 AM
Actions #1

Updated by Jim Pingle 7 months ago

  • Tracker changed from Bug to Regression
  • Target version set to CE-Next

Do you see any errors in the console output while it boots when that happens?

There were numerous changes to gateway handling on 2.5.0 but I'm not aware of anything that would have specifically broken this. It's not very widely used, however, so if the required syntax changed in some way it may have not been updated since nobody complained when using development snapshots.

Actions #2

Updated by Daniel Berteaud 7 months ago

Attached is a screenshot of my VM during boot. Not sure if it's a symptom or a consequence of the default route missing

Actions #3

Updated by M Felden 7 months ago

I can replicate this!

I was about to respond that this "works for me" because I have a pfSense demo VPS with a cloud provider who gives an IPv4 gateway of 172.31.1.1 when the public IP address is in a totally different subnet. I upgraded this to 2.5.0 today and have had no issues. Then I realized that this instance has WAN set to DHCP4. Perhaps the original report is all static.

Trying to replicate this issue I proceeded to spin up a new instance of 2.4.5 and set a static IPv4 of 95.217.5.253/32 (no need to censor this, its a throwaway) and the gateway as 172.31.1.1 with the option "Use non-local gateway through interface specific route" as reported by Daniel B.

Confirmed it worked in 2.4.5. Rebooted. Still good. Upgraded to 2.5.0-Release and rebooted: No gateway. Instance unreachable as described by the original report. netstat -r shows now IPv4 default route - see attached pfsc-1.JPG

Actions #4

Updated by Daniel Berteaud 7 months ago

Indeed, forgot to mention I'm assigning a static /32 IPv4 on my WAN interface, not with DHCP

Actions #6

Updated by Renato Botelho 7 months ago

  • Status changed from New to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #7

Updated by Daniel Berteaud 7 months ago

Can confirm it fixes the issue for me :-)

Actions #8

Updated by Renato Botelho 7 months ago

  • Status changed from Feedback to Waiting on Merge
Actions #9

Updated by Jim Pingle 7 months ago

This could also be related to #11450 since it uses that function in this way

Actions #10

Updated by Tácio Andrade 7 months ago

I am facing the same problem at OVH. After the migration some pfSense stopped the gateway.

I found it strange because I updated 3 pfSense and none of them had this problem, but I realized that it is because the other 3 instead of non-local gateway used the last IP of their network range as a gateway.

Actions #11

Updated by Renato Botelho 7 months ago

  • Status changed from Waiting on Merge to Feedback
  • Target version changed from CE-Next to 2.5.1

Cherry picked to 2.5.0

Actions #12

Updated by Jim Pingle 7 months ago

  • Subject changed from 2.5.0 breaks non local gateways to Gateways with "Use non-local gateway" set are not added to routing table

Updating subject for release notes.

Actions #13

Updated by Viktor Gurov 6 months ago

  • Status changed from Feedback to Resolved

works as expected on 2.5.1.r.20210314.2256:

Destination        Gateway            Flags     Netif Expire
...
172.13.13.13       ea:f3:ba:7c:55:4a  UHS      vtnet0

Actions #14

Updated by Andrew Murray 6 months ago

Viktor Gurov wrote:

works as expected on 2.5.1.r.20210314.2256:
[...]

I tested this with 2.5.1.r.20210314.2256 and confirmed it does work with IP but DNS doesn't resolve even though remote DNS is configured for 1.1.1.1 and 1.0.0.1. I can access these without issue but trying with DNS on pfsense doesn't work.

EDIT: Setting the default gateway to a specific one instead of automatic, solved the problem.

Actions #15

Updated by Frank Soyer 6 months ago

Hi guys,
I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com is actually OFF, I can't see the fix, and I not really want to fully re-install a RC. I can revert to 2.4.5 for the moment, no matter, but can someone tell me when a stable 2.5.1 (if it fix this) will be available ? Or point me to a roadmap, somewhere ? Thanks.

Actions #16

Updated by Renato Botelho 6 months ago

Frank Soyer wrote:

Hi guys,
I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com is actually OFF, I can't see the fix, and I not really want to fully re-install a RC. I can revert to 2.4.5 for the moment, no matter, but can someone tell me when a stable 2.5.1 (if it fix this) will be available ? Or point me to a roadmap, somewhere ? Thanks.

You can apply the patch https://github.com/pfsense/pfsense/commit/a97987a5d1df8219f40433270fce0e3ef49345dc, which fixed this issue, using System Patches package as described at https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

Actions #17

Updated by Frank Soyer 6 months ago

Hi Renato,
the only patch (pfSense-pkg-System_Patches: 1.2_5) shown in the UI does not correct the problem. It seems that a "2.5.1" patch isn't yet available.
But modifying the line manually did the trick, thanks a lot.

Actions

Also available in: Atom PDF