Project

General

Profile

Actions
Copy link

Bug #12244

closed

Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF

Added by Layla Mah about 4 years ago. Updated about 4 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Gateways
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.4.5-p1
Affected Architecture:

Description

This issue: https://redmine.pfsense.org/issues/11433 claims that 2.5.0 regressed things by not adding gateways with "Use non-local gateway" to the routing table.

For the local routing case, this likely was a regression.

However, for the case where you get a route to the non-local gateway via OSPF, and that route is through an external router/gateway (not directly connected), it is incorrect to also add a local route to the routing table.

What pfSense 2.4.5-p1 does in this situation is that it correctly adds the OSPF route to the routing table (which has e.g. USG flags).
But it also, incorrectly adds another local route with USH flags pointing the gateway IP address at the MAC address of the local interface the gateway is configured on to the routing table.

This is quite wrong, and then when attempts are made to reach this IP address, the routing table says "oh, it's a host at MAC ##:##:##:##:##, you can talk to it directly" when it should instead say "hey, go talk to this router attached on interface xyz to find out what your next hop to that address is!"

Actions
Copy link
 #1

Updated by Layla Mah about 4 years ago

For reference, manually deleting the erroneous host (USH flags) route via 

route del -host <address>
fixes connectivity briefly (because the routing table stops telling clients to talk to a local interface MAC address, and instead begins correctly telling them which next hop router to talk to), until pfSense erroneously adds the local host (USH flags) route again shortly thereafter, and then connectivity to the non-local gateway address predictably breaks again.

Actions
Copy link
 #2

Updated by Layla Mah about 4 years ago

https://redmine.pfsense.org/issues/7380 Looks quite related to this bug.

Actions
Copy link
 #3

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Not a Bug

Unless I'm misreading something there is no bug here.

If you manually added a gateway and checked the box to say it isn't local, then it adds those entries by necessity. It needs the MAC address as the destination because being outside of its subnet, it cannot ARP for the gateway.

If you get a route from OSPF you would not have a manual gateway entry, it would be automatic from OSPF.

With OSPF the next hop in the routing table would always be your OSPF neighbor which must be directly connected, it wouldn't be a non-local gateway in the same way.

So at least to me this looks like a misconfiguration. This site is not for support or diagnostic discussion, so it isn't the place to talk about it further.

For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .

See Reporting Issues with pfSense Software for more information.

If a problem can be identified, a fresh issue can be opened with more detail.

Actions
Copy link

Also available in: Atom PDF