Bug #12409
closed
Automatic-default-gateway-mode selects OpenVPN-Server interfaces
0%
Description
If the gateway selection is in automatic mode, the default gateway is switched from the monitored WAN gateway to an OpenVPN-Server-interface-gateway. This behaviour is new on 21.* and still there on 21.05.1. On 2.4.5 it never switched to OpenVPN-interfaces. It occours on SG-3100, SG-5100, XG-7100 in many different setups. Sometimes it happens emiedietly after update from 2.4.5 to 21.*, sometimes days or weeks later. From the customer's point of view, it's an Internet outage.
Our workaround is to set the WAN interface or in case of multi-WAN the Gatewas Group als IPv4 Gateway BEFORE the update.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Not a Bug
That's the nature of the default "automatic" mode -- when left to select it will select whatever gateway is the first available one in the list.
It isn't intelligent enough to pick between physical and virtual interfaces because end users may set them up however they feel is best and what works for some may not work for others. Some people may want to use a VPN as default, it has no way to know since it's picking from the entire set.
If you wish to set a preference of order to only allow certain gateways to be default, then make a custom failover group with the exact order to use and then set that as default.
Updated by Lars Möller over 2 years ago
What is this mode made for? As long as there are only valid internet gateways it is safe to use. But as soon as there is 1 not internet-gateway this setting is very dangarous.
In 2.4.5 it has reliably selected a valid WAN Interface (on ~80 different setups). On 21.* this bahavoir changed. Now it seems to randomly select an openvpn-interface in many cases.