Bug #12922
open
Classless static routes received on DHCP WAN can override chosen default gateway
0%
Description
Although I'm still running 2.5.2 I believe this bug is also in 2.6.0 based on a diff of the file in question.
I have multiple WANs, one of which is Starlink which sends DHCP Option 121 classless routes. My default gateway is explicitly set to a different interface but sometimes it changes to Starlink when the Starlink interface address changes. I believe there is an error here in pfSense-dhclient-script that causes the default route to change whether or not the gateway is currently set to be the default.
For example, here's a recent log message from when Starlink on igb3 got a new address:
Mar 9 05:23:16 router dhclient[61686]: New Classless Static Routes (igb3): 192.168.100.1/32 0.0.0.0 34.120.255.244/32 0.0.0.0 default 100.64.0.1
When I extract the code from pfSense-dhclient-script referenced above and create a test stub using the routes from the log message I get this output:
New Classless Static Routes (igb3): 192.168.100.1/32 0.0.0.0 34.120.255.244/32 0.0.0.0 default 100.64.0.1 route add 192.168.100.1/32 -iface igb3 route add 34.120.255.244/32 -iface igb3 route add default 100.64.0.1
I'm assuming that last route command is the problem. There is no test to confirm igb3 is the intended default gateway.
Updated by Jim Pingle over 2 years ago
- Subject changed from Default IPv4 gateway changes on its own to Classless static routes received on DHCP WAN can override chosen default gateway
- Category changed from Gateways to DHCP (IPv4)
Rewording the subject to be more precise.
It's unusual to get classless static routes from DHCP in most cases so the situation has likely never come up before.
From the notes in the source:
# RFC 3442: If the DHCP server returns both a Classless Static
# Routes option and a Router option, the DHCP client MUST ignore
# the Router option.
So there should maybe be more logic there as well to treat the default as a gateway replacing the router option (e.g. ignore the route and set it as the value of $new_routers)
Updated by David Myers over 2 years ago
I think there's a similar issue here in pfSense-dhclient-script that can delete the default route incorrectly.
Updated by David Myers over 2 years ago
I've discontinued my Starlink service so I may not be able to help the with debugging of a fix for this issue in the future, but I thought I'd mention that this simple-minded patch seems to have helped:
--- /usr/local/sbin/pfSense-dhclient-script.orig 2021-05-28 07:35:21.000000000 -0400
+++ /usr/local/sbin/pfSense-dhclient-script 2022-03-15 08:50:19.904170000 -0400
@@ -163,10 +163,14 @@
fill_classless_routes "$old_classless_routes"
set $classless_routes
while [ $# -gt 1 ]; do
- route delete "$1" "$2"
+ if [ "default" = "$1" ]; then
+ old_routers="$2"
+ else
+ route delete "$1" "$2"
+ fi
shift; shift
done
- return 0;
+ old_static_routes=""
fi
# Only allow the default route to be overridden if it's on our own interface
@@ -209,14 +213,16 @@
$LOGGER "New Classless Static Routes ($interface): $classless_routes"
set $classless_routes
while [ $# -gt 1 ]; do
- if [ "0.0.0.0" = "$2" ]; then
+ if [ "default" = "$1" ]; then
+ new_routers="$2"
+ elif [ "0.0.0.0" = "$2" ]; then
route add "$1" -iface "$interface"
else
route add "$1" "$2"
fi
shift; shift
done
- return
+ new_static_routes=""
fi
ADDED_ROUTE=no
Updated by Oleksii Tucha 5 months ago
The issue still exists in 2.7.2, the patch from David works.