Bug #13900
open
Reply-to and route-to do not work on WAN2 when WAN interface is down
0%
Description
Scenario and how to reproduce:
Interfaces
WAN - 192.168.100.2/30 - GW 192.168.100.1
LAN - 192.168.5.254/24
WAN2 - 192.168.100.6/30 - GW 192.168.100.5
VPN1 client - Use interface WAN as out interface
VPN2 client - Use interface WAN2 as out interface
Default GW: 192.168.100.1 (WAN interface). No gateway group configured.
How to reproduce: WAN has no link detected (cable fault example).
Problems detected:
- VPN client 2 using WAN2 as out interface down (but only WAN is unvaliable)
- Access from WAN2 unvaliable with https or ssh port (filter rule created correctly).
Updated by Renato Martins almost 2 years ago
I have set priority with very low because when gateway group is configured properly, problem not occurs.
Updated by Steve Wheeler almost 2 years ago
Probably this or at least the same cause as that: https://redmine.pfsense.org/issues/13420
Please test a 2.7 snapshot
Updated by Jim Pingle almost 2 years ago
- Category changed from Gateways to Routing
- Status changed from New to Confirmed
It still happens against 2.7. If there is no default gateway in the routing table, the OS doesn't know how it can send packets out, even with reply-to. You don't have to take down the WAN to test, you can just route delete default and it will trigger the behavior.
But using a failover gateway group as the default gateway easily works around it.