Project

General

Profile

Actions

Bug #13900

open

Reply-to and route-to do not work on WAN2 when WAN interface is down

Added by Renato Martins about 1 year ago. Updated about 1 year ago.

Status:
Confirmed
Priority:
Very Low
Assignee:
-
Category:
Routing
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
amd64

Description

Scenario and how to reproduce:

Interfaces
WAN - 192.168.100.2/30 - GW 192.168.100.1
LAN - 192.168.5.254/24
WAN2 - 192.168.100.6/30 - GW 192.168.100.5
VPN1 client - Use interface WAN as out interface
VPN2 client - Use interface WAN2 as out interface

Default GW: 192.168.100.1 (WAN interface). No gateway group configured.

How to reproduce: WAN has no link detected (cable fault example).

Problems detected:
- VPN client 2 using WAN2 as out interface down (but only WAN is unvaliable)
- Access from WAN2 unvaliable with https or ssh port (filter rule created correctly).

Actions #1

Updated by Renato Martins about 1 year ago

I have set priority with very low because when gateway group is configured properly, problem not occurs.

Actions #2

Updated by Steve Wheeler about 1 year ago

Probably this or at least the same cause as that: https://redmine.pfsense.org/issues/13420
Please test a 2.7 snapshot

Actions #3

Updated by Jim Pingle about 1 year ago

  • Category changed from Gateways to Routing
  • Status changed from New to Confirmed

It still happens against 2.7. If there is no default gateway in the routing table, the OS doesn't know how it can send packets out, even with reply-to. You don't have to take down the WAN to test, you can just route delete default and it will trigger the behavior.

But using a failover gateway group as the default gateway easily works around it.

Actions

Also available in: Atom PDF