Bug #14403
closed
Syslog Over OpenVPN Routed Out Default GW On Reboot
0%
Description
When using syslog over a site-to-site VPN, syslog will begin to route all syslog messages out of the default gateway (typically a WAN interface). This creates a state which will continue to be used even after OpenVPN tunnels have been re-established. The ONLY way to restore functionality is for that state to become inactive. Restarting the service, stopping and starting the service, removing and re-adding the entry, or changing the bound interface has no effect UNLESS the changes take long enough for the state to become inactive.
pfSense 23.01
7100-1U
FRR BGP for dynamic routing over OpenVPN site-to-site tunnels
It occurs whether the system has all the latest recommended system patches or without any patches.
Updated by Jim Pingle over 1 year ago
- Status changed from New to Not a Bug
This is a configuration issue -- if traffic is taking a path you don't want when the VPN is down, you need to add rules to block it (e.g. reject it outbound on WAN via floating rules).
Updated by James Blanton over 1 year ago
The problem is it taking an undesired path originally. It shouldn't continue to take that path if a better route is available. In this instance, the routes in the routing table are correct, but the traffic continues to go out of the default gateway indefinitely until the state is killed.
This was not a problem in any of the prior versions and only happened after the upgrade to 23.01.