Project

General

Profile

Actions

Bug #14717

closed

A default route can remain after setting the default gateway to None

Added by yon Liu 8 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Gateways
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i have been setup pfsense system_gateways.php Default gateway IPv6 to none or automatic,
then pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.

This causes all the traffic of frr ipv6 bgp to go to pppoe wan.I hope that when I run ipv6 bgp, don't set the default route to ISP pppoe wan.


Related issues

Related to Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemonResolvedViktor Gurov03/17/2021

Actions
Actions #1

Updated by Kris Phillips 8 months ago

Hello,

Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not understanding what issue you're having. If your IPv6 Default Gateway is set to None, it should never use anything by default and will rely on Policy-Based Routing.

Actions #2

Updated by yon Liu 8 months ago

Actions #3

Updated by yon Liu 7 months ago

This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv6 network does not implement RPKI measures. pfsense directly forces the default ipv6 route to be WAN pppoe and cannot be changed. As a result, the wrong IP can still be routed out through WAN pppoe, causing security risks.I want to give users the ability to choose the default route according to the situation.When my frr bgp is running normally, I hope to disable the default route of the WAN port unless setting a static route to specify wan.

Actions #4

Updated by Marcos M 7 months ago

  • Project changed from pfSense Plus to pfSense
  • Category changed from Gateways to Gateways
  • Affected Plus Version deleted (23.05.1)
Actions #5

Updated by Marcos M 7 months ago

  • Related to Bug #14634: The default gateway icon is not updated when the default gateway is changed to none added
Actions #6

Updated by Marcos M 7 months ago

It's possible that frr is playing a part here - please try reproducing the issue with frr disabled or removed. For example, a peer may advertise a default route which is added after the normal default route is removed.

Actions #7

Updated by Marcos M 7 months ago

  • Status changed from New to Feedback
Actions #8

Updated by Marcos M 7 months ago

  • Related to deleted (Bug #14634: The default gateway icon is not updated when the default gateway is changed to none)
Actions #9

Updated by yon Liu 7 months ago

my frr only has ipv6 bgp sessions, no ipv4 bgp session. frr has no setup ipv4 default gateway

Actions #10

Updated by yon Liu 7 months ago

frr has no setup ipv6 default gateway.so WAN pppoe auto setup default gateway in pfsense.

Actions #11

Updated by Marcos M 7 months ago

  • Subject changed from Always automatically set static default ipv6 to pppoe wan to A default IPv6 route remains after setting the default IPv6 gateway to None
  • Status changed from Feedback to New
Actions #12

Updated by Kris Phillips 7 months ago

Tested this without FRR on a stock setup of the latest 23.09 Plus build. When setting Default IPv6 gateway to "none", even after restarting dpinger, there is still a globe next to the IPv6 gateway and under Diagnostics --> Routes there is still a default route under IPv6. Also rebooted the firewall after applying this and both are still present.

Actions #13

Updated by Marcos M 7 months ago

  • Subject changed from A default IPv6 route remains after setting the default IPv6 gateway to None to A default route can remain after setting the default gateway to None
  • Status changed from New to Pull Request Review
  • Assignee set to Marcos M
  • Target version set to 2.8.0
  • Plus Target Version set to 23.09
  • Affected Version set to 2.7.0

The function which removes the default route specifically checks for the STATIC flag in the default route. When the flag is missing (it's unclear to me why the flag is sometimes missing), the route will not be deleted. The intent is to avoid removing a default route added by a dynamic routing protocol. Hence, instead of checking for the STATIC flag which may not exist, we can specifically check for a PROTO* flag.

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1080

Actions #14

Updated by Marcos M 7 months ago

  • Related to Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon added
Actions #15

Updated by Marcos M 7 months ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #16

Updated by Georgiy Tyutyunnik 7 months ago

patch fixes "stuck" ipv6 default for me

Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT

Actions #17

Updated by Jim Pingle 7 months ago

  • Status changed from Feedback to Resolved
Actions #18

Updated by Jim Pingle 5 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF