Bug #14717
closed
A default route can remain after setting the default gateway to None
100%
Description
pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i have been setup pfsense system_gateways.php Default gateway IPv6 to none or automatic,
then pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.
This causes all the traffic of frr ipv6 bgp to go to pppoe wan.I hope that when I run ipv6 bgp, don't set the default route to ISP pppoe wan.
Related issues
Updated by Kris Phillips 8 months ago
Hello,
Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not understanding what issue you're having. If your IPv6 Default Gateway is set to None, it should never use anything by default and will rely on Policy-Based Routing.
Updated by yon Liu 8 months ago
This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv6 network does not implement RPKI measures. pfsense directly forces the default ipv6 route to be WAN pppoe and cannot be changed. As a result, the wrong IP can still be routed out through WAN pppoe, causing security risks.I want to give users the ability to choose the default route according to the situation.When my frr bgp is running normally, I hope to disable the default route of the WAN port unless setting a static route to specify wan.
Updated by Marcos M 8 months ago
- Related to Bug #14634: The default gateway icon is not updated when the default gateway is changed to none added
Updated by Marcos M 8 months ago
- Related to deleted (Bug #14634: The default gateway icon is not updated when the default gateway is changed to none)
Updated by Kris Phillips 8 months ago
Tested this without FRR on a stock setup of the latest 23.09 Plus build. When setting Default IPv6 gateway to "none", even after restarting dpinger, there is still a globe next to the IPv6 gateway and under Diagnostics --> Routes there is still a default route under IPv6. Also rebooted the firewall after applying this and both are still present.
Updated by Marcos M 8 months ago
- Subject changed from A default IPv6 route remains after setting the default IPv6 gateway to None to A default route can remain after setting the default gateway to None
- Status changed from New to Pull Request Review
- Assignee set to Marcos M
- Target version set to 2.8.0
- Plus Target Version set to 23.09
- Affected Version set to 2.7.0
The function which removes the default route specifically checks for the STATIC flag in the default route. When the flag is missing (it's unclear to me why the flag is sometimes missing), the route will not be deleted. The intent is to avoid removing a default route added by a dynamic routing protocol. Hence, instead of checking for the STATIC flag which may not exist, we can specifically check for a PROTO* flag.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1080
Updated by Marcos M 8 months ago
- Related to Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon added
Updated by Marcos M 8 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset f016f14911d90cab2d940264a636cfef9303de1d.
Updated by Georgiy Tyutyunnik 7 months ago
patch fixes "stuck" ipv6 default for me
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Updated by