Bug #14717
closedA default route can remain after setting the default gateway to None
100%
Description
pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i have been setup pfsense system_gateways.php Default gateway IPv6 to none or automatic,
then pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.
This causes all the traffic of frr ipv6 bgp to go to pppoe wan.I hope that when I run ipv6 bgp, don't set the default route to ISP pppoe wan.
Related issues
Updated by Kris Phillips about 1 year ago
Hello,
Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not understanding what issue you're having. If your IPv6 Default Gateway is set to None, it should never use anything by default and will rely on Policy-Based Routing.
Updated by yon Liu about 1 year ago
This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv6 network does not implement RPKI measures. pfsense directly forces the default ipv6 route to be WAN pppoe and cannot be changed. As a result, the wrong IP can still be routed out through WAN pppoe, causing security risks.I want to give users the ability to choose the default route according to the situation.When my frr bgp is running normally, I hope to disable the default route of the WAN port unless setting a static route to specify wan.
Updated by Marcos M about 1 year ago
- Project changed from pfSense Plus to pfSense
- Category changed from Gateways to Gateways
- Affected Plus Version deleted (
23.05.1)
Updated by Marcos M about 1 year ago
- Related to Bug #14634: The default gateway icon is not updated when the default gateway is changed to none added
Updated by Marcos M about 1 year ago
It's possible that frr is playing a part here - please try reproducing the issue with frr disabled or removed. For example, a peer may advertise a default route which is added after the normal default route is removed.
Updated by Marcos M about 1 year ago
- Related to deleted (Bug #14634: The default gateway icon is not updated when the default gateway is changed to none)
Updated by yon Liu about 1 year ago
my frr only has ipv6 bgp sessions, no ipv4 bgp session. frr has no setup ipv4 default gateway
Updated by yon Liu about 1 year ago
frr has no setup ipv6 default gateway.so WAN pppoe auto setup default gateway in pfsense.
Updated by Marcos M about 1 year ago
- Subject changed from Always automatically set static default ipv6 to pppoe wan to A default IPv6 route remains after setting the default IPv6 gateway to None
- Status changed from Feedback to New
Updated by Kris Phillips about 1 year ago
Tested this without FRR on a stock setup of the latest 23.09 Plus build. When setting Default IPv6 gateway to "none", even after restarting dpinger, there is still a globe next to the IPv6 gateway and under Diagnostics --> Routes there is still a default route under IPv6. Also rebooted the firewall after applying this and both are still present.
Updated by Marcos M about 1 year ago
- Subject changed from A default IPv6 route remains after setting the default IPv6 gateway to None to A default route can remain after setting the default gateway to None
- Status changed from New to Pull Request Review
- Assignee set to Marcos M
- Target version set to 2.8.0
- Plus Target Version set to 23.09
- Affected Version set to 2.7.0
The function which removes the default route specifically checks for the STATIC
flag in the default route. When the flag is missing (it's unclear to me why the flag is sometimes missing), the route will not be deleted. The intent is to avoid removing a default route added by a dynamic routing protocol. Hence, instead of checking for the STATIC
flag which may not exist, we can specifically check for a PROTO
* flag.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1080
Updated by Marcos M about 1 year ago
- Related to Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon added
Updated by Marcos M about 1 year ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset f016f14911d90cab2d940264a636cfef9303de1d.
Updated by Georgiy Tyutyunnik about 1 year ago
patch fixes "stuck" ipv6 default for me
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to Resolved
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1