Bug #15015
open
Static routes not working
0%
Description
Hello,
This morning I updated to PFSense 2.7.1 from 2.7.0. Now, I just tried to add a dynamic gateway and a static route. Unfortunately, the static route is not being added to the routing table. I restored the VM backup from this morning, before I updated, added the same gateway and static route and it was added to the routing table, and everything works fine.
I've set the priority to Urgent since this is quite bad for a router...?
Site A has a gateway set on the IPSec interface and a route for site C that uses that gateway.
Site B has two gateways (one for each IPSec tunnel) and the following routes:
- route to site A via the IPSec interface - gateway - going to site A
- route to site B via the IPSec interface - gateway - going to site B
Site C has a gateway set on the IPSec interface and a route for site A that uses that gateway.
Site A was updated this morning to PFSense 2.7.1, while Site C is running 2.7.0.
Site A DOES NOT have the static routes added to the routing table.
Site C does have the static routes added to the routing table.
Once I reverted Site A to 2.7.0, I did the same config again and the routes were added to the routing table.
Thank you.
Updated by dylan mendez 5 months ago
Created 3 VMs
VM 1 - pfSense CE 2.7.0 - Subnet: 192.168.1.0/24 - Connected via VTI IPsec to VM2 (10.10.10.1) - Routes to 192.168.2.0/24 and 192.168.3.0/24 through the tunnel.
VM 2- pfSense+ 23.09 - Subnet: 192.168.2.0/24 - Connected via VTI IPsec to VM1 (10.10.10.2) and VM3 (10.10.10.5)- Routes to 192.168.1.0/24 via IPSec to VM1, as well as routes to 192.168.3.0/24 via IPSec to VM3.
VM 3 - pfSense CE 2.7.1 - Subnet: 192.168.3.0/24 - Connected via VTI IPsec to VM1 (10.10.10.6) - Routes to 192.168.2.0/24 and 192.168.1.0/24 through the tunnel.
All routes are showing up correctly, and communication is good between all VMs. Proceeded to upgrade VM 1 to pfSense CE 2.7.1 after taking snapshot.
Checked VM1 after upgrade, routes are still there, IPSec tunnels are still present.
Updated by dylan mendez 5 months ago
In this case, my best guess is that the IPSec tunnel is going down for some reason, therefore, the route is no longer there.
Updated by Silviu Bajenaru 5 months ago
dylan mendez wrote in #note-2:
In this case, my best guess is that the IPSec tunnel is going down for some reason, therefore, the route is no longer there.
I had this same idea, but under Status -> IPSec shows all tunnels showed online...
P.S.: I just reupdated from 2.7.0 to 2.7.1 again and it does the same. Please see the attached screenshots (for some reason images don't show up, here are the links):
https://ibb.co/gD2Rsx6 - tunnel configuration
https://ibb.co/b2K6zMX - tunnel status
https://ibb.co/H23kv4r - netstat output, grepping for 10.101
https://ibb.co/K2YZKgL - Routes table (from GUI)
As I said, this worked on 2.7.0 with no problems. Updated to 2.7.1, this started happening. No clue why.
Changing Phase 2 to 0.0.0.0/0 on both remote and local did nothing to fix the situation (saw this on some post that usually, when you run in routed mode, you'd use 0.0.0.0/0 since it doesn't really matter - please correct this info if it's wrong)
P.S.2: reverted again to 2.7.0 since I need this to work. If I can assist in any way, please let me know.
Updated by dylan mendez 2 months ago
The pictures are no longer there, can you please re upload.