Do not route rules to default gateway when its own gateway is down
When an OVPN client connection goes down, any policy based routing rules pointing to the ovpnc gateway instead point to the default route. REJECT/BLOCK rules are also ignored.
Traffic should not be redirected to the default route but instead should fail.
I also setup a gateway failover group with OVPNC1 set as Tier 1 and a Blackhole(Bogus LAN IP w/ monitoring disabled) gateway set as Tier 2. When setting the gateway to GWGRP1 I would expect traffic to be routed to Blackhole being that OVPNC1 is down, but instead traffic is handed over to the default route ignoring any REJECT/BLOCK rules.
I have tested this with 2.0.2 and 2.1-BETA1-i386-20130305-1457
Updated by Renato Botelho over 8 years ago
- Tracker changed from Bug to Feature
- Subject changed from Policy routing to OpenVPN client gateway ignored when VPN is down to Do not route rules to default gateway when its own gateway is down
- Category changed from OpenVPN to Gateways
- Assignee set to Renato Botelho
It's the expected behaviour today, so change it to a Feature and adjust Subject as well
Updated by Shawn Bruce over 8 years ago
Wow thanks for working to add this!
I've applied the patch to pfSense-2.1-BETA1-amd64-20130312-0847 and it does not seem to work. I ticked the option in Advanced->Misc and performed a restart to be safe. Traffic is still sent to the default gateway when the OVPN gateway is down or service stopped.
Maybe I am missing something?