https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162013-03-12T09:37:10ZpfSense bugtrackerpfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110842013-03-12T09:37:10ZRenato Botelhorenato@netgate.com
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Feature</i></li><li><strong>Subject</strong> changed from <i>Policy routing to OpenVPN client gateway ignored when VPN is down</i> to <i>Do not route rules to default gateway when its own gateway is down</i></li><li><strong>Category</strong> changed from <i>OpenVPN</i> to <i>Gateways</i></li><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul><p>It's the expected behaviour today, so change it to a Feature and adjust Subject as well</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110852013-03-12T09:40:11ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Do not route do default gw when rule gw is down - Add a new advanced misc option to change the b..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/a1f735b31c8f7f0cca0ebc5a7153cd06cdf4482e">a1f735b31c8f7f0cca0ebc5a7153cd06cdf4482e</a>.</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110902013-03-12T19:00:14ZShawn Brucekantlivelong@gmail.com
<ul></ul><p>Wow thanks for working to add this!</p>
<p>I've applied the patch to pfSense-2.1-BETA1-amd64-20130312-0847 and it does not seem to work. I ticked the option in Advanced->Misc and performed a restart to be safe. Traffic is still sent to the default gateway when the OVPN gateway is down or service stopped.</p>
<p>Maybe I am missing something?</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110922013-03-12T19:36:45ZRenato Botelhorenato@netgate.com
<ul></ul><p>Could you show me /tmp/rules.debug in 2 different moments, when OVPN is up and when it's down?</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110932013-03-12T20:03:56ZShawn Brucekantlivelong@gmail.com
<ul><li><strong>File</strong> <a href="/attachments/735">rules.debug_GWUP</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/735/rules.debug_GWUP">rules.debug_GWUP</a> added</li><li><strong>File</strong> <a href="/attachments/736">rules.debug_GWDOWN</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/736/rules.debug_GWDOWN">rules.debug_GWDOWN</a> added</li></ul><p>It appears the rules related to gateway OVPNC1 drop when the VPN is stopped/failed.</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110942013-03-12T20:50:27ZShawn Brucekantlivelong@gmail.com
<ul></ul><p>Ah my apologies... Its working as you have written..</p>
<p>Silly me.</p>
<p>I'm assuming that I should now be placing a DENY rule below the rule that specifies the gateway?</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=110952013-03-13T06:43:45ZRenato Botelhorenato@netgate.com
<ul></ul><p>Exactly, or you can negate the 192.168.99.151 as src on rule that allow all traffic from 192.168.99.0/24.</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=111092013-03-13T08:53:26ZShawn Brucekantlivelong@gmail.com
<ul></ul><p>It's working perfectly then :)</p>
<p>Sorry about the previous confusion.</p> pfSense - Feature #2858: Do not route rules to default gateway when its own gateway is downhttps://redmine.pfsense.org/issues/2858?journal_id=111102013-03-13T09:01:53ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul><p>thanks for feedback</p>