Project

General

Profile

Actions

Bug #3607

closed

apinger misconfigured when using PPPoE link

Added by Gilles Compienne over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Gateways
Target version:
-
Start date:
04/17/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
All

Description

When using a PPoE link for a WAN then the script configuring apinger (i.e. /etc/inc/gwlb.inc) will not configure apinger properly (this has been verified on pfSense 2.1.2).

This happens because the IP address for the PPoE link is internally reported as "dynamic" and the configuration script will reject that as not being a valid IP. In practice the "if" test for this was probably wrong because inside the "if" block the IP check is done again (and the code inside the block seems to be careful to handle the "dynamic" scenario). So, all I had to do to fix this was to change the outer if block to check the protocol variant (IPv4 or v6) instead of simply checking the IP address itself.

There was another problem that, if a monitor address was specified, then the script was not checking if that address was local link or not (the script was currently only doing that for the gateway address itself, and it forgot that the monitor address probably should have been checked first).

So, in my case, I got things to work by editing the "gwlb.inc" file and replacing the block:
if (is_ipaddrv4($gateway['gateway'])) {
...
} else if (is_ipaddrv6($gateway['gateway'])) {
...
} else
continue;

BY:

if ($gateway['ipprotocol'] == "inet") {
$gwifip = find_interface_ip($gateway['interface'], true);
if (!is_ipaddrv4($gwifip))
continue; //Skip this target
/*
 * If the gateway is the same as the monitor we do not add a
 * route as this will break the routing table.
 * Add static routes for each gateway with their monitor IP
 * not strictly necessary but is a added level of protection.
/
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
mwexec("/sbin/route change -host " . escapeshellarg($gateway['monitor']) .
" " . escapeshellarg($gateway['gateway']), true);
}
} else if ($gateway['ipprotocol'] "inet6") {
if ($gateway['monitor'] $gateway['gateway']) {
/
link locals really need a different src ip */
if (is_linklocal($gateway['gateway'])) {
$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
} else {
$gwifip = find_interface_ipv6($gateway['interface'], true);
}
} else {
$gwifip = find_interface_ipv6($gateway['interface'], true);
if (is_linklocal($gateway['monitor'])) {
if (!strstr($gateway['monitor'], '%')) {
$gateway['monitor'] .= "%{$gateway['interface']}";
}
} else {
// Monitor is a routable address, so use a routable address for the "src" part
$gwifip = find_interface_ipv6($gateway['interface'], true);
}
}
if (!is_ipaddrv6($gwifip))
continue; //Skip this target
/*
 * If the gateway is the same as the monitor we do not add a
 * route as this will break the routing table.
 * Add static routes for each gateway with their monitor IP
 * not strictly necessary but is a added level of protection.
*/
if (is_ipaddrv6($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
mwexec("/sbin/route change -host -inet6 " . escapeshellarg($gateway['monitor']) .
" " . escapeshellarg($gateway['gateway']), true);
}
} else {
continue;
}

Now, I must admit I don't know how to apply these fixes to the source code and I suspect they would have to be validated first. Hence this bug report...

HTH


Files

gwlb.inc (33.1 KB) gwlb.inc Gilles Compienne, 04/17/2014 08:21 AM
Actions #1

Updated by Gilles Compienne over 10 years ago

Posting the source code on the bug report does not seems to have gone well (missing bits and the like, escape issues I suppose). So I am attaching the modified file (note that full file probably still has some of the debug "print" command I used to trace the problem. But the main if block with its changes will be intact).

Actions #2

Updated by Phillip Davis over 10 years ago

Go to https://github.com/pfsense/pfsense and make yourself an account and submit the code change there. It will be much easier to review.

Actions #3

Updated by Gilles Compienne over 10 years ago

Phillip Davis wrote:

Go to https://github.com/pfsense/pfsense and make yourself an account and submit the code change there. It will be much easier to review.

Ok, I have submitted pull request 1098:
https://github.com/pfsense/pfsense/pull/1098

Hope this helps.

Regards,

Gilles.

Actions #4

Updated by Chris Buechler over 10 years ago

  • Subject changed from apinger misconfigured when using PPoE link to apinger misconfigured when using PPPoE link
  • Status changed from New to Resolved
Actions

Also available in: Atom PDF