Project

General

Profile

Actions

Bug #3607

closed

apinger misconfigured when using PPPoE link

Added by Gilles Compienne over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Gateways
Target version:
-
Start date:
04/17/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
All

Description

When using a PPoE link for a WAN then the script configuring apinger (i.e. /etc/inc/gwlb.inc) will not configure apinger properly (this has been verified on pfSense 2.1.2).

This happens because the IP address for the PPoE link is internally reported as "dynamic" and the configuration script will reject that as not being a valid IP. In practice the "if" test for this was probably wrong because inside the "if" block the IP check is done again (and the code inside the block seems to be careful to handle the "dynamic" scenario). So, all I had to do to fix this was to change the outer if block to check the protocol variant (IPv4 or v6) instead of simply checking the IP address itself.

There was another problem that, if a monitor address was specified, then the script was not checking if that address was local link or not (the script was currently only doing that for the gateway address itself, and it forgot that the monitor address probably should have been checked first).

So, in my case, I got things to work by editing the "gwlb.inc" file and replacing the block:
if (is_ipaddrv4($gateway['gateway'])) {
...
} else if (is_ipaddrv6($gateway['gateway'])) {
...
} else
continue;

BY:

if ($gateway['ipprotocol'] == "inet") {
$gwifip = find_interface_ip($gateway['interface'], true);
if (!is_ipaddrv4($gwifip))
continue; //Skip this target
/*
 * If the gateway is the same as the monitor we do not add a
 * route as this will break the routing table.
 * Add static routes for each gateway with their monitor IP
 * not strictly necessary but is a added level of protection.
/
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
mwexec("/sbin/route change -host " . escapeshellarg($gateway['monitor']) .
" " . escapeshellarg($gateway['gateway']), true);
}
} else if ($gateway['ipprotocol'] "inet6") {
if ($gateway['monitor'] $gateway['gateway']) {
/
link locals really need a different src ip */
if (is_linklocal($gateway['gateway'])) {
$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
} else {
$gwifip = find_interface_ipv6($gateway['interface'], true);
}
} else {
$gwifip = find_interface_ipv6($gateway['interface'], true);
if (is_linklocal($gateway['monitor'])) {
if (!strstr($gateway['monitor'], '%')) {
$gateway['monitor'] .= "%{$gateway['interface']}";
}
} else {
// Monitor is a routable address, so use a routable address for the "src" part
$gwifip = find_interface_ipv6($gateway['interface'], true);
}
}
if (!is_ipaddrv6($gwifip))
continue; //Skip this target
/*
 * If the gateway is the same as the monitor we do not add a
 * route as this will break the routing table.
 * Add static routes for each gateway with their monitor IP
 * not strictly necessary but is a added level of protection.
*/
if (is_ipaddrv6($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
mwexec("/sbin/route change -host -inet6 " . escapeshellarg($gateway['monitor']) .
" " . escapeshellarg($gateway['gateway']), true);
}
} else {
continue;
}

Now, I must admit I don't know how to apply these fixes to the source code and I suspect they would have to be validated first. Hence this bug report...

HTH


Files

gwlb.inc (33.1 KB) gwlb.inc Gilles Compienne, 04/17/2014 08:21 AM
Actions

Also available in: Atom PDF