Bug #6455
closed
Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet
0%
Description
I have pfsense 2.3.1 (amd64) running and the issue #3075 seems to be present again. I have setup a main virtual IP which I use to bind services. Now I added another virtual IP from the same subnet, but now I cannot remove this newly added virtual ip anymore. The error message always is "This entry cannot be deleted because it is still referenced by at least one Gateway."
My setup:
Subnet xx.xx.xx.208/29
GW xx.xx.xx.209
virtIP xx.xx.xx.210
virtIP xx.xx.xx.214
the second virtual IP I want to remove, but fails with error above
Bearbeiten Beobachten
Updated by Jim Pingle over 8 years ago
- Status changed from New to Feedback
Not enough info to go by. Ideally this should be in a forum thread until a bug can be confirmed.
Is this an IP Alias type VIP or a CARP VIP?
If you look in your config.xml, is there actually a reference to the VIP in question?
If you edit the gateways groups and check each one, is the VIP selected for any of them?
Updated by Tobi Miller over 8 years ago
Just to answer your qestions:
- its a "normal" VIP
- yes there is a VIP config in there for this ip alias
<vip> <mode>ipalias</mode> <interface>wan</interface> <uniqid>5755531329ee6</uniqid> <descr/> <type>single</type> <subnet_bits>29</subnet_bits> <subnet>xx.xx.xx.214</subnet> </vip>
- I have no gateway groups configured. The list in the GUI is empty
But now I was able to delete the VIP by making the subnet mask of the ip alias smaller (in my case /32 but I guess any mask that does NOT cover the default gateway would/should work). After that I could delete the ip alias without any problem.
For me it seems that pfsense does not allow to delete a VIP if this VIPs ip/subnet configuration could be a candidate to reach the default gateway. Which makes perfect sense if this VIP is the only one that covers the path to the default GW. But if there are several VIP which contain the default GW by their ip/subnet config then only deleting the last one should trigger this error
Updated by Sandeep K V over 8 years ago
Hi @Tobi Miller Many of the firewall services use virtual IPs for load balancing. So suddenly removing the virtual IPs may overwhelm those services. I am not sure whether this will be accepted as bug. Will be happy to help you on this if it is classified as bug.
Updated by Chris Buechler over 8 years ago
- Priority changed from Normal to Low
- Subject changed from Can't delete unused Virtual IP "referenced by a least one gateway" to Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet
- Status changed from Feedback to Confirmed
- Affected Version changed from 2.3.1 to All
- Affected Architecture added
- Affected Architecture deleted (
amd64)
The issue is where you have a gateway that isn't within the interface's primary IP subnet (unusual), no VIPs within that gateway's subnet can't be deleted. It should only prevent deletion of the last VIP in that subnet.
Updated by Brendon Baumgartner about 7 years ago
Thanks! Just ran into this and changed the mast to /32 and I was then able to delete it. I thought it was a 2.4.0 bug but I guess not!
The errors I was getting :
The following input errors were detected: This entry cannot be deleted because it is still referenced by a CARP IP with the description Aasdf
Updated by Jim Pingle over 6 years ago
- Status changed from Confirmed to Duplicate
Duplicate of #4438