Project

General

Profile

Actions

Bug #6455

closed

Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet

Added by Tobi Miller over 8 years ago. Updated over 6 years ago.

Status:
Duplicate
Priority:
Low
Assignee:
-
Category:
Virtual IP Addresses
Target version:
-
Start date:
06/06/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

I have pfsense 2.3.1 (amd64) running and the issue #3075 seems to be present again. I have setup a main virtual IP which I use to bind services. Now I added another virtual IP from the same subnet, but now I cannot remove this newly added virtual ip anymore. The error message always is "This entry cannot be deleted because it is still referenced by at least one Gateway."
My setup:

Subnet xx.xx.xx.208/29
GW xx.xx.xx.209
virtIP xx.xx.xx.210
virtIP xx.xx.xx.214

the second virtual IP I want to remove, but fails with error above

Bearbeiten Beobachten

Actions #1

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Feedback

Not enough info to go by. Ideally this should be in a forum thread until a bug can be confirmed.

Is this an IP Alias type VIP or a CARP VIP?

If you look in your config.xml, is there actually a reference to the VIP in question?

If you edit the gateways groups and check each one, is the VIP selected for any of them?

Actions #2

Updated by Tobi Miller over 8 years ago

Okay, in case that this is better in the forum, I will open a thread there :-)
Just to answer your qestions:
  • its a "normal" VIP
  • yes there is a VIP config in there for this ip alias
    <vip>
     <mode>ipalias</mode>
     <interface>wan</interface>
     <uniqid>5755531329ee6</uniqid>
     <descr/>
     <type>single</type>
     <subnet_bits>29</subnet_bits>
     <subnet>xx.xx.xx.214</subnet>
    </vip>
    
  • I have no gateway groups configured. The list in the GUI is empty

But now I was able to delete the VIP by making the subnet mask of the ip alias smaller (in my case /32 but I guess any mask that does NOT cover the default gateway would/should work). After that I could delete the ip alias without any problem.
For me it seems that pfsense does not allow to delete a VIP if this VIPs ip/subnet configuration could be a candidate to reach the default gateway. Which makes perfect sense if this VIP is the only one that covers the path to the default GW. But if there are several VIP which contain the default GW by their ip/subnet config then only deleting the last one should trigger this error

Actions #3

Updated by Sandeep K V over 8 years ago

Hi @Tobi Miller Many of the firewall services use virtual IPs for load balancing. So suddenly removing the virtual IPs may overwhelm those services. I am not sure whether this will be accepted as bug. Will be happy to help you on this if it is classified as bug.

Actions #4

Updated by Chris Buechler over 8 years ago

  • Priority changed from Normal to Low
  • Subject changed from Can't delete unused Virtual IP "referenced by a least one gateway" to Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet
  • Status changed from Feedback to Confirmed
  • Affected Version changed from 2.3.1 to All
  • Affected Architecture added
  • Affected Architecture deleted (amd64)

The issue is where you have a gateway that isn't within the interface's primary IP subnet (unusual), no VIPs within that gateway's subnet can't be deleted. It should only prevent deletion of the last VIP in that subnet.

Actions #5

Updated by Brendon Baumgartner about 7 years ago

Thanks! Just ran into this and changed the mast to /32 and I was then able to delete it. I thought it was a 2.4.0 bug but I guess not!

The errors I was getting :

The following input errors were detected:
This entry cannot be deleted because it is still referenced by a CARP IP with the description Aasdf

Actions #6

Updated by Jim Pingle over 6 years ago

  • Status changed from Confirmed to Duplicate

Duplicate of #4438

Actions

Also available in: Atom PDF