https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-07-10T07:36:59ZpfSense bugtrackerpfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=369582018-07-10T07:36:59ZAdam Sweet
<ul></ul><p>Can I ask if any investigation has been done on this or whether anyone else has been able to replicate it? This could bite me after upgrading to 2.4.3-p1 which is planned shortly for a production environment. I note the ticket is still unassigned after 3 months.</p>
<p>I see that this is reported in an environment using a 'non-local gateway', which is not something my environment has but it's not clear whether this issue is specific to using a non-local gateway or not. Given the wide usage of CARP, I'd expect this issue would have reported far more if it were not.</p>
<p>I think it might have been reported in the forums separately here:</p>
<p><a class="external" href="https://forum.netgate.com/topic/131367/route-lost-by-carp-change">https://forum.netgate.com/topic/131367/route-lost-by-carp-change</a></p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=375082018-08-04T03:14:07ZTom Huerlimann
<ul></ul><p>I was able to reproduce excactly the same issue with 2.4.3-p1-x64 and with 2.4.4.a.20180803.0952 as well.</p>
<p><strong>Setup on Box 1</strong></p>
<p>- WAN: 10.4.0.1/29<br />- GW: xxx.xxx.84.233<br />- CARP Address 1: xxx.xxx.84.234/29<br />- CARP Address 2: xxx.xxx.84.235/29<br />- CARP Address 3: xxx.xxx.84.236/29<br />- CARP Address 4: xxx.xxx.84.237/29</p>
<p><strong>Setup on Box 2</strong></p>
<p>- WAN: 10.4.0.2/29<br />- GW: xxx.xxx.84.233<br />- CARP Address 1: xxx.xxx.84.234/29<br />- CARP Address 2: xxx.xxx.84.235/29<br />- CARP Address 3: xxx.xxx.84.236/29<br />- CARP Address 4: xxx.xxx.84.237/29</p>
<p><strong>Modifications i made for testing</strong></p>
<p>- I changed WAN on Box 1 to xxx.xxx.84.225/28<br />- I changed WAN on Box 2 to xxx.xxx.84.226/28<br />- GW: xxx.xxx.84.233<br />- CARP Address 1: xxx.xxx.84.234/28<br />- CARP Address 2: xxx.xxx.84.235/28<br />- CARP Address 3: xxx.xxx.84.236/28<br />- CARP Address 4: xxx.xxx.84.237/28</p>
<p>After the modifications above i was not able to reproduce the issue anymore - but for sure, i can not leave this config in production, because my ISP did not assign a /28 subnet to me. As suggested around the web: Technically i would become able to use CARP with 3 IPs, as i have a /29 subnet with 4 addresses useable - but i prefer no to do this, because from my point of view it's a waste of IP-addresses. Additionally; if this can be solved, it would be possible for all those people with only one public IP to use CARP and take profit from HA (i’ve inbound & outbound NAT, portforwarding and ipsec tested - probably the things the most people use in such setups)</p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=376932018-08-14T14:01:15ZAnonymous
<ul><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=383162018-09-11T13:50:01ZAnonymous
<ul><li><strong>Target version</strong> changed from <i>2.4.4</i> to <i>2.4.4-GS</i></li></ul> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=387472018-10-03T08:38:52ZAnonymous
<ul><li><strong>Target version</strong> changed from <i>2.4.4-GS</i> to <i>2.4.4-p1</i></li></ul> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=391622018-11-07T20:38:16ZJohn K
<ul></ul><p>I'm having the exact same issue with 2.4.4. Using IPs outside the WAN-VIP subnet on the WAN interfaces forces the default gateway route to be lost when returning to the master after a fail-over. I simply can't sacrifice 3 public IP4 addresses to the alter of pfSense HA.</p>
<p>Please increase the priority of this issue. Please stop pushing back the target version!</p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=392592018-11-15T08:00:48ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li></ul> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=393232018-11-20T13:35:08ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Fix #8465: Preserve default gw when switch to BACKUP interfaces_carp_set_maintenancemode() calls..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/8bffe226d5183dda310dde2a89c78f2d8d79789c">8bffe226d5183dda310dde2a89c78f2d8d79789c</a>.</p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=393562018-11-21T18:18:59ZChris Linstruth
<ul></ul><p>Tested on CE build from Friday November 16th. Duplicated missing default gateway on primary node after failover and failback.</p>
<p>Upgraded both nodes to Nov 20. Default gateway was present through carp maintenance and back on the primary. Looks good.</p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=393662018-11-22T05:00:55ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=400572019-02-27T14:55:50ZChristian Grunfeld
<ul></ul><p>The same issue is back in 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN IP (/30) and "gateway in non local net" is set.</p>
<p>Node A:<br />wan: 10.0.0.1/30<br />lan: 16X.XXX.100.251/24</p>
<p>Node B:<br />wan: 10.0.0.2/30<br />lan: 16X.XXX.100.252/24</p>
<p>Carp:<br />wan vip: 16X.XXX.198.154/30<br />lan vip: 16X.XXX.100.254/24</p>
<p>Default Gateway of nodes is 16X.XXX.198.153/30 is lost on "temporarily dissable carp" and "persistent carp maintenance mode"</p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=400722019-03-05T14:00:53ZTom Huerlimann
<ul></ul><p>Hi all</p>
<p>The problem is still (or again) reproducable.</p>
<p>Best regards<br />Tom</p> pfSense - Bug #8465: Lost default gateway after recover from failover with CARP VIP and HAhttps://redmine.pfsense.org/issues/8465?journal_id=483482020-10-05T15:36:46ZMilad Soltanianmaj0rmil4d@gmail.com
<ul><li><strong>File</strong> <a href="/attachments/3191">fixgw.sh.txt</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3191/fixgw.sh.txt">fixgw.sh.txt</a> added</li><li><strong>File</strong> <a href="/attachments/3192">fixgw-pf.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3192/fixgw-pf.png">fixgw-pf.png</a> added</li></ul><p>well we solved the problem by this way , first create a script to check if the default route is still exists or no then if does not just add it :)</p>
<p>I added a cronjob for this though</p>
<p>fixgw.sh :</p>
<p>HOSTNAME="$(hostname)"</p>
<p>if ! [ $(route -n show 0.0.0.0 | grep gateway | cut -d ":" -f 2 | cut -d " " -f 2) == "10.10.10.1" ]; then route add -net 0.0.0.0/0 10.10.10.1 ; fi</p>