Bug #9235
closedpfsense does not send ICMP redirect
0%
Description
Hi,
This is a clone of
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221137
In FreeBSD >=11, ICMP redirect are not sent.
An effective and very simple patch is attached.
To the best of my knowlege and test (tcpdump) ICMP redirect are effectively not sent by pfsense.
According to the bug, there is no workaround.
Packets are forwarded by pfsense in place of ICMP redirect, which can result in an asymmetric routing and other nasty situations.
According to the roadmap,
https://www.netgate.com/docs/pfsense/releases/versions-of-pfsense-and-freebsd.html
pfsense will stick to 11.2 version for a while.
Is possible to have a backport of such path?
Use case scenario:
- we have 2 pfsense in HA
- we have 2 openvpn gateway in the LAN
- the 2 openvpn gateway are reaching private address
- we cannot/wont move openvpn configuration to the pfsense
Additional info
- puppet is one service in the private address map
- don't filter packets going out in the same interface is flagged
- puppet "sometimes" receive a timeout
Thanks,