Project

General

Profile

Feature #972

Allow adding gateways outside of interface subnet

Added by Chris Buechler over 10 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
Gateways
Target version:
Start date:
10/25/2010
Due date:
% Done:

100%

Estimated time:
Release Notes:
Default

Description

Gateways outside of the interface's IP subnet, on Ethernet links, cannot be added under normal circumstances as it's not really a valid config and FreeBSD won't add the default gateway as normal, and will not issue ARP requests for IPs outside of directly connected subnets. The work around to add such a gateway is to run:

# route add -net gatewayip/32 -iface em0 -cloning
# route add default gatewayip

Associated revisions

Revision de34f1fc (diff)
Added by Pi Ba over 5 years ago

Allow gateway outside interface subnet. Fixes #972, #1847, and was checked (on 2.2.5) with that provider to work properly for the IPv4 part. In 2.3 test machine IPv6 also seems to insert the proper routes.

History

#1 Updated by Seth Mos over 10 years ago

As I understood from Remko Lodder there is a large ISP in .de that also employs this with their ipv6 configuration. Odd.

#2 Updated by Iñigo Martinez over 10 years ago

Gateway test should check in both subnet interface and IP ALIAS subnet.
At this moment, only subnet interface is checked, but not subnet ip alias.

#3 Updated by Franck Bourdonnec over 9 years ago

well, OVH big big french provider is also using this king of setup

A well english detailled big page explain all here

http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet

Please implement your two lines fix asap when you detect the strange configuration !
Issue a warning if you want, but don't forbide it.

Franck

#4 Updated by Mike Noordermeer over 8 years ago

This is an rather large issue for me, since my ISP is using HSRP for redundancy on IPv6, and they provide me a link-local address as gateway... I can't enter that address into PFSense and thus can't use an IPv6 IP.

#5 Updated by Jim Pingle over 8 years ago

AT&T is doing this now on their network handing off DHCP with a /32 mask with certain uverse gear like the NVG510, so when we fix this, we'll need to also account for supporting this inside of dhclient-script

#6 Updated by Jim Pingle over 7 years ago

Apparently -cloning has been deprecated in FreeBSD, so that parameter should be removed from the above command.

# route add -net gatewayip/32 -iface em0
# route add default gatewayip

#7 Updated by Oliver K. over 7 years ago

Three years and counting... How is this still not implemented / patched?

#8 Updated by Chris Buechler over 7 years ago

because accommodating 1 in 100,000 scenarios isn't a priority, especially when there is an easy manual work around. Patches welcome.

#9 Updated by Dan F over 7 years ago

What would be the "correct" way to make this survive reboots, please?

#10 Updated by Dédé D over 7 years ago

Hi Dan,

I felt in the same trouble, and I the idea I have found to survive reboot is using the ShellCmd package : https://doc.pfsense.org/index.php/Executing_commands_at_boot_time

I added the workaround lines in comment #6, and it works (OVH Hyper-V 2008 guest VM).

#11 Updated by Jim Thompson over 5 years ago

  • Assignee set to Chris Buechler

PR #2119 claims to fix this and #1847

Please evaluate and report.

#12 Updated by Jim Thompson over 5 years ago

  • Target version changed from Future to 2.3

target set to 2.3

change it back if we don't want to add this now.

Looks like a low-drama PR though.

#13 Updated by Chris Buechler over 5 years ago

  • Category set to Gateways
  • Status changed from New to Feedback

It works, went ahead and merged it. The deletion doesn't happen correctly, added a comment to that PR, hopefully PiBa can follow up with a fix there.

Leaving for verification again once it's in a snapshot.

#14 Updated by Pi Ba over 5 years ago

  • % Done changed from 0 to 100

#15 Updated by Chris Buechler about 5 years ago

  • Status changed from Feedback to Resolved

these are added and removed correctly now

Also available in: Atom PDF