Bug #12751
Updated by Marcos M almost 3 years ago
SETUP: * FRR BGP over IPsec VTI using a localhost interface as update source. * Check @Diagnostics / Routes@ for route advertised by neighbor * IPsec P1 configured with failover gateway group using a CARP VIP for each WAN. * FRR option @Ignore IPsec Restart@ is not checked (further testing needed with this option checked) * pfSense 22.01-RC * Simulate gateway offline/online by blocking/allowing traffic upstream TEST: VTI gateway with option checked: @Disable Gateway Monitoring Action@ * Failover from WAN1 to WAN2: routes *NOT* restored * Bounce WAN1 and WAN2 gateways: routes *NOT* restored * Run @/etc/rc.newipsecdns@: routes *NOT* restored * -IPsec IPsec local service stop then start: routes restored- restored (EDIT: see comments) * IPsec remote service stop then start: routes restored VTI gateway with default settings * Failover from WAN1 to WAN2: routes restored * Bounce WAN1 and WAN2 gateways: routes *NOT* restored * Run @/etc/rc.newipsecdns@: routes *NOT* restored * -IPsec IPsec local service stop then start: routes *NOT* restored- restored (EDIT: see comments) * IPsec remote service stop then start: routes restored Routes should be restored in all scenarios if possible.