Project

General

Profile

Bug #12751

Updated by Marcos M about 2 years ago

SETUP: 
 * FRR BGP over IPsec VTI using a localhost interface as update source. 
 * Check @Diagnostics / Routes@ for route advertised by neighbor 
 * IPsec P1 configured with failover gateway group using a CARP VIP for each WAN. 
 * FRR option @Ignore IPsec Restart@ is not checked (further testing needed with this option checked) 
 * pfSense 22.01-RC 
 * Simulate gateway offline/online by blocking/allowing traffic upstream 

 TEST: 
 VTI gateway with option checked: @Disable Gateway Monitoring Action@ 
 * Failover from WAN1 to WAN2: routes *NOT* restored 
 * Bounce WAN1 and WAN2 gateways: routes *NOT* restored 
 * Run @/etc/rc.newipsecdns@: routes *NOT* restored 
 * -IPsec IPsec local service stop then start: routes restored- restored (EDIT: see comments) 
 * IPsec remote service stop then start: routes restored 


 VTI gateway with default settings 
 * Failover from WAN1 to WAN2: routes restored 
 * Bounce WAN1 and WAN2 gateways: routes *NOT* restored 
 * Run @/etc/rc.newipsecdns@: routes *NOT* restored 
 * -IPsec IPsec local service stop then start: routes *NOT* restored- restored (EDIT: see comments) 
 * IPsec remote service stop then start: routes restored 

 Routes should be restored in all scenarios if possible.

Back