OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: Math43 on August 07, 2019, 08:54:06 am
-
Hello,
I've got a strange static routing behavior with 19.7.2 firmware.
Here is my routing table:
root@OPNsense:~ # netstat -r4
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default A.B.C.D UGS vmx3
100.64.0.0/24 172.18.4.21 UGS vmx1
172.21.0.0/16 172.18.4.20 UGS vmx1
I'm able to contact 100.64.0.0/24 but not able to contact 172.21.0.0/16, there is the traceroute:
root@OPNsense:~ # traceroute 172.21.169.103
traceroute to 172.21.169.103 (172.21.169.103), 64 hops max, 40 byte packets
1 172.18.4.21 (172.18.4.21) 0.523 ms 0.262 ms 0.200 ms
Wrong next hop is choosen. If I change Gateway priority of the two gateway (172.18.4.21 / 172.18.4.20), the behavior is reversed (172.21.0.0/16 is reachable but not 100.64.0.0/24)
On 17.1 problem is not present.
Regards,
Math
-
Interfaces : XXX : Upstream -> set to auto-detect and check if you have correct gateways
-
Hello,
Auto-detect is already set.
Regards,
Mathieu
-
On all interfaces?
-
No, not on WAN interface, but if I change to autodetect, it's even worse
-
Stay cool 8)
Create a gateway for WAN, Mark it as upstream, then check that outbound Nat is Hybrid or Manual, then set WAN to auto-detect. After this check outbound Nat if there are correct entries and Post a Screenshot of routing table. It should be good
-
Hello,
- I already have a WAN gatewau mark as upstream.
- Outbound NAT is Manual
- Outbound NA entry are corrects
Behaviour is still the same: Routing table is correct but wrong routing decision is taken when making a traceroute.
root@OPNsense:~ # netstat -r4
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default A.B.C.D UGS vmx3
A.B.C.D/24 link#4 U vmx3
OPNsense link#4 UHS lo0
10.2.0.0/24 link#16 U vmx8_vla
OPNsense link#16 UHS lo0
100.64.0.0/24 172.18.4.21 UGS vmx1
100.64.2.0/23 172.18.4.21 UGS vmx1
100.64.4.0/23 172.18.4.21 UGS vmx1
100.64.6.0/23 172.18.4.21 UGS vmx1
100.65.0.32/29 link#7 U vmx6
OPNsense link#7 UHS lo0
localhost link#11 UH lo0
172.18.4.16/28 link#2 U vmx1
OPNsense link#2 UHS lo0
172.20.0.0/16 link#1 U vmx0
OPNsense link#1 UHS lo0
172.21.0.0/16 172.18.4.20 UGS vmx1
192.168.4.0/24 link#15 U vmx8_vla
OPNsense link#15 UHS lo0
192.168.10.0/24 192.168.4.250 UGS vmx8_vla
192.168.12.0/24 192.168.4.250 UGS vmx8_vla
192.168.14.0/24 192.168.4.250 UGS vmx8_vla
192.168.15.0/24 192.168.4.250 UGS vmx8_vla
192.168.18.0/24 192.168.4.250 UGS vmx8_vla
192.168.24.0/24 192.168.4.250 UGS vmx8_vla
192.168.30.0/24 192.168.4.250 UGS vmx8_vla
192.168.31.0/24 192.168.4.250 UGS vmx8_vla
192.168.32.0/24 192.168.4.250 UGS vmx8_vla
192.168.33.0/24 192.168.4.250 UGS vmx8_vla
192.168.42.0/24 192.168.4.250 UGS vmx8_vla
192.168.43.0/24 192.168.4.250 UGS vmx8_vla
192.168.44.0/24 192.168.4.250 UGS vmx8_vla
root@OPNsense:~ # traceroute 172.21.10.1
traceroute to 172.21.10.1 (172.21.10.1), 64 hops max, 40 byte packets
1 172.18.4.21 (172.18.4.21) 0.319 ms 0.234 ms 0.202 ms
2 *^C
-
With help of opnsense github support, i manage to resolve my issue:
After a tcpdump, i find my packet matching this rule:
@73 pass out log on vmx1 route-to (vmx1 172.18.4.21) inet from 172.18.4.25 to ! (vmx1:network:1) flags S/SA keep state allow-opts label "2ff18b6378c052f6d36a245571286063"
I find the rule in WEBUI and find the guilty config, i need to uncheck " Disable automatic rules which force local services to use the assigned interface gateway. " under Firewalls > Settings > Advanced.
Sorry for the inconvenience and thanks you very much for you help mimugmail.
Regards,
Math
-
You mean you unchecked "Disable force gateway" or you checked it? Just courious ... I always check it, never had problems
-
I have to check, yes correct. I've edited my post.