I know wrong forum sub, but as there isnt a 23.1 yet.
Updated, all working correctly. Rebooted. BGP Neighbor and Gateway Monitor for VTI interface failing for remote IP on my /30 for the tunnel.
Tunnel Up and can reach the other router via client (due to fw rule) but not on Opnsense. Added static /30 route in system > routes > config to point to far end router.
All working again. BGP Neighbor AS came up and Gateway Monitor started pinging/getting stats.
Never had to have a static for the VTI /30 prior. Unknown if by design or bug.
Just sharing info.
Hi and thanks for your report!
23.1.b_151 isn't what you are looking for, see https://forum.opnsense.org/index.php?topic=31861.msg153964#msg153964 for preliminary upgrade instructions.
Though this might be part of the swanctl.conf changes carried out to the IPsec tunnel configuration. If the issue persists I'd appreciate a ticket on GitHub.
Cheers,
Franco
Thanks Franco,
I did opnsense-update -ur 23.1.r1 and am still seeing the same issue when i disable the static route I created earlier. Will create a ticket on Github
Franco.
#6244
https://github.com/opnsense/core/issues/6244
Thanks, we will discuss this next week.
Cheers,
Franco
I can confirm with 23.1.b_151 the route to remote tunnel is missing.
I have a GRE tunnel with 10.2.3.1 as local address and 10.2.3.2 as remote address.
With 22.7.10_2 OPNSense created two routes:
10.2.3.1 link#13 UHS lo0
10.2.3.2 link#13 UH gre1
With 23.1.b_151 only one route is created:
10.2.3.1 link#13 UHS lo0
To fix this I manually added a static route to 10.2.3.0/30 via 10.2.3.2
updated to RC2, still having the same issue. adding static route still a valid workaround
Zan,
are you running any policy based routing? and have a gateway setup for the tunnel? I am on my config. I narrowed it down a bit. In the gateway settings select the option Disable Host Route (checked) the save. Then a full reboot of the box.
No longer need a static route added as i have mentioned above and all my routes are showing up properly. Check the github comments as we have been troubleshooting with the opnsense team.
Quote from: zan on January 17, 2023, 10:39:00 AM
I can confirm with 23.1.b_151 the route to remote tunnel is missing.
I have a GRE tunnel with 10.2.3.1 as local address and 10.2.3.2 as remote address.
With 22.7.10_2 OPNSense created two routes:
10.2.3.1 link#13 UHS lo0
10.2.3.2 link#13 UH gre1
With 23.1.b_151 only one route is created:
10.2.3.1 link#13 UHS lo0
To fix this I manually added a static route to 10.2.3.0/30 via 10.2.3.2
Quote from: danderson on January 19, 2023, 10:23:56 PM
are you running any policy based routing? and have a gateway setup for the tunnel? I am on my config. I narrowed it down a bit. In the gateway settings select the option Disable Host Route (checked) the save. Then a full reboot of the box.
Yep I have setup a gateway for policy routing & monitoring.
So upon further checking I found OPNSense actually did create the tunnel's remote host route but it gets destroyed if we have setup a gateway for the tunnel and did not tick the 'Disable host route' option.
I found it strange but I can live with that.
Good find @danderson! Thanks for your help appreciate it.
Patches at https://github.com/opnsense/core/issues/6244#issuecomment-1398088673
Something is fishy with the input that gateways are giving system_host_route()
Cheers,
Franco
Looks to be this... https://github.com/opnsense/core/commit/a230326d7fe16
# opnsense-patch a230326d7fe16
Confirmation help is welcome.
Thanks,
Franco
Franco,
this patch is confirmed working. as posted on github, I unchecked disable host route under the gateway and applied patch opnsense-patch a230326d7fe16
Quote from: franco on January 20, 2023, 02:27:16 PM
Looks to be this... https://github.com/opnsense/core/commit/a230326d7fe16
# opnsense-patch a230326d7fe16
Confirmation help is welcome.
Thanks,
Franco
Yep patch a230326d7fe16 fixes this.
Cheers!