Hi all,
I have 2 opnsense firewalls, both running 25.7.8 and to each their vlan.
They're both interconnected by their LAN interfaces, in case WAN1 fails the traffic goes through the gateway of WAN2.
No the issue I have is that a route shows up on its own, I didn't create it, and when I delete it keeps coming back bringing my server down :
The faulty route is 10.99.200.180 being sent to 10.98.200.1 which goes through WAN2, I didn't add it and even when I delete it, it keeps coming back.
Can you please help?
Thanks
Here is more details about the route :
Proto Destination Gateway Flags MTU Netif Netif (name)
ipv4 10.99.200.0/24 link#14 U 1500 Vlan0.2 LAN
ipv4 10.99.200.1 Link#10 UHS 16384 lo0 loopback
ipv4 10.99.200.180 10.99.200.1 UGHS 1500 Vlan0.6 LAN98
The unwanted route is 10.99.200.180 being sent to 10.98.200.1 which is another firewall, the traffic ends up being blocked and rejected, making the server 10.99.200.180 isolated from the internet.
Do you have any ideas?
Thanks
UGHS - that route is static. It's configured somewhere. Do you have configured a gateway on vlan0.6? Remove that.
Quote from: Patrick M. Hausen on December 05, 2025, 08:54:18 PMUGHS - that route is static. It's configured somewhere. Do you have configured a gateway on vlan0.6? Remove that.
Thanks for your answer.
Where should I look? I checked :
System -> Routes -> configuration
And there is no such a route, in fact the page is empty.
I even downloaded the configuration file and did and nothing came up:
grep -rni 10.99.200.180 myroute-20251206083945.xmlWhere should I check?
Thanks
Interface configuration for LAN - did you set a gateway there? Don't.
If you need static routes pointing to that other firewall, add it as a gateway in System > Gateways and add the static routes as necessary.
Quote from: Patrick M. Hausen on December 06, 2025, 04:43:15 PMInterface configuration for LAN - did you set a gateway there? Don't.
If you need static routes pointing to that other firewall, add it as a gateway in System > Gateways and add the static routes as necessary.
Thanks, I checked, there are no routes configured in both of my LAN interfaces :
system -> routing -> configuration = empty
This is what makes it confusing, is that I don't have any static routes on both firewalls, just the gateways whith different priorities (1 for IPv6 / 2 IPv4 / 256 for the LAN98 interface)
As a workaround I emplemented a cron to delete that route, I really don't know where to look for anymore :
* * * * * /sbin/route delete -host 10.99.200.180
Interfaces > LAN - is there a gateway set?
Quote from: Patrick M. Hausen on December 07, 2025, 12:54:23 AMInterfaces > LAN - is there a gateway set?
Here is what my LAN interface looks like (didn't set anything there) as well as the second lan98 interface that connects through dhcp:
Screenshot attached
If the DHCP server in LAN98 sends a default gateway that is the cause for your static route. Don't use DHCP or any dynamic configuration for anything but WAN.
Quote from: Patrick M. Hausen on December 07, 2025, 09:38:51 PMIf the DHCP server in LAN98 sends a default gateway that is the cause for your static route. Don't use DHCP or any dynamic configuration for anything but WAN.
This was indeed the solution to the problem, thank you so much.