Text only | Text with Images

OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: Andreas_ on February 15, 2018, 12:12:10 PM

Title: outgoing NAT with interface_address uses carp ip
Post by: Andreas_ on February 15, 2018, 12:12:10 PM
After upgrading to 17.x to 18.1.2, the outgoing NAT address translation doesn't work any more as expected.

I have outgoing nat configured to use the interface address on a CARP cluster, which used do use the physical ip address of each machine.
After the upgrade, outgoing traffic uses all VIF ip addresses randomly, making some sites' session handling nonfunctional.
Title: Re: outgoing NAT with interface_address uses carp ip
Post by: franco on February 15, 2018, 02:20:41 PM
Hi,

See: https://github.com/opnsense/changelog/commit/79852185a

It is the new default for consistency reasons. If you need this to work in a different manner use manual outbound.


Cheers,
Franco
Title: Re: outgoing NAT with interface_address uses carp ip
Post by: Andreas_ on February 16, 2018, 11:59:23 AM
Ok, I fixed this by specifying a dedicated IP.
IMHO the sticky option should be default on, since load balancer et al get confused if the same client is using different ips within the same session.
Title: Re: outgoing NAT with interface_address uses carp ip
Post by: franco on February 28, 2018, 08:10:31 AM
Yes, we'll enable sticky by default.

https://github.com/opnsense/core/commit/912dd0d


Cheers,
Franco
Text only | Text with Images