OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: franco on December 30, 2016, 06:05:02 pm

Title: [CALL FOR TESTING] Cooperative IPv4 forwarding for IPFW/PF
Post by: franco on December 30, 2016, 06:05:02 pm

Hi all,

As you know we've had multiple reports of the following problems:

1. Captive Portal and Multi-WAN (Policy Routing) do not work at the same time.

2. Traffic Shaping and Multi-WAN (Policy Routing) do not work at the same time.

This has possibly been the longest journey for us in terms of a bug report itself, where to fix it and how to bring it to FreeBSD eventually. One of the biggest issues was that the bug was the status quo of how IPFW and PF work together in FreeBSD for many years: mostly fine, but not fully supported. Since pfSense shifted this paradigm, circumventing the issue with patches not in FreeBSD, we got to the bottom and are putting the pieces back together now.

The technical details can be found in the following code review, which is only a start of what is actually needed to make sure the problem will be properly addressed in FreeBSD 12:

https://reviews.freebsd.org/D8877

The test kernel with a fixed IPv4 handling is available for OPNsense 17.1.b (amd64 only for now), easily installed by invoking the following from the command line:

# opnsense-update -kr 17.1.b-route
# /usr/local/etc/rc.reboot

With the help of you all and a little bit of luck this will make it into 17.1-RC to allow for a better 17.1 as promised quite a few months ago. :)


Thank you,
Franco

Title: Re: [CALL FOR TESTING] Cooperative IPv4 forwarding for IPFW/PF
Post by: tillsense on December 30, 2016, 09:08:07 pm

Quote

#uname -a
FreeBSD 11.0-RELEASE-p6 FreeBSD 11.0-RELEASE-p6 #0 4a1615c9d(pf_route): Fri Dec 30 16:40:07 CET 2016     root@sensey64:/usr/obj/usr/src/sys/SMP  amd64

cheers till

-------------------------------------
OPNsense 17.1.b_74-amd64
FreeBSD 11.0-RELEASE-p6
OpenSSL 1.0.2j 26 Sep 2016