OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: dragon2611 on February 11, 2017, 05:08:45 pm

Title: 17.1.1 pbr
Post by: dragon2611 on February 11, 2017, 05:08:45 pm
Pretty sure 17.1.1 doesn't fix all the policy routing issue as I've got a teamspeak server running on a host with 2 WAN uplinks on the DNS points to WAN2, since upgrading no-one can connect to it.

It's a NAT port forward from the secondary uplink.
Title: Re: 17.1.1 pbr
Post by: dragon2611 on February 11, 2017, 05:20:51 pm
Specifically it looks like the reply doesn't automatically get routed to WAN2 to match the incoming, Not sure if I redirected all traffic from that host to WAN2 if it would work.


Edit: Even with a policy wan rule to put outbound traffic to WAN2 it still doesn't work, 17.1.x so far is a lemon if you have multiple wans/policy routing requirements it seems
Title: Re: 17.1.1 pbr
Post by: djGrrr on February 12, 2017, 03:53:55 pm
Can you try running this from the shell as root?
sysctl net.pf.share_forward=0

This should restore the stock FreeBSD way of doing policy routing.
Title: Re: 17.1.1 pbr
Post by: mbosner on February 12, 2017, 05:21:44 pm
I have also Teamspeak related problems, but they are different:

As soon as i have a 24h reconnect i have to restart the ts client. Before that it will not connect to the external TS server. Very strange but it is the same behavior on all devices. I will dig into it tonight.
Title: Re: 17.1.1 pbr
Post by: dragon2611 on February 13, 2017, 03:08:25 pm
Can you try running this from the shell as root?
sysctl net.pf.share_forward=0

This should restore the stock FreeBSD way of doing policy routing.

I'm afraid I already restored the VM from a backup that was taken prior to upgrading
Title: Re: 17.1.1 pbr
Post by: dragon2611 on February 15, 2017, 07:23:06 pm
Right re-applied the update and sysctl net.pf.share_forward=0 does appear to resolve the issue.
Title: Re: 17.1.1 pbr
Post by: franco on February 15, 2017, 10:48:04 pm
Sorry, we are circling back to a default of net.pf.share_forward=0 and a GUI override to in 17.1.2 to get to see underlying base OS update issues first, then improve shared forwarding further.