OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: whitwye on August 05, 2017, 06:33:53 pm

Title: How can I change the default route to the LAN while doing initial configuration?
Post by: whitwye on August 05, 2017, 06:33:53 pm

While the end point will be a two-WAN config, while setting this up initially we have OPNsense just connected via LAN. I'm trying to reset the default gateway to use the LAN for now. If this were Linux I'd just do "ip ro del default; ip ro add default via a.b.c.d dev whatever." But here, from the console, when I try "route del default" I get "route: writing to routing socket: Address already in use \  del net default fib 0: gateway uses the same route".

Since I'd like to configure OPNsense before connecting directly to either WAN, including downloading updates, this has me stuck for now. What are the steps to get FreeBSD to let me set a new default route, via the LAN, for now? I've Googled, but the docs I find elsewhere imply that "route del default" will just work, and don't say what's required when it refuses to.

The current initial OPNsense configuration routine seems to assume that the whole setup is new, so the WAN interface can be immediately used. Our situation is one where we're getting set to replace existing firewalls, which will remain in charge of our WANs until we've go OPNsense fully configured, and ready to substitute for them. Is there a documented procedure somewhere for our type of situation? Thanks.

Title: Re: How can I change the default route to the LAN while doing initial configuration?
Post by: franco on August 06, 2017, 12:14:32 am

You may be in luck. The console option 2 has been reworked considerably for 17.7 -- you can reconfigure your LAN to use static addressing and you will be able to enter a gateway. This gateway will be activated as the firewall's default gateway. It will ask if you want to use this gateway as a DNS server, too.


Cheers,
Franco

Title: Re: How can I change the default route to the LAN while doing initial configuration?
Post by: whitwye on August 07, 2017, 04:08:58 pm

Thanks. I'd taken the "For a WAN, enter the new LAN IPv4 upstream gateway address. For a LAN, press <ENTER> for none" message as if it wasn't really offering to set a gateway for a LAN. I wasn't following the shifting context.

Still, something's not right yet. I assigned the gateway for the LAN interface. The WAN interface has nothing assigned to it. Yet after the reassignment through option 2 "netstat -r" still shows it as having the gateway on the WAN interface, which it's assigning to the second NIC, whereas the WAN, with the IP set, is on the first NIC.

I was going to copy that netstat result, but was working through a iDRAC console. Went to bring up a new console session for ssh to paste from (should that be active yet?) without properly changing focus with ctrl-alt-T, which instead exited the menu session on pfsense -- and appears to have scrambled the password. Now can't log in with default root, opnsense on either that console or the web interface. No idea how "ctrl-alt-t" got taken as "change root credentials." Guess this means having to restart the installation.

Is there a good document somewhere on how FreeBSD handles configuration of its TCP/IP stack? I've checked the Handbook on the project site, but that doesn't have much depth on this. I'd like to understand what the features are that were stopping me from removing a default gateway. It's obviously far different from Linux in handling such things.