OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: cr4wen on August 29, 2017, 12:32:46 pm

Title: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: cr4wen on August 29, 2017, 12:32:46 pm
Hello,
I have OPNsense installed on physical box (box A). On same subnet as default GW I have another router (Linux box - box B). Each box have static routes for ohter box. When I ping from network behind box A to network behind box B it works, packer returns back. But when I try ping from network behind box B to network behind box A, packet goes back to default GW (I can see packet on WAN and confirmed from ISP) not via static route I added for Box B.

Can you help me fix it, please?

Best regards,
cr4wen
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: ChrisH on August 29, 2017, 01:06:20 pm
Can you give us the subnets and netmasks for the networks involved?
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: cr4wen on August 29, 2017, 01:11:54 pm
Sure

Box A
inner subnet 192.168.151.0/24
WAN IP 10.5.7.10/24
Default GW (ISP) 10.5.7.1

Box B
inner subnet 192.168.152.0/24
WAN IP 10.5.7.13/24
Default GW (ISP) 10.5.7.1

Thank you,
cr4wen
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: ChrisH on August 29, 2017, 01:22:13 pm
Looks good so far.

Any chance that ICMP is blocked somewhere, so that box B thinks box A is unreachable or something? Does OPNsense show box A as "up" under System -> Gateways -> Status? (You may have to enable gateway monitoring first)
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: cr4wen on August 29, 2017, 01:37:59 pm
Destinations are pingable so I think there is no problem witch block icmp (filter log show action pass when I grep these subnets/IPs). All GWs (default and box B) status is Online.  Monitoring wasn't enabled for box B GW, but still it was Online (that GW is pingable).

cr4wen
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: ChrisH on August 29, 2017, 01:44:45 pm
Grasping at straws now :)
Do the packets from B to A (sorry, had them reversed before) have the correct source address? Or does box B maybe NAT them before sending them to box A?
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: cr4wen on August 29, 2017, 01:52:44 pm
There is no NAT rule between these subnets (there is NAT rule saying NO NAT between these subnets - I tried it even with disabled all NAT rules, but no change). I can see on Box A on WAN that packet income, on internal interface I can see that reach destination because on internal interface I can see reply. That reply I can see on WAN but that reply does not reach box b. It goes to default GW which I have confirmed from ISP. But it should go back to box B because of static route..... But it is not happen...

I tried to change GW in firewall rules but without any change (i was sometimes worse - it is not income into internal interface). So in rules I have GW * (default).


cr4wen
Title: Re: OPNsense 17.7 Static routes not working (for backwards traffic)
Post by: cr4wen on August 30, 2017, 04:40:42 pm
I established VPN between box A and B as temporary workaround. But I think this behaviour (ignoring static route for backwards traffic) is bug.