OPNsense Forum
English Forums => General Discussion => Topic started by: FraLem on July 19, 2018, 07:49:01 am
-
Hi there,
I come across an issue implementing static roting on OPNsense 18.1.12-amd64.
Very basic set-up: Network 192.168.21.0/24 on 10.10.100.53
Opensense WAN: 10.10.100.52/24
Default Gateway: 10.10.100.1
Option " Bypass firewall rules for traffic on the same interface " is activated.
Routing table:
root@OPNsense:~ # netstat -4rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 10.10.100.1 UGS em0
10.10.100.0/24 link#1 U em0
10.10.100.52 link#1 UHS lo0
127.0.0.1 link#7 UH lo0
192.168.1.0/24 link#2 U em1
192.168.1.1 link#2 UHS lo0
192.168.21.0/24 10.10.100.53 UGS em0
root@OPNsense:~ # traceroute 192.168.21.1
traceroute to 192.168.21.1 (192.168.21.1), 64 hops max, 40 byte packets
1 10.10.100.1 (10.10.100.1) 0.317 ms 0.154 ms 0.150 ms
2 1.0.0.138 (1.0.0.138) 0.542 ms 0.537 ms 0.595 ms
3 1.0.0.82 (1.0.0.82) 0.659 ms 0.733 ms 0.645 ms
4 1.1.1.12 (1.1.1.12) 0.896 ms 0.830 ms 0.712 ms
Any suggestion will be appreciated.
Rgds
-
In System : Gateways : Single check if your default gateways is also marked with default. If yes, go to Interface : WAN and remove the gateway from Upstream.
Probably needs a reboot ...
-
Thanks for the repply.
Removed Gateway from IPv4 Upstream Gateway, and rebooted (Attached screenshot).
Still not taking the static route routing
root@OPNsense:~ # netstat -4rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 10.10.100.1 UGS em0
10.10.100.0/24 link#1 U em0
10.10.100.52 link#1 UHS lo0
127.0.0.1 link#7 UH lo0
192.168.1.0/24 link#2 U em1
192.168.1.1 link#2 UHS lo0
192.168.21.0/24 10.10.100.53 UGS em0
root@OPNsense:~ # tracert 192.168.21.1
tracert: Command not found.
root@OPNsense:~ # traceroute 192.168.21.1
traceroute to 192.168.21.1 (192.168.21.1), 64 hops max, 40 byte packets
1 10.10.100.1 (10.10.100.1) 0.190 ms 0.282 ms 0.141 ms
2 1.0.0.138 (1.0.0.138) 0.614 ms 0.508 ms 0.543 ms
3 1.0.0.82 (1.0.0.82) 0.649 ms 0.690 ms 0.668 ms
4 1.1.1.12 (1.1.1.12) 0.798 ms 0.817 ms 0.866 ms
5 * * *
^C
root@OPNsense:~ #
-
Can you post screenshots of your Firewall : Settings : Advanced?
I had the same issue, thought that removing upstream was enough.
-
No problem.
-
Can you tick "Disable force gateway" and reboot?
-
Great ! Much better now. Thank's for the support.
I've gone back to the original set-up with two static routes:
192.168.21.0/24 10.10.100.53
192.168.30.0/24 10.10.100.100
Internet:
Destination Gateway Flags Netif Expire
default 10.10.100.1 UGS em0
10.0.10.0/24 10.0.10.2 UGS ovpns1
10.0.10.1 link#11 UHS lo0
10.0.10.2 link#11 UH ovpns1
10.10.100.0/24 link#1 U em0
10.10.100.52 link#1 UHS lo0
10.10.100.124 link#1 UHS lo0
10.10.100.125 link#1 UHS lo0
10.10.100.126 link#1 UHS lo0
10.10.100.127 link#1 UHS lo0
10.10.100.128 link#1 UHS lo0
10.10.100.129 link#1 UHS lo0
127.0.0.1 link#7 UH lo0
192.168.2.0/24 link#2 U em1
192.168.2.1 link#2 UHS lo0
192.168.21.0/24 10.10.100.53 UGS em0
192.168.30.0/24 10.10.100.100 UGS em0
192.168.51.0/24 link#15 U bridge0
192.168.51.254 link#15 UHS lo0
root@OPNsense:~ # traceroute 192.168.30.10
traceroute to 192.168.30.10 (192.168.30.10), 64 hops max, 40 byte packets
1 10.10.100.100 (10.10.100.100) 0.404 ms 0.303 ms 0.293 ms
2 192.168.30.10 (192.168.30.10) 0.474 ms 0.381 ms 0.372 ms
root@OPNsense:~ # traceroute 192.168.21.100
traceroute to 192.168.21.100 (192.168.21.100), 64 hops max, 40 byte packets
1 10.10.100.53 (10.10.100.53) 0.484 ms 0.352 ms 0.347 ms
2 192.168.21.100 (192.168.21.100) 17.530 ms 2.959 ms 2.803 ms
root@OPNsense:~ # traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 40 byte packets
1 10.10.100.1 (10.10.100.1) 0.179 ms 0.158 ms 0.138 ms
2 1.0.0.138 (1.0.0.138) 0.668 ms 0.452 ms 0.562 ms
3 172.16.138.1 (172.16.138.1) 0.897 ms 0.737 ms 0.760 ms
4 222.red-80-58-67.staticip.rima-tde.net (80.58.67.222) 3.384 ms 4.253 ms 3.437 ms
^C
root@OPNsense:~ #
-
Great! :)