1
24.1 Legacy Series / Re: Possible asymmetric route printing issue?
« on: March 11, 2024, 08:20:48 pm »
We have worked around the issue another way.
Thanks for everyone's feedback!
Thanks for everyone's feedback!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Asymmetric routing brings a lot of pain. Sub-optimal routing, performance issues, troubleshooting difficulties and other issues as you could see on this issue you try to resolve yourself.
You always want to go the path of optimal routing and optimal switching (L2 forwarding).
QuoteThank you for your reply. Asymmetric routing is very common in general. It would be very common for an internet device not follow the same route paths. Why would you not recommend this?Ok for routers, not firewalls.
Anyway if you prefer not to redesign your network you may try this guide https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html#manual-fix
It worked for me few years ago when I had to deal with asymmetric.
Or you can also try disable state tracking (state type: none) - I've never tried this before.
Or you can try pushing static route to your clients via dhcp option 121. You can follow a guide here https://forum.opnsense.org/index.php?topic=1972.0
I would not even advice to do it if there would be a pure simple router.
This really is an asymmetric routing issue, OPNsense would block TCP-SA from your workstation because it didn't see the TCP-Sync coming from your printer.
You can fix it by using 'sloppy state' on your vlan25 TCP pass rules. But if it were me, I'd redo the vlan25 or create a new vlan so all traffic must go through OPNsense.