Setting WAN interface with Gateway in different subnets

[nonsense]

Hi,

I am trying to setup pfSense in an ESXi server to protect the management network (yes, but don't stop reading), during the setup of the WAN interface it asks me for the IP and the gateway.

The provider uses IP Failover binded to MAC in order to provider with a public IPv4 to virtual machines, the Host has a different subnet range so pfSense complains saying "the gateway is not in the same subnet".

So, whereas I can get any VM to connect to Internet normally, I cannot get pfSense to configure a WAN interface and gateway in different subnets.

Is this issue "resolved" in OPNSense ? can you actually do that ?

[MaGu]

I had the same issue with my cloud infrastructure provider, and from the research I made on Google, this is not a bug, and is the standard BSD behavior.

To bypass this problem, I made a small script to set the gateway and the route when the system starts:

Code: [Select]

#!/bin/sh
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
route add -host IP_REMOTE_GATEWAY -iface WAN_INTERFACE_NAME
route add default IP_REMOTE_GATEWAY
Hope it helps. I put this script in a cronjob to make sure the gateway is reapplied regularly "just in case" something changes it.

[BertM]

If you are running pfSense, you can add the additional routing in the config.xml file using shellcmd.

To do so, from Backup/Restore, download the config.xml file.
Open it with something like Notepad++ (NOT Windows Notepad !!!)

Locate the line that reads:
</system>

Just above that line, add the following two lines:
<shellcmd>route add -host IP_REMOTE_GATEWAY -iface WAN_INTERFACE_NAME</shellcmd>
<shellcmd>route add default IP_REMOTE_GATEWAY</shellcmd>

More info can be found at https://doc.pfsense.org/index.php/Executing_commands_at_boot_time

On pfSense, you can also install the Shellcmd package. That will allow you to achieve the same via the web gui.

Regards,
Bert

[franco]

(shellcmd is not supported in OPNsense.)

[BertM]

Franco, you are right, but nonsense started with telling he did run pfSense, and he was just wondering if his problem was solved in OPNSense.
It's not, but there is a decent solution in pfSense which he is already running.

Kind regards,
Bert

[franco]

True. My concern is that unless effort is put into solving this with us directly on OPNsense we're not moving forward. I cannot test every setup, I cannot easily reproduce some of them. That other projects don't have default support for this further indicates that it isn't commonly found, at least in the target group of said products.