[SOLVED] Really strange routes change after 24.1.9 upgrade

Started by FMJ99, July 16, 2024, 11:14:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 16, 2024, 11:14:19 PM Last Edit: July 17, 2024, 10:50:03 PM by FMJ99
Hello
I tested upgrade from 24.1.6 to 24.1.9.
After reboot, from the LAN, I was't able to log in. Normal : I was unable to ping the LAN OPNsense fw interface from the LAN.
Well, as the FW is VM hosted, I connected to the console to debug this issue. The interfaces state and setup seemed OK, without any change. I pinged the LAN router interface : OK !
Well, I checked the routes with an HUGE surprise. Totally incomprehensible for me !   :o
The FW has 3 interfaces :
#5 LAN (hn0) : 90.0.90.2
#7 WAN1 (hn2) : X.X.X.X
#8 WAN2 (hn3) : X.X.X.X
--> no change

Note : the routing is only static : no RIP, no OSPF, no BGP !

Behind the LAN interface, there's a router with 10.x.0/24 subnets that are statically declared in OPNsense FW, with the 90.0.90.2 next-hop address. The router address : 90.0.90.1/24 for the OPNsense side, 10.0.1.1/24 for one LAN subnet side.

Lets take a look at the routing table in 24.1.6 :
90.0.90.0/24    link#5       U      hn0
90.0.90.2         link#5       UHS      lo0
10.0.1.0/24    90.0.90.1     UGS      hn0   
10.0.2.0/24    90.0.90.1     UGS      hn0   
etc.

And now the routing table after 24.1.9 :
90.0.90.0/24    link#5       UGS      hn0
90.0.90.2         10.0.1.1    UHS      hn0 !!!!!
90.0.90.0/24    10.0.1.1     UGS      hn0   !!!!!!
10.0.1.1    link#5       UHS      hn0   !!!!!!
10.0.1.0/24    10.0.1.1     UGS      hn0   !!!!!!
10.0.2.0/24    10.0.1.1     UGS      hn0   !!!!!!
etc.

I don't have a single idea where OPNsense got the 10.0.1.1 address : it doesn't exist in its settings !!!!!! (well, to be precise, it exists one time, in an alias content definition)
An why this mess inside the routing table ???!!!

I change/delete the routes and I could connect to OPNsense which has worked normally after that.

As a precaution, I made a failback to 24.1.6, the time to understand what was wrrong !

Thank you in advance for yours lights !
July 17, 2024, 10:48:54 PM #1
In fact, this issue was not so difficult to solve and was not so mysterious !
As I was astonished that this router interface IP ended up in the routing table while it was not shown in the OPN GUI settings, I looked for it in the config.xml file. And I found it in the .... gateways definitions ! And not one but twice !
I should have consulted the gateway logs which showed the error :"Warning - dpinger - Gateway: duplicated entry "LAN_GW" in config.xml needs manual removal".
This silent settings conflict was obviously very old and until the 24.1.10 all the previous updates didn't produce this strange routing table change.
After editing the config.xml file, I rebooted then upgraded again to the 24.1.10 version and this time it went well !
Print
Go Up Pages1
User actions