BGP no PATH via WAN interface

[jess-tailor]

Hello,

# Setup cluster
- opnsense newest version , using defaults, plugin FRR
- some computers connected to opnsense via LAN1 (10.1.255.0/24) and some computers via LAN2 (10.1.254.0/24)
- configured FRR to know about these computers (Neigbours,AS,etc)
- On these computers all have BGP running (KUBE-VIP)
- KUBE-VIP (BGP Softwar)e provides a Virtual IP (10.1.253.1)

# What works
 On the computes on LAN1 and LAN2 the VIP  10.1.253.1 is known. (ping 10.1.253.1 works on any of these computers)

# What does not work.
When I want to access the VIP  10.1.253.1 from the outside (WAN)

I tried to ping 10.1.253.1 from a computer on the WAN interface.
In the logs I see that IP 10.1.253.1  reaches the WAN. But no traffic on LAN1 and LAN2 is visible on the logs (packet-capture)

Could somebody explain what I might being doing wrong?

I am assuming that BGP makes the IP 10.1.253.1 route known to the whole opnsense router. So the WAN should forward the VIP via BGP routes to the right computer on LAN1 or LAN2.

But maybe I am misunderstanding BGP?

I not an expert on networking. But trying to improve my knowledge.

[jess-tailor]

Here are some additional infos:

vtysh -c 'show ip route'

K>* 0.0.0.0/0 [0/0] via 192.168.172.1, igb1, 01:02:24
B>* 10.1.253.1/32 [20/0] via 10.1.255.245, igb0, weight 1, 01:01:36
  *                      via 10.1.255.253, igb0, weight 1, 01:01:36
C>* 10.1.254.0/24 [0/1] is directly connected, igb2, 01:02:24
C>* 10.1.255.0/24 [0/1] is directly connected, igb0, 01:02:24
C>* 10.3.0.0/16 [0/1] is directly connected, igb3, 01:02:24
C>* 192.168.172.0/24 [0/1] is directly connected, igb1, 01:02:24

vtysh -c 'show bgp ipv4 summary'

IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.178.8, local AS number 65401 vrf-id 0
BGP table version 2
RIB entries 1, using 192 bytes of memory
Peers 11, using 7893 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.1.254.238    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.254.239    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.254.240    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.254.251    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.254.252    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.254.253    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.254.254    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.255.238    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.255.239    4      65400         0         0        0    0    0    never       Active        0 N/A
10.1.255.245    4      65400       397       397        0    0    0 01:05:40            1        1 N/A
10.1.255.253    4      65400       397       397        0    0    0 01:05:42            1        1 N/A

 vtysh -c 'show bgp ipv4 unicast'
BGP table version is 2, local router ID is 192.168.178.8, vrf id 0
Default local pref 100, local AS 65401
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

    Network          Next Hop            Metric LocPrf Weight Path
 *= 10.1.253.1/32    10.1.255.245                           0 65400 i
 *>                  10.1.255.253                           0 65400 I

I also tried "disable al package filtering"  on the firewall. But still the IP 10.1.253.1 is not  passed from the WAN into the LAN subnet.  So I must be overlooking something really obvious.