No "route-to" rule for gateway group will be created when using dynamic gateway

Started by Nify, September 25, 2024, 08:04:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 25, 2024, 08:04:30 AM Last Edit: September 27, 2024, 02:37:35 PM by Nify
Hello all,

It seems that for many versions now (going back even to 23.x versions), Opnsense has the peculiar behavior of ignoring rules which attempt to route to gateway groups that use dynamic gateways. This also appears to be affecting the current version.

An issue was opened on Github, but appears to have been abandoned:

https://github.com/opnsense/core/issues/6486

Any plans for this to be fixed, or are there any workarounds?

Thanks.
September 25, 2024, 08:25:32 AM #1
You can always ask on the ticket, but it seems that not a lot of people miss the feature?


Cheers,
Franco
September 25, 2024, 08:44:20 AM #2 Last Edit: September 25, 2024, 08:46:42 AM by Nify
Thanks for your reply.

So with this feature not working, what would be the best way to configure failover/load balancing with several OpenVPN clients? IE, for a certain set of IPs, I'd like to route to a pool of VPN connections with failover and/or load balancing, but I am configuring the VPN connections using gateways with dynamic IPs.

I'm able to route any given IP to a specific VPN connection this way, but currently can find no way of routing to a pool of potential VPN connections that use dynamic gateways.

This seems like a very basic piece of functionality that is now missing.

Thanks again
September 25, 2024, 08:57:53 AM #3
I'll let others chime in here mostly because you wouldn't be the first to run into a setup like that and also because as trivial as it may seem it's probably more work to integrate what you ask with all the complexity given in a gateway group vs. the simple round-robin case of load balancing.


Cheers,
Franco
September 25, 2024, 02:51:37 PM #4
Also posted on this a good while ago but never received a reply to this. Also tried a pool of VPN client connections but everthing would be routed out through the default internet gateway. Tried different tier settings (equal tiers and different tiers) to no avail.

Had given up on this and just set a gateway and no gateway groups for VPN clients. But if there's a solution or workaround for this, I'm happy to hear it.
September 27, 2024, 02:36:55 PM #5 Last Edit: September 27, 2024, 02:39:32 PM by Nify
Quote from: Native2184 on September 25, 2024, 02:51:37 PM
Also posted on this a good while ago but never received a reply to this. Also tried a pool of VPN client connections but everthing would be routed out through the default internet gateway. Tried different tier settings (equal tiers and different tiers) to no avail.

Had given up on this and just set a gateway and no gateway groups for VPN clients. But if there's a solution or workaround for this, I'm happy to hear it.

Yes, I'm having the same experience and I've found similar posts on this going back for over a year at this point. This apparently is not a priority for anyone--which I don't understand, because it seems like such a simple thing and also a really basic piece of functionality that you'd expect to find in a firewall software.
September 27, 2024, 02:54:18 PM #6
> it seems like such a simple thing and also a really basic piece of functionality that you'd expect to find in a firewall software

True due to the fact of way too many assumptions and lack of context here.


Cheers,
Franco
September 27, 2024, 03:53:46 PM #7
True, the other Sense also can't do this. I say live with it.
Print
Go Up Pages1
User actions