[PARTIALLY SOLVED] 17.1.5 - Gateway problems

[fabio]

Hi,

After the 17.1.5 upgrade seems the "default gateway switching" and the "Gateways Group" do not work any more

To be honest I'm not completely sure about the gw switching; I've tested it, not in a "deep way", the just last Friday ... but I remember it was working

instead about the "Group" I currently have the Tier 1 offline, the Tier 2 online, in the firewall there is a rule "any" configured with the gw group ... and a traceroute show the traffic is always routed via "Tier1". In this case I'm sure it was working...

Does anyone noticed a similar behaviours after the upgrade

Thanks
--
Fabio

[bulmaro]

Gooday to everyone
My problem is the following
My pc is connected to the LAN2 of the internet WAN3, to get maximum traffic in the LAN2, the Internet is disconnected from the pc connected in the network LAN1

I attached the image and the configuration of my opnsense.
I thank you for the attention and help to correct my problem in what I am doing wrong

[fabio]

Hi All,

Fortunately I've an "old VM" with a 1.7.3 so I was able to test the configurations on both the versions.

To be sure to test the same config I've the 2 fw in High Availability (with all the setting  flagged)

opn1 - version 1.7.5 - master
opn2 - version 1.7.3 - slave

I can confirm that in my test "Allow default gate way switching" and "Gateways: Group" work ONLY on the 1.7.3 slave

... I'm quite sure all was working also on 1.7.4

--
Fabio

[jorgevisentini]

Yes, fabio, here also it is not working...

I came back to version 17.1.4 and it's working.

[fabio]

Exactly which is the right downgrade procedure ? I used the following one ... but looks like wrong

  * opnsense-update -sn "17.1\/MINT\/17.1.4\/OpenSSL"
  * opnsense-update -pf

Then I saw errors in the pkg database, fixed with:

  * pkg shell
    * CREATE VIRTUAL TABLE pkg_search USING fts4(id, name, origin);
  * pkg upgrade (to upgarde only the pkg package)

DHCP was broken and I notice missing user in /etc/passwd ... so I've reinstalled the related pkgs 

  * pkg install -f isc-dhcp43-server
  * pkg install -f flowd
  * pkg install -f squid

As told this procedure looks like very wrong, anyway "all" seems work now

[franco]

It seems this only affects the core package in an edge case. The portable solution is to downgrade the core package alone and leave the other packages at their latest version:

# opnsense-revert -r 17.1.4 opnsense


Cheers,
Franco

[franco]

Hi Fabio,

There is a patch available here:

https://github.com/opnsense/core/commit/2f715d2

You can install it to 17.1.6 with the following command:

# opnsense-patch 2f715d2


Cheers,
Franco

[jorgevisentini]

Thanks franco.

I will update opnsense-patch 2f715d2 and anything downgrade this package.
Before, a backup of course haha.

[franco]

Careful, it needs 17.1.6 first before opnsense-patch works.

[jorgevisentini]

Hi franco,

it worked.

Thanks!

[franco]

Hi jorgevisentini,

Yay! Thanks for confirming. It's already queued up for 17.1.7.


Cheers,
Franco

[fabio]

Thanks franco,

I'll upgrade my firewalls during the weekend

Thanks again

[franco]

Please let us know how that goes :)

[fabio]

Hi franco,

Unfortunately I still see problems after the patch :(

My tests had the following results
- "Gateways: Group" works as expected
- "Allow default gateway switching" seem still broken; the system default gateway do not switch in case of "down"

Then I noticed an additional issue:
I use my OPNSense as OpenVPN client, it route just a couple of specific network in the tunnel.
With 2f715d2 applied when I start the vpn session the ptp of the tunnel become also the default gw ... and after the session shutdown the default gw is completely removed

After the upgrade to 1.7.6 and before 2f715d2 the vpn worked as usual

[franco]

Hi Fabio,

Thanks, forwarded the relevant info and will report back.


Cheers,
Franco