Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
OPNsense 17.7 Static routes not working (for backwards traffic)
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense 17.7 Static routes not working (for backwards traffic) (Read 2251 times)
cr4wen
Newbie
Posts: 5
Karma: 0
OPNsense 17.7 Static routes not working (for backwards traffic)
«
on:
August 29, 2017, 12:32:46 pm »
Hello,
I have OPNsense installed on physical box (box A). On same subnet as default GW I have another router (Linux box - box B). Each box have static routes for ohter box. When I ping from network behind box A to network behind box B it works, packer returns back. But when I try ping from network behind box B to network behind box A, packet goes back to default GW (I can see packet on WAN and confirmed from ISP) not via static route I added for Box B.
Can you help me fix it, please?
Best regards,
cr4wen
Logged
ChrisH
Jr. Member
Posts: 67
Karma: 6
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #1 on:
August 29, 2017, 01:06:20 pm »
Can you give us the subnets and netmasks for the networks involved?
Logged
cr4wen
Newbie
Posts: 5
Karma: 0
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #2 on:
August 29, 2017, 01:11:54 pm »
Sure
Box A
inner subnet 192.168.151.0/24
WAN IP 10.5.7.10/24
Default GW (ISP) 10.5.7.1
Box B
inner subnet 192.168.152.0/24
WAN IP 10.5.7.13/24
Default GW (ISP) 10.5.7.1
Thank you,
cr4wen
Logged
ChrisH
Jr. Member
Posts: 67
Karma: 6
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #3 on:
August 29, 2017, 01:22:13 pm »
Looks good so far.
Any chance that ICMP is blocked somewhere, so that box B thinks box A is unreachable or something? Does OPNsense show box A as "up" under System -> Gateways -> Status? (You may have to enable gateway monitoring first)
Logged
cr4wen
Newbie
Posts: 5
Karma: 0
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #4 on:
August 29, 2017, 01:37:59 pm »
Destinations are pingable so I think there is no problem witch block icmp (filter log show action pass when I grep these subnets/IPs). All GWs (default and box B) status is Online. Monitoring wasn't enabled for box B GW, but still it was Online (that GW is pingable).
cr4wen
«
Last Edit: August 29, 2017, 03:10:37 pm by cr4wen
»
Logged
ChrisH
Jr. Member
Posts: 67
Karma: 6
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #5 on:
August 29, 2017, 01:44:45 pm »
Grasping at straws now
Do the packets from B to A (sorry, had them reversed before) have the correct source address? Or does box B maybe NAT them before sending them to box A?
Logged
cr4wen
Newbie
Posts: 5
Karma: 0
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #6 on:
August 29, 2017, 01:52:44 pm »
There is no NAT rule between these subnets (there is NAT rule saying NO NAT between these subnets - I tried it even with disabled all NAT rules, but no change). I can see on Box A on WAN that packet income, on internal interface I can see that reach destination because on internal interface I can see reply. That reply I can see on WAN but that reply does not reach box b. It goes to default GW which I have confirmed from ISP. But it should go back to box B because of static route..... But it is not happen...
I tried to change GW in firewall rules but without any change (i was sometimes worse - it is not income into internal interface). So in rules I have GW * (default).
cr4wen
«
Last Edit: August 29, 2017, 03:10:46 pm by cr4wen
»
Logged
cr4wen
Newbie
Posts: 5
Karma: 0
Re: OPNsense 17.7 Static routes not working (for backwards traffic)
«
Reply #7 on:
August 30, 2017, 04:40:42 pm »
I established VPN between box A and B as temporary workaround. But I think this behaviour (ignoring static route for backwards traffic) is bug.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
OPNsense 17.7 Static routes not working (for backwards traffic)
