outgoing NAT with interface_address uses carp ip

Started by Andreas_, February 15, 2018, 12:12:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 15, 2018, 12:12:10 PM
After upgrading to 17.x to 18.1.2, the outgoing NAT address translation doesn't work any more as expected.

I have outgoing nat configured to use the interface address on a CARP cluster, which used do use the physical ip address of each machine.
After the upgrade, outgoing traffic uses all VIF ip addresses randomly, making some sites' session handling nonfunctional.
February 15, 2018, 02:20:41 PM #1
Hi,

See: https://github.com/opnsense/changelog/commit/79852185a

It is the new default for consistency reasons. If you need this to work in a different manner use manual outbound.


Cheers,
Franco
February 16, 2018, 11:59:23 AM #2
Ok, I fixed this by specifying a dedicated IP.
IMHO the sticky option should be default on, since load balancer et al get confused if the same client is using different ips within the same session.
February 28, 2018, 08:10:31 AM #3 Last Edit: February 28, 2018, 08:13:42 AM by franco
Yes, we'll enable sticky by default.

https://github.com/opnsense/core/commit/912dd0d


Cheers,
Franco
Print
Go Up Pages1
User actions