Are you doing any policy based routing? Setting a specific gateway in the firewall rules? Thats the only thing i can imagine that would bypass the route table.
There is no policy based routing or specific gateway in firewall rule. Only one default gateway present on both site routers. I would say it is just a basic BGP config. I just followed the example configuration from the netgate docs - https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/example.html
" stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs."
If the physical interface goes down then the subnet reachable out of that interface will be withdrawn in route advertisements.
VIPs like loopbacks, are logical and are always UP.
@mcury It seemed like a bug to me as well but this is my first time doing this kind of configuration. I felt like I was going crazy or had done something wrong. Thanks for the response.
@swiss If the log entries do not provide sufficient detail, one thing you can do is run a packet canpture on the VPN interface vor TCP port 179 and use wireshark to show you exactly what is being sent that your side does not like. Then you have something to either accommodate in your configuration or ask the other side to stop doing.
@mAineAc No - you'd have to build/install it manually for the public dev build. I'm not aware of any official bug report for the issue you're experiencing. My suggestion is to treat it like any other bug report: provide steps to reproduce it, and determine if it's a regression by finding the version(s) of the related software when it last worked.
@michmoor - Yes, disabling the firewall didn't solve the issues, but I don't want a router only without any firewalling capabilities exposed to the public internet.
@yon-0 I'm not sure about CE, but there is FRR 9.1 in the latest PFsense+ 24.3 release. What is your motivation for upgrading from FRR 9.0.2 to 9.1 in pfSense CE 2.7.2?
