• FRR 0.6 Coming - Big changes to OSPF

    Pinned Locked Moved
    2
    5 Votes
    2 Posts
    2k Views
    jimpJ

    FYI: I am merging these changes back to 2.4.4-p3 today.

    If you have problems with the new version, please start a new thread with the details.

  • 0 Votes
    1 Posts
    78 Views
    No one has replied
  • Please update frr on Pfsense+ to FRR 10.3

    1
    0 Votes
    1 Posts
    72 Views
    No one has replied
  • EBGP over IPsec routed VTI tunnel issue

    1
    0 Votes
    1 Posts
    68 Views
    No one has replied
  • BGP convergence with BFD working smoothly with the settings below.

    20
    0 Votes
    20 Posts
    896 Views
    M

    @michmoor said in BGP convergence with BFD working smoothly with the settings below.:

    Redmine has been updated to reflect the testing done by @mcury so there is official guidance regarding treating this set up with dynamic routing.

    Glad to see that..
    They even tested with HA.. Thanks @marcosm for testing. 👍 👍

  • OSPF Routes not showing in Kernel Routes

    1
    0 Votes
    1 Posts
    78 Views
    No one has replied
  • since Upgrade to 2.7 no FRR/OSPF routes in the system routing table

    2
    0 Votes
    2 Posts
    347 Views
    C

    Did you resolve this I seem to be running into this issue as well.

  • How can I get BGP to do the default route and not the kernel

    1
    0 Votes
    1 Posts
    68 Views
    No one has replied
  • VyOS to pfSense - OSPF - Wiregaurd tunnels

    2
    0 Votes
    2 Posts
    202 Views
    P

    @pwabrat Sorry for the delayed reply,

    the issue resolved by Route Redistribution in pfSense Kernel Routes of "Extended_LAN"
    cbabfeed-7467-45d0-b3dc-5d8a06e8bdd8-image.png

    Thank you for the support.

  • 0 Votes
    31 Posts
    3k Views
    M

    @marcosm understood. i was just adding unsolicited feedback :)

  • FRR/BGP Sessions restarting when disabling an interface - pfSense 2.7.2

    2
    0 Votes
    2 Posts
    97 Views
    M

    @dudumiquim

    I first reported the issue. There is a redmine.

    https://redmine.pfsense.org/issues/14483

    .
    Has anyone encountered this issue? Is there a way to prevent all BGP sessions from restarting when only one ISP goes down?

    Disable Gateway Monitoring Actions for your WAN. That somewhat solves one issue but there is instability with Ipsec and FRR
  • Updating to pfSense+ 24.3 breaks routing - kernel routes now gone

    51
    2 Votes
    51 Posts
    4k Views
    K

    @michmoor said in Updating to pfSense+ 24.3 breaks routing - kernel routes now gone:

    @Kevin-S-Pare

    Nothing offensive in the config.
    I don't know why you have bgp always-compare-med and bgp-determinstic-med configured at the same time.. If you are using MED to influence outbound routing then you should pick one option.

    Based on the fact that you stated traceroutes and pings work out to the internet than we know that routing is good.
    I do know there were behavorial changes to pfsense after 22.05 namely state policy changes.

    https://www.netgate.com/blog/state-policy-default-change#:~:text=State%20Policy%20Options&text=As%20pfSense%20software%20is%20security,the%20system%20default%20State%20Policy

    I have a sneaky suspicion you are running into this. I can see it happening if traffic leaves Upstream1 and comes back on Upstream2.

    If i were you i would change to Floating state policy and perform your tests. It really seems you are hitting this behavior change.

    Changing to the floating states worked! Thank you!

  • FRR 10 coming with script support ?

    5
    0 Votes
    5 Posts
    226 Views
    M

    @michmoor said in FRR 10 coming with script support ?:

    Yep yep that's right. Sorry for confusing issues.

    Np, we need more people engaged in this, FRR is a great software but it is not working smoothly with pfsense IPsec VTIs.

  • Where the heck are the damn configs kept for FRR?

    4
    0 Votes
    4 Posts
    191 Views
    chpalmerC

    @Gorf Did you look at your primary config file? I can see some "FRR" info on mine that is still there even though I took the package off..

  • frr bgpd not starting after upgrade 24.11

    Moved
    3
    0 Votes
    3 Posts
    252 Views
    yon 0Y

    @michmoor me too.

    https://forum.netgate.com/topic/195542/i-from-24-0-3-upgrade-to-24-11-frr-bgp-service-can-t-start/9

    it is should add the bgpd_options=" -A 127.0.0.1 -M rpki" in daemons.

  • I from 24.0.3 upgrade to 24.11 FRR BGP service can't start

    Moved
    9
    0 Votes
    9 Posts
    413 Views
    yon 0Y

    @stephenw10 said in I from 24.0.3 upgrade to 24.11 FRR BGP service can't start:

    How is it configured? Does it appear correctly in vtysh 'show run'?

    no.

    show run
    Building configuration...

    Current configuration:
    !
    Warning: connecting to mgmtd...success!
    Warning: connecting to zebra...success!
    Warning: connecting to bgpd...failed!
    Warning: connecting to watchfrr...success!
    Warning: connecting to bgpd...failed!
    Warning: connecting to staticd...success!
    Warning: connecting to bgpd...failed!
    Warning: connecting to bgpd...failed!
    Warning: connecting to bgpd...failed!
    frr version 9.1.2
    frr defaults traditional
    hostname pf
    log syslog
    service integrated-vtysh-config
    !
    password
    !
    ipv6 prefix-list cymru-out-v6 seq 50 deny ::/0 le 128
    ipv6 prefix-list ipv6in seq 95 deny fe80::/10 le 128
    ipv6 prefix-list ipv6in seq 120 deny 3ffe::/16 le 128
    ipv6 prefix-list ipv6in seq 125 deny 2001:db8::/32 le 128
    ipv6 prefix-list ipv6in seq 130 deny 2001::/32
    ipv6 prefix-list ipv6in seq 135 deny 2001::/32 le 128
    ipv6 prefix-list ipv6in seq 140 permit 2002::/16
    ipv6 prefix-list ipv6in seq 145 deny 2002::/16 le 128
    ipv6 prefix-list ipv6in seq 155 deny fe00::/9 le 128
    ipv6 prefix-list ipv6in seq 160 deny ff00::/8 le 128
    ipv6 prefix-list ipv6in seq 205 permit 2000::/3 le 48
    ipv6 prefix-list ipv6in seq 900 deny ::/0 le 128
    ipv6 prefix-list ipv6in seq 999 deny any
    ipv6 prefix-list myv6out description my ipv6 out
    ipv6 prefix-list myv6out seq 50 permit
    ipv6 prefix-list myv6out seq 55 permit
    ipv6 prefix-list myv6out seq 60 permit
    ipv6 prefix-list myv6out seq 65 permit
    ipv6 prefix-list myv6out seq 75 permit
    ipv6 prefix-list myv6out seq 80 permit
    ipv6 prefix-list myv6out seq 85 permit
    ipv6 prefix-list myv6out seq 999 deny any
    !
    route-map RPKI deny 20
    exit
    !
    route-map RPKI permit 30
    set metric 100
    exit
    !
    route-map RPKI permit 50
    set metric 0
    exit
    !
    route-map ipv6routein permit 80
    match ipv6 address prefix-list ipv6in
    exit
    !
    end

  • FRR/Kubernetes/Metallb LAN traffic anomalies

    2
    0 Votes
    2 Posts
    658 Views
    B

    @frijolierthnthou Were you able to solve this issue? I've been dealing with this same exact problem from the past 2 weeks

  • Backup route flapping problem

    1
    1 Votes
    1 Posts
    155 Views
    No one has replied
  • FRR Dynamic routing to Virtual IPs

    4
    0 Votes
    4 Posts
    321 Views
    M

    " stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs."

    If the physical interface goes down then the subnet reachable out of that interface will be withdrawn in route advertisements.
    VIPs like loopbacks, are logical and are always UP.

  • OSPF Routing over IPsec tunnels is being weird

    3
    0 Votes
    3 Posts
    214 Views
    W

    @mcury It seemed like a bug to me as well but this is my first time doing this kind of configuration. I felt like I was going crazy or had done something wrong. Thanks for the response.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.