Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug? in Gateway Group creation screen

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 1 Posters 529 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ Offline
      JeGr LAYER 8 Moderator
      last edited by

      Hi all,

      As I'm pretty sure it's a UI-selection bug, I documented our findings in this redmine ticket:
      https://redmine.pfsense.org/issues/14524

      To summarize it here: The gateway group creation/edit screen has a column for selecting the correct IP that the failover/loadbalancing GW should use. As we tried it on a customer's CARP cluster, the main VIP for WAN1/2 showed up correctly. If one utilizes the "Alias on top of CARP"-style method of adding more then one VIP to the corresponding WAN interface (e.g. having a /29 and utilizing the other 2 IPs left), those Alias IPs won't show up in the dropdown box in this selection screen, only the one that are created with type "CARP" are shown.

      Fix: Should include the VIPs that are of type "Alias on top of a CARP interface", too. For screenshots see the attached redmine ticket.

      If you need more information I'm happy to supply.

      Cheers
      \jens

      Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      JeGrJ 1 Reply Last reply Reply Quote 0
      • JeGrJ Offline
        JeGr LAYER 8 Moderator @JeGr
        last edited by

        Problem most certainly stems from https://github.com/pfsense/pfsense/blob/master/src/etc/inc/util.inc and will be present in either CE and Plus versions.

        I assume it's a problem in build_vip_list() or better said in the selection of get_configured_vip_list() below the list function. More specifically, the problem seems to stem from get_configured_vip_interface which calls get_configured_vip_detail is not reporting back the correct interface (WAN, etc) so the Alias-on-CARP gets filtered out and isn't displayed in the dropdown.

        function build_vip_list($fif, $family = "all") {
                $list = array('address' => gettext('Interface Address'));
        
                $viplist = get_configured_vip_list($family);
                foreach ($viplist as $vip => $address) {
                        if ($fif == get_configured_vip_interface($vip)) {
                                $list[$vip] = "$address";
                                if (get_vip_descr($address)) {
                                        $list[$vip] .= " (". get_vip_descr($address) .")";
                                }
                        }
                }
        
                return($list);
        }
        
        (...)
        // -> hands over $vip, all, iface
        
        function get_configured_vip_detail($vipinterface = '', $family = 'inet', $what = 'ip') {
                global $config;
        
                if (empty($vipinterface) ||
                    !is_array($config['virtualip']) ||
                    !is_array($config['virtualip']['vip']) ||
                    empty($config['virtualip']['vip'])) {
                        return (NULL);
                }
        
                $viparr = &$config['virtualip']['vip'];
                foreach ($viparr as $vip) {
                        if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") {
                                continue;
                        }
        
                        if ($vipinterface != "_vip{$vip['uniqid']}") {
                                continue;
                        }
        
                        switch ($what) {
                                case 'subnet':
                                        if ($family == 'inet' && is_ipaddrv4($vip['subnet']))
                                                return ($vip['subnet_bits']);
                                        else if ($family == 'inet6' && is_ipaddrv6($vip['subnet']))
                                                return ($vip['subnet_bits']);
                                        break;
                                case 'iface':
                                        return ($vip['interface']);
                                        break;
                                case 'vip':
                                        return ($vip);
                                        break;
                                case 'ip':
                                default:
                                        if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) {
                                                return ($vip['subnet']);
                                        } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) {
                                                return ($vip['subnet']);
                                        }
                                        break;
                        }
                        break;
                }
        
                return (NULL);
        }
        

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        JeGrJ 1 Reply Last reply Reply Quote 0
        • JeGrJ Offline
          JeGr LAYER 8 Moderator @JeGr
          last edited by

          I posted a quick patch for that in the redmine issue. You can add it as a custom patch via System Patches like this:

          Description: WebUI: missing option to select Alias-on-CARP VIPs in Gateway Group creation
          URL: (none)

          Patch:

          --- util.inc
          +++ util.inc
          @@ -1487,6 +1487,18 @@
                                          $list[$vip] .= " (". get_vip_descr($address) .")";
                                  }
                          }
          +                else { // MODIFICATION START
          +                        // only check Alias VIPs on CARP that return _vip* instead of an interface description
          +                        $parentif = get_configured_vip_interface($vip);
          +                        if (str_starts_with($parentif, "_vip")) {
          +                                if ($fif == get_configured_vip_interface($parentif)) {
          +                                        $list[$vip] = "$address";
          +                                        if (get_vip_descr($address)) {
          +                                                $list[$vip] .= " (". get_vip_descr($address) .")";
          +                                        }
          +                                }
          +                        }
          +                } // MODIFICATION END
                  }
          
                  return($list);
          

          Base Directory: /etc/inc/

          leave everything else as it is.

          Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          JeGrJ 1 Reply Last reply Reply Quote 2
          • JeGrJ JeGr referenced this topic on
          • JeGrJ Offline
            JeGr LAYER 8 Moderator @JeGr
            last edited by

            As no one official has acknowledged the bug yet - just wanted to report it running like this on a customer's box that needed it urgently and since implementing the fix 2 days ago, it still works without anything bad breaking or anything.

            Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 3
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.