Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default Gateway can't be deactivated

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    8 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Reiner030
      last edited by

      Hi

      I try to setup BGP/OSPF routing and think that it's better to have no default route because I got into trouble when the default route goes down.

      From my sight it does not make sense to create a gateway group in parallel to BGP/OSPF routing so that it works correct.
      But it would also be nice to have the gateways defined for monitoring reasons in Dashboard.

      What do you think about it / is this mechanism clearly defined what has to be?

      The behavior is also not consistent… is it allowed to have multiple default gateways or not?
      Several times I got them (IPv4 / IPv6), other times not... and I also got sometimes an IPv6 default gw deleted when I created an parallel one on same interface but with different IP address.

      Also when I deleted them completely on main firewall the slave firewall got them not deleted (all/not all of them).

      Bests

      Reiner

      1 Reply Last reply Reply Quote 0
      • R
        Reiner030
        last edited by

        Im not clear if this is an direct interface or a gateway problem so I wrote it in this thread…

        So I running now snapshot 7th Feb. 18:03 and the interface problems itself seems now solved. thx.

        This one can't be fixed completely right:
        https://github.com/bsdperimeter/pfsense/commit/9c115b409d0b21132dae9ad2c62f842a7e438f8f

        or something equal made a wrong behavior on my servers:

        Now the interface itself is clean after deactivating the interface:
        [2.1-BETA1][root@gw2.zws8.local]/root(7): ifconfig em2
        em2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:34:d2:53
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

        I still got a default route on the deactivated interface em2 after removing GW in interface /applying it and removing it from Routes => Gateways with apply:
        gw2.zws8.local# show ipv6 route 2a02:xxx::xxx:c:1
        Routing entry for ::/0
          Known via "kernel", distance 0, metric 0
          * 2a02:xxx::xxx:c:1 inactive

        gw2.zws8.local# show ipv6 route 2a02:xxx::xxx:e:1
        Routing entry for 2a02:xxx::xxx:e:0/112
          Known via "connected", distance 0, metric 1
          * directly connected, wan_vip212

        Routing entry for 2a02:xxx::xxx:e:0/112
          Known via "connected", distance 0, metric 1, best
          * directly connected, em0

        And I see it here, too:
        [2.1-BETA1][root@gw2.zws8.local]/root(8): netstat -rn | grep default
        default            xx.xx.9.129      UGS        0    3752    em0
        default                          2a02:xxx::xxx:c:1              UGS        em0

        After a reload
        [2.1-BETA1][root@gw2.zws8.local]/root(9): /etc/rc.reload_interfaces

        it seems flushed when looking into OSPF:
        gw2.zws8.local# show ip route xx.xx.9.129
        Routing entry for xx.xx.9.128/29
          Known via "ospf", distance 110, metric 20, best
          Last update 00:01:47 ago
          * xx.xx.176.253, via em1

        gw2.zws8.local# show ip route 2a02:xxx::xxx:e:1
        % Unknown command.
        gw2.zws8.local# show ipv6 route 2a02:xxx::xxx:e:1
        Routing entry for 2a02:xxx::xxx:e:0/112
          Known via "connected", distance 0, metric 1
          * directly connected, wan_vip212

        Routing entry for 2a02:f28::2:e:0/112
          Known via "connected", distance 0, metric 1, best
          * directly connected, em0

        But:

        • my IPv4 direct network route on em0 is flushed, too … and
        • I still can see the wrong IPv6 route in routing table (additional on wrong interface):
          [2.1-BETA1][root@gw2.zws8.local]/root(11): netstat -rn | grep default
          default            xx.xxx.176.2        UG1        0      15    em1
          default                          2a02:xxx::xxx:c:1              UGS        em0

        [2.1-BETA1][root@gw2.zws8.local]/root(12): ifconfig em0
        em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:34:d2:3f
        inet6 fe80::20c:29ff:fe34:d23f%em0 prefixlen 64 scopeid 0x1
        inet xx.xx.9.134 netmask 0xfffffff8 broadcast xx.xx.9.135
        inet6 2a02:xxx::xxx:e:4 prefixlen 112
        nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

        ====================
        We have 2 buildings with each a master/slave setup, connected via public BGP / internal OSPF I try to setup.
        transfernet building 1/jws1:  xx.xx.9.120/29  ||  2a02:xxx::xxx:c:0/112  => em0 for jws1, tested for zws8 on em2
        transfernet building 1/zws8:  xx.xx.9.128/29  ||  2a02:xxx::xxx:e:0/112 => em0 for zws8, tested for jws1 on em2
        ASN - shared on both sides:  xx.xx.176.0/24  || 2a01:xxx::xxx:0/48 => em1</full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast>

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          Well it is assumed that if no default gateway configured WAN will be the winner.
          In case of bgpd running on pfSense you can set the default gateway to the interface bgpd and it will do the right thing.

          For ospf case there is no consideration because its not considered as a protocol to run on the wan side of things, as of now.

          1 Reply Last reply Reply Quote 0
          • R
            Reiner030
            last edited by

            @ermal:

            Well it is assumed that if no default gateway configured WAN will be the winner.
            In case of bgpd running on pfSense you can set the default gateway to the interface bgpd and it will do the right thing.

            For ospf case there is no consideration because its not considered as a protocol to run on the wan side of things, as of now.

            ok, but this can't explain my problems  on my external firewalls / you got something wrong (or I explained it not right).

            em2 was the 2nd WAN interface but I deactivated it and deleted additionally the default gw for this interface em2.
            Interface is now down but I still hold a route of the old network on it ?

            My routing should go out over em0 and it's gw and not over the (normally not anymore configured) gw on em2.

            Additional Problem with Routes =>GWs:
            2) a can' deactivate "default" GW on last IPv4 GW… but on last IPv6 GW

            On my external and internal firewalls I deactivated OSPF for public routing because the pfsense GUI based configuration can't help here select the site-preferred gateway .1 or .254 as you also wrote; OSPF routes always to the lowest router .2.

            1. So I run into a new problem ^^

            The default gateway is set for em0 on WAN web interface an each side...

            em0 Web side 1 => .1/:1
            em0 Web side 2 => .254 /:fe

            => But when applied the gateways are set opposite way... I got configured
            em0 on side 1 => .254/:fe
            em0 on side 2 => .1 /:1

            which is verfy confusing.

            BTW: Is there a time frame for the planned possibility to make gateway groups available on interface gateway selection ?

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              For the first it might be an issue but i have to think the best way to fix it.
              Can you report this on redmine.pfsense.org?

              The order on which you see the gateways is not important since those are completely separate routing tables its just a display ordering.

              BTW: Is there a time frame for the planned possibility to make gateway groups available on interface gateway selection ?

              Open a feature request on redmine.pfsense.org but it will not make 2.1 for sure.

              1 Reply Last reply Reply Quote 0
              • R
                Reiner030
                last edited by

                @ermal:

                For the first it might be an issue but i have to think the best way to fix it.
                Can you report this on redmine.pfsense.org?

                The order on which you see the gateways is not important since those are completely separate routing tables its just a display ordering.

                Ok I try to write it with a testenvironment setup after setting up real gw/fws. Or is my explanation above enough for it?

                BTW: Is there a time frame for the planned possibility to make gateway groups available on interface gateway selection ?

                Open a feature request on redmine.pfsense.org but it will not make 2.1 for sure.

                Mmh I read that it is a planned feature for 2.1 somewhere were was written about multi WAN setups …
                So I thought that it would be implented in next weeks ;)
                OpenVPN can already handle the gateway group as I just researched:
                https://redmine.pfsense.org/projects/pfsense/repository/revisions/ea68f6cc92fb6167c084d6786984bdf35caef132

                1 Reply Last reply Reply Quote 0
                • D
                  drzoidberg33
                  last edited by

                  I am having a similar issue with todays snapshot. I have a multiwan setup, with 2.0.3 I can just deselect the "Default gateway" option on both interfaces but I cannot do this on 2.1. This results in my failover rules to fail as it always defaults to one of the gateways.

                  Is there a new way of doing WAN failover or is this a bug? To reproduce you just need to have two gateways and then try to untick "Default gateway" on both of them.

                  1 Reply Last reply Reply Quote 0
                  • D
                    drzoidberg33
                    last edited by

                    @drzoidberg33:

                    I am having a similar issue with todays snapshot. I have a multiwan setup, with 2.0.3 I can just deselect the "Default gateway" option on both interfaces but I cannot do this on 2.1. This results in my failover rules to fail as it always defaults to one of the gateways.

                    Is there a new way of doing WAN failover or is this a bug? To reproduce you just need to have two gateways and then try to untick "Default gateway" on both of them.

                    I found the "Allow default gateway switching" in Advance Setup -> Misc. This seems to have fixed the problem with the failover rules.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.