Default gateway needs to be manually added with Sat Feb 9th Update

cforger · Feb 10, 2013, 2:16 AM

Hello,

Been putting in a lot of time on 2 pfSense 2.1 builds in the last week.

As of today's update (Sat Feb 9th) the default gateway isn't in the route table (verified with netstat -rn).

route add from the shell works, but I can't figure out a combo that allows the default GW on WAN to actually be written.

I do have an OpenVPN connection, but only setting the one, same old default route as I always do.

The ssl.c thread has a user mentioning this as well.

Let me know if you need more. I'm now going to test if Feb 9th fixes my ssl issues.

Cheers,

cforger · Feb 10, 2013, 2:19 AM

To answer the below question: Yes, my routes on both pfSense boxes are static.

(from the previous thread)

Quote from: lucky on Today at 05:12:18 pm
However, for some reason I had no default route when pfsense booted.

Quote from: cforger on Today at 09:10:06 pm
I can confirm the lack of default route after an upgrade to today's snapshot.

That's odd, it's been a long time since I saw routes not being applied during boot, but in my case the default route is provisioned using DHCP. Are yours a static default route by any chance?

/wj

wernerj · Feb 10, 2013, 2:24 AM

OK, that would explain why I see a different behavior, as the DHCP-provisioned routes most likely get put in there way later..

I haven't upgraded any of my pfSense boxes with static default routes in a long time, the box at home has been the one I have been experimenting with, and here DHCP is the only thing I get. I've been lucky (I guess) to have the same IPv6 /64 network handed to me over multiple reboots the last few days, that used to change every time I restarted pfSense.. (Comcast loves to mess with that it seems)

The changes introduced today seemed to be very minor. How old was your old snapshot where the static routes was working, I assume it would be something from this week as you experienced OpenSSL-related issues?

/wj

cforger · Feb 10, 2013, 2:42 AM

Thursday was okay (I'm sure 100%)
Friday was okay (I'm 95% sure, as I didn't reboot enough on Fri to know for sure, I may have fixed the default route issue while working on VPN routes)
Sat is definitely a problem.

So it's been introduced between Thur and now, if that helps anyone.

lucky · Feb 10, 2013, 2:50 AM

This problem happened to me today as well (as I mentioned in the other thread). I think my previous build was Feb 5…I'm not sure. It was definitely this month though.

Confirmed that I have a static IP (my WAN interface is NOT DHCP). Had to add a default gateway after booting pfsense.

cforger · Feb 10, 2013, 3:10 AM

Does anyone know where it writes the default gateway in the scripts? I have to make sure I don't reboot this right now or I will lose connection to the remote box. I'm tempted to rig rc.local or similar for now.

Ah bleeding edge of technology.. it's my blood on you isn't it?

phil.davis · Feb 10, 2013, 5:42 AM

2.1-BETA1 (i386) built on Sat Feb 9 11:36:45 EST 2013
I have LAN, WAN and 2 OpenVPN clients (peer-to-peer shared key tun) connecting out. My WAN is DHCP. It gets the WAN DHCP address fine, the OpenVPN clients come up and the default route out WAN is in the routing table - it boots clean. My default gateway is WAN (the normal ordinary thing). So, this is just to confirm that a simple config is working.
I guess that the other posters here have an interface assigned to an OpenVPN link and have the default gateway out that? Or some other more interesting config?

cforger · Feb 10, 2013, 3:57 AM

I went back to Feb 4th, now I have both ssl and the default gateway functional.

I'm using both i386 and amd64 on different boxes.

My default gateways are static on the WAN's.. nothing fancy. I do have OpenVPN in tap mode, bridged.

On my Feb 4th install, this is the critical line:

php: : ROUTING: setting default route to 192.168.9.1

That doesn't show on my Feb 9th version.

lucky · Feb 10, 2013, 4:13 AM

@phil.davis:

I guess that the other posters here have an interface assigned to an OpenVPN link and have the default gateway out that? Or some other more interesting config?

I do have three openvpn configs. Two are tun, one tap. But none are used for default routes.

My default route is via the WAN interface that is a static IP address via ethernet Internet connection. In the pfsense admin interface, System->Routing shows my gateway and that it's set to default…it just doesn't get set.

msi · Feb 10, 2013, 6:56 AM

I also got hit by this (wanted to try a snapshot witth fixed OpenSSL).

No routes were added and since my nameservers are not on the subnet of the WAN side but on a next one, without routing I don't have DNS too ;-)

Going to revert to a backup (I almost forgot why I always hit full backup for snapshots)

eri-- · Feb 10, 2013, 11:21 AM

UPDATE: Upgrade to a newer snapshot or gitsync fixed, sorry for the noise.

phil.davis · Feb 10, 2013, 12:11 PM

Thanks Ermal. My test system worked because it had DHCP on WAN.
interfaces.inc interface_dhcp_configure() puts:

script "/sbin/dhclient-script";

into the DHCP client conf file.
When the DHCP address is received from upstream on the interface, and the interface is the default gateway, that script does:

$ROUTE add default -iface $interface

So the default route appeared OK on DHCP WAN interfaces, but not for those with static WAN IPs.

cybercare · Feb 10, 2013, 2:23 PM

@ermal:

UPDATE: Upgrade to a newer snapshot or gitsync fixed, sorry for the noise.

So the 2300 snapshot should have fixed this? If so it didn't :( or are you saying once a newer one is posted it will? :P

Thx

phil.davis · Feb 10, 2013, 2:49 PM

The change was only made a couple of hours ago - https://github.com/bsdperimeter/pfsense/commit/9d595f6ad4527341741e75cdbbeafdcffd99d269. The 2300 snapshot will be too old. You can wait for a 10 Feb snapshot, gitsync or paste the extra 2 lines into /etc/inc/system.inc manually.

cybercare · Feb 10, 2013, 3:44 PM

@phil.davis:

The change was only made a couple of hours ago - https://github.com/bsdperimeter/pfsense/commit/9d595f6ad4527341741e75cdbbeafdcffd99d269. The 2300 snapshot will be too old. You can wait for a 10 Feb snapshot, gitsync or paste the extra 2 lines into /etc/inc/system.inc manually.

Okay, yeah I kinda figured that was the case as I saw the time he posted the message but the choice of words made me think otherwise :) you would think I know better by know lol.

Thanks for the confirmation though.

woodgee · Feb 16, 2013, 8:15 AM

Hello,

since Sat Feb 9th Update i lost the default routes for ipv4 + ipv6 on my pfsense ( version 2.1-BETA1 (amd64) ).
update to 10th Feb - 15th Feb can´t fix the problem.
after boot there is no default route in netstat -rn.
i can add the routes by executing

route add -inet6 default 1234:5687:9abc::1

and

route add -inet default 123.456.789.012

then it works to the next reboot.

my /etc/inc/system.inc


if ($gateway['ipprotocol'] != "inet6" && (is_ipaddrv4($gateway['gateway']) || $gateway['gateway'] == "dynamic")) {
					if(strstr($gateway['gateway'], ":"))
						continue;
					if ($gateway['gateway'] == "dynamic")
						$gateway['gateway'] = get_interface_gateway($gateway['interface']);
					$gatewayip = $gateway['gateway'];
					$interfacegw = $gateway['interface'];
					if (!empty($gateway['interface'])) {
						$defaultif = get_real_interface($gateway['interface']);
						if ($defaultif)
							@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gateway['gateway']);
					}
					$foundgw = true;
				} else if ($gateway['ipprotocol'] == "inet6" && (is_ipaddrv6($gateway['gateway']) || $gateway['gateway'] == "dynamic6")) {
					if ($gateway['gateway'] == "dynamic6")
						$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
					$gatewayipv6 = $gateway['gateway'];
					$interfacegwv6 = $gateway['interface'];
					if (!empty($gateway['interface'])) {
						$defaultifv6 = get_real_interface($gateway['interface']);
						if ($defaultifv6)
							@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gateway['gateway']);
					}
					$foundgwv6 = true;

please tell me, how can i fix this problem.

THX

bmah · Feb 17, 2013, 11:05 AM

@woodgee:

Hello,

since Sat Feb 9th Update i lost the default routes for ipv4 + ipv6 on my pfsense ( version 2.1-BETA1 (amd64) ).
update to 10th Feb - 15th Feb can´t fix the problem.
after boot there is no default route in netstat -rn.
i can add the routes by executing
route add -inet6 default 1234:5687:9abc::1
and
route add -inet default 123.456.789.012
then it works to the next reboot.

If you see the tail end of this thread:

http://forum.pfsense.org/index.php/topic,59005.0.html

I had a similar problem with a statically configured default IPv6 route. I appear to have "solved" this problem by going to the System -> Routing page and re-saving the configuration for my default IPv6 gateway. I don't know why, but after a reboot my default IPv6 route once again gets correctly installed. Try that for your gateways and see if that helps you. (I don't know why this worked for me.)

Bruce.

jimp · Feb 19, 2013, 5:35 PM

Bruce,

Check the config history and see what changed in the config when you pressed save. It's possible your gateway was missing an internal value that allowed it to function properly. This post is old but may be relevant: http://forum.pfsense.org/index.php/topic,50095.0.html

woodgee · Feb 20, 2013, 12:58 PM

thanks bruce,

by going to the System -> Routing page and re-saving the configuration for ipv4 and ipv6 solved my problem.
it works after reboot the system … ;D

bmah · Feb 22, 2013, 10:52 PM

@jimp:

Check the config history and see what changed in the config when you pressed save. It's possible your gateway was missing an internal value that allowed it to function properly. This post is old but may be relevant: http://forum.pfsense.org/index.php/topic,50095.0.html

My config history doesn't show that change in it…it seems like the history doesn't go back far enough. Also I read through the thread you quoted...I don't recall ever experiencing a problem like that. In any case I'm happy with the way things are working right now.

Thanks,

Bruce.