Static Route - Aliases issue
-
Having a L3 network I need to setup multiple static routings pointing to different L3 networks that is being managed by my Cisco switch. To make things easier I have setup multiple Aliases referring to the internal networks.. like LAN, VoIP, Video.. etc. and 1 alias covering all IPv4 networks and 1 covering all the IPv6 counterparts. The Aliases work fine under Rules section, never experienced an issue there.
Today I was trying to clean up the Static Route section as I have multiple IPv4 and IPv6 routes. I started by adding an Alias to "Destination Network" which got filled as I started to type one of the defined IPv4 Aliases, then selected 24 under subnet since all my internal IPV4 subnets are /24, then selected the IPv4 gateway I had defined in the gateways section and hit save. At first it looks like the settings stick but this does not work.. the info gets saved but the subnet turns back to /32 and that may be creating issues for the Static Route function to work. Is there a way to either define the subnet and make it stick OR make the subnet part optional since the Alias (network) many have the subnet defined. See similar issue with IPv6 static route as well.
Due to the this issue I had to define 8 static routes (4 IPv4 and 4 IPv6) which could had been easily accomplished with just 2 static routes.
-
As the alias could have different subnet sizes you cant really specify 1 for the alias.. It just defaults to /32 that by itself isn't a problem.
There is a problem with 'nested' aliases, which should get fixed by https://github.com/pfsense/pfsense/pull/3863 once its pulled. If not using those then it 'should' work afaik..
-
There should be a N/A option in the subnet drop down. The code could be made to be a little intelligent to detect the alias and decide if N/A needs to be selected by default if the alias has two or more different subnets. If not use the user defined subnet for Static routes.
-
Yea i suppose the gui could be made a little more pretty with a N/A option.
But changing routes to different than intended subnet sizes sounds like a bad idea. Like if youve got alias with subnets like: '192.168.50.128/23 , 192.168.51.0/24' or '192.168.60.4/30 , 192.168.60.16/29'
Then using this alias in a static route, you configure it like what /24 or /23 and 'override' the original subnet's? Either way you will hit more/less hosts than originally defined by the alias.. seems like a strange thing to me..But i do wonder, did you use nested aliases for the routes? And if not, do you still have trouble getting them to apply? (with the subnet size as defined in the alias.)
-
Yeah, its a simple network alias of 4 subnets with /24 and /64 (ipv6) subnet masks on the L3 network that need to be routed to the internet.
We need to account for different network situations in this area as no network is the same.
As I said earlier, the logic on the static route tab needs to be a little intelligent to detect and maybe throw an error if the alias has subnets like /23 and /24. If they are all in the same subnet /23 or /24 or any other "same" subnet across the alias then it should pickup the user defined or alias defined subnet in the drop down.
-
As I said earlier, the dropdown is irrelevant and it should stay that way. Just showing N/A might be nice but would be a visual effect only..
The question remains, do the subnets in your alias get added to the routing table or not? If they do it works properly..
-
That functionality is there but I would not use it.
As far as I know if you edit the alias the routing table is not automatically updated to reflect the changes. You need to also go back and edit/save the static route.
Proper supernetting can reduce the number of static routes required.
