Differences in UI and command line
-
Hi all,
I'm totally new to pfsense (and have no XP with FreeBSD either) and the link between the configuration shown in the webUI and the server configuration that I can see from the command line isn't clear to me.
As an example, I've setup an openVPN client. When I check the routes I can see the route setup by the OpenVPN client to the remote network :
$ netstat -rn [...] 192.168.0.0/24 123.123.123.123 UGS ovpnc1To me that means that I have a static route to the network 192.168.0.0/24.
That does look good as I setup that network as "IPv4 Remote network" in my OpenVPN client configuration.However when in the webUI I go to : System/Routing/Static Routes
I see nothing there ?Furthermore the PfSense/OpenVPN doc documenting the creation of OpenVPN interface and possible associated static routing says :
Do not use this automatic gateway for static routes. Use the Remote Network field in the VPN configuration. Defining a static route using the automatic OpenVPN gateway will not work properly.Why not ? I saw that indeed the Remote Network option did create a route on FreeBSD side... but why is not referenced in the GUI then ?
Anyway it doesn't work ;) So I've probably missed something... but that's another topic ;)
While trying to debug that, I feel like I'm also missing a more general concept about PfSense spirit. Is the UI supposed to represent exactly the FreeBSD configuration ? Or is there some software in the middle ? One which would be using other dedicated routing tables ?
I haven't find any reference in the documentation, but I'm not really sure of how to search for that :-(Thanks for your help !
-
Static routes are routes you enter. Check Diagnostics/Routes.
-
Hi Steve,
Thanks for your answer !
Indeed in Diagnostics/Routes I do find the output of netstat -nr.So should I understand that in System/Routing/Static Routes I can only see routes that were added through this very same System/Routing/Static Routes page of the webUI ?
So, if it's just a question of UI -apart from being easier to setup- why setting up my openVPN routes through this interface would make them "not working properly" as it's said in the documentation ?
-
@poulp06 You shouldn’t need to add routes in most instances.
“ Static routes are used when hosts or networks are reachable through a router other than the default gateway. The firewall knows about the networks directly attached to it, and it reaches all other networks as directed by the routing table. In networks where an internal router connects additional internal subnets, a static route must be defined for those networks to be reachable.”
http://docs.netgate.com/pfsense/en/latest/routing/static.html -
@teamits I'm pretty familiar with the network principles and static routes :)
I was just puzzled about the way pfSense web interface present (or hide) them.Probably it's because I'm not used to user interface to manage my networks ;)
I was expecting a UI which directly represent the host configuration whereas it looks like the spirit is more to manage the config behind the scene and only present the high level functionalities ^^.
Anyway, thanks for your insights !