PfSense does strange IPv4 source address pick
-
Hello,
Yesterday I've upgraded my box to 2.3.2_1 and noticed that DNS (static route to 10.129.124.45) server on other side of VPN is not accessible from the box itself.
Debugging logs:
ping from the box (lan):[2.3.2-RELEASE][root@gw-1]/root: ping 10.129.124.45 PING 10.129.124.45 (10.129.124.45): 56 data bytes ^C --- 10.129.124.45 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss
tcpdump from remote (DNS) side:
15:59:10.065206 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 0, length 64 15:59:11.069817 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 1, length 64 15:59:12.068719 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 2, length 64 15:59:13.069774 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 3, length 64
Nice! a 0.0.0.0 as a source!
ping from any lan pc:
C:\Users\test_user>ping 10.129.124.45 Pinging 10.129.124.45 with 32 bytes of data: Reply from 10.129.124.45: bytes=32 time=71ms TTL=63 Reply from 10.129.124.45: bytes=32 time=70ms TTL=63 Reply from 10.129.124.45: bytes=32 time=71ms TTL=63 Reply from 10.129.124.45: bytes=32 time=70ms TTL=63 Ping statistics for 10.129.124.45: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 70ms, Maximum = 71ms, Average = 70ms
ping from the box with source address specified:
[2.3.2-RELEASE][root@gw-1]/root: ping -S 172.16.0.205 10.129.124.45 PING 10.129.124.45 (10.129.124.45) from 172.16.0.205: 56 data bytes 64 bytes from 10.129.124.45: icmp_seq=0 ttl=64 time=69.731 ms 64 bytes from 10.129.124.45: icmp_seq=1 ttl=64 time=71.203 ms 64 bytes from 10.129.124.45: icmp_seq=2 ttl=64 time=71.071 ms 64 bytes from 10.129.124.45: icmp_seq=3 ttl=64 time=70.432 ms ^C --- 10.129.124.45 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 69.731/70.609/71.203/0.585 ms
[2.3.2-RELEASE][root@gw-1]/root: netstat -4rn Routing tables Internet: Destination Gateway Flags Netif Expire default 78.40.189.1 UGS pppoe0 10.129.124.45/32 00:bd:3c:df:00:03 US ovpnc3 78.40.189.1 link#7 UH pppoe0 8.28.2.5 link#7 UHS lo0 127.0.0.1 link#4 UH lo0 172.16.0.0/24 link#6 U hn1 172.16.0.205 link#6 UHS lo0 172.22.1.0/29 link#11 U ovpnc3 172.22.1.3 link#11 UHS lo0
after Disable/Enable static route:
[2.3.2-RELEASE][root@gw-1]/root: netstat -4rn Routing tables Internet: Destination Gateway Flags Netif Expire default 78.40.189.1 UGS pppoe0 10.129.124.45/32 172.22.1.1 UGS 66 1500 ovpnc3 78.40.189.1 link#7 UH pppoe0 8.28.2.5 link#7 UHS lo0 127.0.0.1 link#4 UH lo0 172.16.0.0/24 link#6 U hn1 172.16.0.205 link#6 UHS lo0 172.22.1.0/29 link#11 U ovpnc3 172.22.1.3 link#11 UHS lo0
What it can be? Dun remember facing this issue back in the past. Looks like static route been set up before vpn connection.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.