PfSense does strange IPv4 source address pick



  • Hello,

    Yesterday I've upgraded my box to 2.3.2_1 and noticed that DNS (static route to 10.129.124.45) server on other side of VPN is not accessible from the box itself.

    Debugging logs:
    ping from the box (lan):

    [2.3.2-RELEASE][root@gw-1]/root: ping 10.129.124.45
    PING 10.129.124.45 (10.129.124.45): 56 data bytes
    ^C
    --- 10.129.124.45 ping statistics ---
    4 packets transmitted, 0 packets received, 100.0% packet loss
    
    

    tcpdump from remote (DNS) side:

    
    15:59:10.065206 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 0, length 64
    15:59:11.069817 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 1, length 64
    15:59:12.068719 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 2, length 64
    15:59:13.069774 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 3, length 64
    
    

    Nice! a 0.0.0.0 as a source!

    ping from any lan pc:

    
    C:\Users\test_user>ping 10.129.124.45
    
    Pinging 10.129.124.45 with 32 bytes of data:
    Reply from 10.129.124.45: bytes=32 time=71ms TTL=63
    Reply from 10.129.124.45: bytes=32 time=70ms TTL=63
    Reply from 10.129.124.45: bytes=32 time=71ms TTL=63
    Reply from 10.129.124.45: bytes=32 time=70ms TTL=63
    
    Ping statistics for 10.129.124.45:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 70ms, Maximum = 71ms, Average = 70ms
    
    

    ping from the box with source address specified:

    
    [2.3.2-RELEASE][root@gw-1]/root: ping -S 172.16.0.205 10.129.124.45
    PING 10.129.124.45 (10.129.124.45) from 172.16.0.205: 56 data bytes
    64 bytes from 10.129.124.45: icmp_seq=0 ttl=64 time=69.731 ms
    64 bytes from 10.129.124.45: icmp_seq=1 ttl=64 time=71.203 ms
    64 bytes from 10.129.124.45: icmp_seq=2 ttl=64 time=71.071 ms
    64 bytes from 10.129.124.45: icmp_seq=3 ttl=64 time=70.432 ms
    ^C
    --- 10.129.124.45 ping statistics ---
    4 packets transmitted, 4 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 69.731/70.609/71.203/0.585 ms
    
    
    
    [2.3.2-RELEASE][root@gw-1]/root: netstat -4rn
    Routing tables
    
    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            78.40.189.1        UGS      pppoe0
    10.129.124.45/32   00:bd:3c:df:00:03  US       ovpnc3
    78.40.189.1        link#7             UH       pppoe0
    8.28.2.5     link#7             UHS         lo0
    127.0.0.1          link#4             UH          lo0
    172.16.0.0/24      link#6             U           hn1
    172.16.0.205       link#6             UHS         lo0
    172.22.1.0/29      link#11            U        ovpnc3
    172.22.1.3         link#11            UHS         lo0
    
    

    after Disable/Enable static route:

    
    [2.3.2-RELEASE][root@gw-1]/root: netstat -4rn
    Routing tables
    
    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            78.40.189.1        UGS      pppoe0
    10.129.124.45/32	172.22.1.1	UGS	66	1500	ovpnc3
    78.40.189.1        link#7             UH       pppoe0
    8.28.2.5     link#7             UHS         lo0
    127.0.0.1          link#4             UH          lo0
    172.16.0.0/24      link#6             U           hn1
    172.16.0.205       link#6             UHS         lo0
    172.22.1.0/29      link#11            U        ovpnc3
    172.22.1.3         link#11            UHS         lo0
    
    

    What it can be? Dun remember facing this issue back in the past. Looks like static route been set up before vpn connection.


Log in to reply