PfSense does strange IPv4 source address pick
-
Hello,
Yesterday I've upgraded my box to 2.3.2_1 and noticed that DNS (static route to 10.129.124.45) server on other side of VPN is not accessible from the box itself.
Debugging logs:
ping from the box (lan):[2.3.2-RELEASE][root@gw-1]/root: ping 10.129.124.45 PING 10.129.124.45 (10.129.124.45): 56 data bytes ^C --- 10.129.124.45 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss
tcpdump from remote (DNS) side:
15:59:10.065206 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 0, length 64 15:59:11.069817 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 1, length 64 15:59:12.068719 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 2, length 64 15:59:13.069774 IP 0.0.0.0 > 10.129.124.45: ICMP echo request, id 47750, seq 3, length 64
Nice! a 0.0.0.0 as a source!
ping from any lan pc:
C:\Users\test_user>ping 10.129.124.45 Pinging 10.129.124.45 with 32 bytes of data: Reply from 10.129.124.45: bytes=32 time=71ms TTL=63 Reply from 10.129.124.45: bytes=32 time=70ms TTL=63 Reply from 10.129.124.45: bytes=32 time=71ms TTL=63 Reply from 10.129.124.45: bytes=32 time=70ms TTL=63 Ping statistics for 10.129.124.45: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 70ms, Maximum = 71ms, Average = 70ms
ping from the box with source address specified:
[2.3.2-RELEASE][root@gw-1]/root: ping -S 172.16.0.205 10.129.124.45 PING 10.129.124.45 (10.129.124.45) from 172.16.0.205: 56 data bytes 64 bytes from 10.129.124.45: icmp_seq=0 ttl=64 time=69.731 ms 64 bytes from 10.129.124.45: icmp_seq=1 ttl=64 time=71.203 ms 64 bytes from 10.129.124.45: icmp_seq=2 ttl=64 time=71.071 ms 64 bytes from 10.129.124.45: icmp_seq=3 ttl=64 time=70.432 ms ^C --- 10.129.124.45 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 69.731/70.609/71.203/0.585 ms
[2.3.2-RELEASE][root@gw-1]/root: netstat -4rn Routing tables Internet: Destination Gateway Flags Netif Expire default 78.40.189.1 UGS pppoe0 10.129.124.45/32 00:bd:3c:df:00:03 US ovpnc3 78.40.189.1 link#7 UH pppoe0 8.28.2.5 link#7 UHS lo0 127.0.0.1 link#4 UH lo0 172.16.0.0/24 link#6 U hn1 172.16.0.205 link#6 UHS lo0 172.22.1.0/29 link#11 U ovpnc3 172.22.1.3 link#11 UHS lo0
after Disable/Enable static route:
[2.3.2-RELEASE][root@gw-1]/root: netstat -4rn Routing tables Internet: Destination Gateway Flags Netif Expire default 78.40.189.1 UGS pppoe0 10.129.124.45/32 172.22.1.1 UGS 66 1500 ovpnc3 78.40.189.1 link#7 UH pppoe0 8.28.2.5 link#7 UHS lo0 127.0.0.1 link#4 UH lo0 172.16.0.0/24 link#6 U hn1 172.16.0.205 link#6 UHS lo0 172.22.1.0/29 link#11 U ovpnc3 172.22.1.3 link#11 UHS lo0
What it can be? Dun remember facing this issue back in the past. Looks like static route been set up before vpn connection.