Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Issue using pfSense on AWS

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ianob
      last edited by

      Hi Guys

      Strange routing issue I'm having here, and I'm out of ideas trying to figure out what the issue is.

      I have a pfSense device in AWS which is being used solely for a region-to-region VPN. The VPN is functional and routing traffic except in for one specific case.

      The pfSense device has a single interface which is configured via DHCP (standard in AWS). My AWS VPC has a DHCP options set which includes DHCP options for DNS servers - these DNS servers are AD domain controllers in a subnet which is routable over the VPN.

      The pfSense device has entries in its route table for these two DNS servers wwith a gateway of the MAC of the pfsense's own network interface (see 1.png). Obviously this route is breaking any traffic destined for these servers from the remote subnets. I'm not sure where this route is coming from, but it only appears in the route table when I have DHCP options for DNS servers set. If I disable the DNS servers options in the DHCP options set, these routes disappear and traffic starts to flow properly. If I 'route delete' the routes the traffic also starts to flow, until the routes are reacquired again a few minutes later.

      This seems to me like something that pfsense is doing as a result of finding a DNS option set in the DHCP route table. If so, it seems that there should be something I should be able to disable on the pfSense device to stop this happening.

      TL;DR; when pfSense acquires DNS servers from DHCP, why does it create routes to those DNS servers where the gateway is its own MAC?

      Cheers for any help!

      1.png
      1.png_thumb

      1 Reply Last reply Reply Quote 0
      • I
        ianob
        last edited by

        …and I've just realised that this forum is specifically for multi-WAN, misread the routing title. Mods please feel free to move to somewhere more appropriate.

        Thanks

        1 Reply Last reply Reply Quote 0
        • B
          bhsense
          last edited by

          Just wanted to add that I also am having this issue; if I set the DHCP Option set to my Domain Controller, pfSense will try to route via the WAN mac address. (In my case I only have 1 WAN)
          If there's anyway to avoid this, please let me know. For now I'll disable the DHCP Option Set and set each client's DNS manually.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.