Lost OpenVPN pushed route after resuming from power lost
-
Hi,
Pfsense OpenVPN site to site. Hub and Spokes.
I applied command "route 0.0.0.0 0.0.0.0" at spoke's advance configuration. This to replace the WAN default gateway by established tunnel address.
Everything works fine, all traffic from spoke, including internet access were redirected through VPN tunnel. Even if I restart or halt/turn on system properly.
However, if power is lost, WAN default gateway become primary, despite of VPN tunnel is established (spoke site can only ping to Hub site, but can not go to internet or other spoke sites).
I can recover by just open VPN tunnel setting and then click Save (no change), then default gateway changed to VPN tunnel again. But it is manual way. I tried many version of pfsense.
Could anyone help?
Thank you in advance.
-
Don't use that route command. Use "redirect-gateway def1" instead.
-
Thanks Jimp.
Just tried command "redirect-gateway def1", tunnel was up, Spoke could ping Hub, but could not go to other sites.
If I use command "route 0.0.0.0 0.0.0.0", then in Spoke Routing table (Diagnostic -> Routes) has "Default gateway" point to tunnel IP address (as attached picture). But command "redirect-gateway def1" does not have.
-
"redirect-gateway def1" adds routes for 0.0.0.0/1 and 128.0.0.0/1 to avoid clobbering the actual default gateway. Assuming the option was used correctly, it will effectively act as the default route but your "default" route will not change. This is better since OpenVPN can remove the other two routes without stranding the firewall by removing the actual underlying default gateway.
-
Hi Jimp,
I did use command "redirect-gateway def1" as attached capture, but no route for 0.0.0.0/1 and 128.0.0.0/1 were added as you can see in capture #2.
Could you pls advise correct way to apply that command?
Thank you very much.
