Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lost OpenVPN pushed route after resuming from power lost

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 857 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bienicc
      last edited by

      Hi,

      Pfsense OpenVPN site to site. Hub and Spokes.

      I applied command "route 0.0.0.0 0.0.0.0" at spoke's advance configuration. This to replace the WAN default gateway by established tunnel address.

      Everything works fine, all traffic from spoke, including internet access were redirected through VPN tunnel. Even if I restart or halt/turn on system properly.

      However, if power is lost, WAN default gateway become primary, despite of VPN tunnel is established (spoke site can only ping to Hub site, but can not go to internet or other spoke sites).

      I can recover by just open VPN tunnel setting and then click Save (no change), then default gateway changed to VPN tunnel again. But it is manual way. I tried many version of pfsense.

      Could anyone help?

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Don't use that route command. Use "redirect-gateway def1" instead.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B Offline
          bienicc
          last edited by

          Thanks Jimp.

          Just tried command "redirect-gateway def1", tunnel was up, Spoke could ping Hub, but could not go to other sites.

          If I use command "route 0.0.0.0 0.0.0.0", then in Spoke Routing table (Diagnostic -> Routes) has "Default gateway" point to tunnel IP address (as attached picture). But command "redirect-gateway def1" does not have.

          Capture.PNG
          Capture.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            "redirect-gateway def1" adds routes for 0.0.0.0/1 and 128.0.0.0/1 to avoid clobbering the actual default gateway. Assuming the option was used correctly, it will effectively act as the default route but your "default" route will not change. This is better since OpenVPN can remove the other two routes without stranding the firewall by removing the actual underlying default gateway.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B Offline
              bienicc
              last edited by

              Hi Jimp,

              I did use command "redirect-gateway def1" as attached capture, but no route for 0.0.0.0/1 and 128.0.0.0/1 were added as you can see in capture #2.

              Could you pls advise correct way to apply that command?

              Thank you very much.

              WithRedirectGW1.PNG
              WithRedirectGW1.PNG_thumb
              WithRedirectGW2.PNG
              WithRedirectGW2.PNG_thumb

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.