LAN Routes just disappear



  • Hello everyone,

    I have a question on disappearing LAN routes.

    Our network has five LANs:

    1. interface LAN is defined as 172.20.20.0/24 (created during general setup)

    2. OpenVPN LAN is defined as 192.168.72.0/24 (created during OpenVPN setup)

    3. 192.168.60.0/24 (CRM network)

    4. 192.168.69.0/24 (Servers network)

    5. 192.100.100.0/24 (internal infrastructure LAN)

    LANs 3-5 have been created by going to "Firewall -> Rules -> LAN" and creating the rules there.
    We only have one gateway (default GW), and all LANs happily routed to the internet without any issues.

    Here is the pic of the setup:

    41acb6be-2297-489d-b314-598dcd290df2-image.png

    Then two days ago, the routes for LANs 3-5 have just disappeared from routes. Going to "Diagnostics -> Routes" only showed the WAN and first two LANs (interface LAN and OpenVPN LAN).

    It's like the manually created LANs were second class citizens.

    The only warning we got that something was wrong was that the upload into a server behind pfSense was very, very slow. So we started looking at the pfSense appliance... when we lost our connection to the server, we tried to open a new one and failed. We opened routing page in diagnostics and saw that routes for LANs 3-5 are gone, so no connection could be made from the outside world to them.

    It also looked like pfSense was gradually being overwhelmed by something, but the number of states, cpu load and memory consumption were all within normal. Also, there were 0 packet collisions and 0 errors on either interface. Totally weird.

    Does anyone have any theories as to how the routes disappear?
    Maybe some sudden load on the appliance?
    If so, why would it just drop these "manual" LANs and not the other ones?
    How would one go about debugging this?

    What we did was we restarted the appliance (thank god WAN was responsive at least) and everything started working again.

    Much appreciate all the replies!


  • LAYER 8 Netgate

    Not sure what you're doing.

    Firewall rules have nothing whatsoever to do with establishing routes in the routing table.


  • LAYER 8 Global Moderator

    @Milan-M said in LAN Routes just disappear:

    LANs 3-5 have been created by going to "Firewall -> Rules -> LAN" and creating the rules there.

    That is not how you create anything.. Creating other lan would be done via interface assignments, be it a physical interface or a vlan you assign.

    If you have other networks that are downstream that you want to get to via some other downstream router, then you wuld need to create a gateway in routing, and then the route(s) telling the networks at are available via that gateway.

    Yes you would need to create rules to allow them access.. But that is not what "creates" them or routes to them.

    Btw your rule there for "lan" isn't going to do anything - the source is set for the lan address, not the network.. So that says hey pfsense if you see traffic from your own lan address allow it ) Never going to work that way..


Log in to reply