Routing goes down when firewall rules are applied

vtmikel07

Hello-

I have two networks connected to my pfsense box, and I policy route some traffic from my LAN and the other network. The Gateway is set to the name "Cisco" and there is a static route added to pfsense.

I noticed that the connection between my LAN and the additional network goes down when I modify any firewall rules and apply them. In the logs I see this:

Dec 24 10:35:40	rc.gateway_alarm	62869	>>> Gateway alarm: Cisco (Addr:10.66.4.3 Alarm:1 RTT:1.419ms RTTsd:.438ms Loss:21%)
Dec 24 10:35:40	check_reload_status		updating dyndns Cisco
Dec 24 10:35:40	check_reload_status		Restarting ipsec tunnels
Dec 24 10:35:40	check_reload_status		Restarting OpenVPN tunnels/interfaces
Dec 24 10:35:40	check_reload_status		Reloading filter
Dec 24 10:35:41	php-fpm	358	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. ''
Dec 24 10:35:41	php-fpm	358	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use Cisco.

The above is confusing to me. I have nothing associated between my OpenVPN client or server with the Cisco gateway or the associated interface. I also have no dyndns named Cisco either...

If I reboot the pfsense box. Or, mangually disable then re-enable the interface to that network, everything is back to normal.

Any pointers?

stephenw10

There are a number if scripts that are run when a gateway goes down. Those OpenVPN logs are just a symptom.

Are you running 2.4.5p1? 2.4.5 had a bug in it that could cause problems whenever the ruleset was reloaded.

Do you have the main WAN gateway set as default? If it's set to auto in System > Routing > Gateways it may be switching to the internal gateway as the default until you reboot.

Steve

vtmikel07

@stephenw10 Thank you for the response. Setting the WAN as the default gateway seemed to have helped, it was set to auto. I'll continue to test.