Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN interface with IP aliasses, IP addresses are in wrong order...

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 317 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      danjeman
      last edited by

      Have a weird one on one of some 30 SG 2100s where the WAN interface IP is at the bottom of the IP addresses shown on the interface so not the 'primary' IP address for the interface. Running 23.05 and was upgraded from 23.01 but that was working fine - I only noticed something was wrong after the upgrade as radius auth stopped working and spotted the auth atempt was coming from the wrong IP address.

      However IPSEC is correctly using the WAN IP as is Zabbix agent. So far the only known issue is with radius auth for the device which uses the 1st IP address listed on the interface. I am able to change the order by resaving the IP aliasses to a point - just a resave of an alias moves it to the bottom of the list. However it seems when resaving the last alias we lose all access to and from the device. On rebooting the unit we regain access on the WAN IP but the interface IP list still has the wrong order of IP addresses...

      ISP provided subnet (not real IP's but last octet the same) - 50.50.150.64/29
      WAN IP 50.50.150.66
      IP alias 1 50.50.150.67
      IP alias 2 50.50.150.68
      IP alias 3 50.50.150.69
      IP alias 4 50.50.150.70

      WAN interface is mvneta0

      ifconfig mvneta0
      mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
      description: WAN
      options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
      ether 90:ec:77:03:dd:2e
      inet 50.50.150.67 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.68 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.69 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.70 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.66 netmask 0xfffffff8 broadcast 51.52.151.71
      inet6 fe80::92ec:77ff:fe03:dd2e%mvneta0 prefixlen 64 scopeid 0x1
      media: Ethernet autoselect (1000baseT <full-duplex>)
      status: active
      nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

      If I resave IP alias 1 then this is the output of ifconfig..

      ifconfig mvneta0
      mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
      description: WAN
      options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
      ether 90:ec:77:03:dd:2e
      inet 50.50.150.68 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.69 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.70 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.66 netmask 0xfffffff8 broadcast 51.52.151.71
      inet 50.50.150.67 netmask 0xfffffff8 broadcast 51.52.151.71
      inet6 fe80::92ec:77ff:fe03:dd2e%mvneta0 prefixlen 64 scopeid 0x1
      media: Ethernet autoselect (1000baseT <full-duplex>)
      status: active
      nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

      Reboot though and back to square one - can resave IP aliasses 1-3 and which ever one I save becomes the last in the listed IP addresses on the interface. However resave IP alias 4 and lose all internet access to and from the device. A reboot restores connectivity but the IP listing returns to the same wrong order with the aliases in order before the actual WAN IP address. Will try and get console access to see what actualy happens and checking through logs too. Doesn't matter what order I resave the aliasses, each time alias 4 is resaved we lose connection. If I just resave one of the other aliases and reboot, the IP order is still the original same wrong order... so the save alias returns to its original position.

      Have the exact same setup (different IP addresses but still /29s) on 6 other 2100s but all of the others have the correct ordering with the WAN IP first in the list so the primary address.

      As it's only affecting this one unit it seems to me it must be somehow related to config but so far cannot see any difference between config.xml on this unit and a working one other than IP addresses...
      Seems unlikely again as it's only affecting one unit but could it be realted to https://redmine.pfsense.org/issues/11545 ? would have expected that to affect other units but will run some tests on those as well to see if the IP order changes on a resave of an alias...

      D 1 Reply Last reply Reply Quote 0
      • D
        danjeman @danjeman
        last edited by

        Sorry, update Zabbix active agent is also using the wrong address to send from and uses the 1st IP address in the interface list too as do NTP lookups.

        Should also confirm using manual NAT but outbound from 127.0.0.1 is set to use WAN address

        d4bc5d94-c121-481a-aa70-2f2bceac5e17-image.png

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.