Route cant be removed from pfsense

michmoor

Strange VPN issue here.

I have another vendor firewall sitting in my LAB network at 192.168.99.0/24.
That network is off one of my interfaces on pfsense. That other vendor got an address of 192.168.99.3. I am able to connect to that vendor firewall no problem.

Today i wanted to do testing with IPsec so my thought was to set up a IPsec tunnel between my pfsense at 192.168.99.1 and the other vendor firewall at 192.168.99.3.

In the end i was having issues but i lost reachability to that vendor firewall. I wasn't able to ping it or ssh to it from pfsense. Odd.
I did a traceroute to 192.168.99.3 and to my surprise, its routing out the internet.

So that is weird. Ok i checked to see if i had a static route to 192.168.99.3 and i don't. I have no idea why this route is in my route table of pfsense and i have no idea how to remove it. I have removed all configuration related to that IPsec tunnel and even restarted the IPsec service.

Any ideas?

michmoor

@michmoor

Fixed it

route del -net 192.168.99.3

Would be nice to know how something got stuck in the configuration.

SteveITS

@michmoor is it set as DNS or a gateway monitor IP?

stephenw10

Probably the IPSec config was on WAN with that gateway. Static routes are added for remote IPSec devices.

michmoor

@stephenw10 Ahhhhhhhh...

Thats it. Looking through the IKE Endpoint Configuration, I never changed interface WAN to "LAB".
So i can understand why that was pointed out wrong gateway.

What i don't understand is why wasn't that static route removed after i removed P1/P2 configuration.

stephenw10

Indeed, I would have expected it to be. I would have tried stopping then starting (not restarting) IPSec if you can. It's possible it still had some part of that config present.