Routing not maintained after reboot

blackbelt

I have two pfSense boxes [2.0.1-RELEASE (amd64)] connected to the same subnet.
Their WAN addresses are (for example) BOX1: 1.2.3.4 and BOX2: 1.2.3.5. Both have the same default gateway on the WAN interface 1.2.3.1. Unfortunately, due to a thoroughly overzealous VLAN setup at my hosting company, BOX1 cannot communicate directly with BOX2, even though they are on the same subnet. They can, however, communicate with each other through the default gateway. To allow them to communicate over the WAN, I need to add a static route on each:
BOX1: static route 1.2.3.5/32 gateway 1.2.3.1
BOX2: static route 1.2.3.4/32 gateway 1.2.3.1
I have done this through System > Routing > Routes. When I save and apply, the routes work perfectly and appear fine in Diagnostics > Routes.
When I reboot the pfSense boxes, the static routes don't work and disappear from Diagnostics > Routes. They are still in the setup in System > Routing > Routes, but they don't work again until I edit, save and apply.
Also, I can log in using SSH and and type the command:

route add -net 1.2.3.4/32 1.2.3.1
```and the same thing will happen - the route is set up OK and will work and appear in Diagnostics > Routes.
I have tried editing /conf/config.xml and adding the line:

<shellcmd>route add -net 1.2.3.4/32 1.2.3.1</shellcmd>

just before the line:

However, this also appears to have no effect after a reboot.

Please help! How can I get this static route to work in my pfSense?

podilarius

The only reason I see it not working is that technically the route should not be needed as the 2 IPs are on the same subnet. Have you checked the system logs for any errors?
If your IPs are in the same subnet then the VLAN IDs should be the same and allow communication like a switch. I would have your ISP correct this mistake. I have a similar setup and I don't have a problem accessing the other through the VLAN provided by the ISP.
For the ShellCMD addition, did you installed the ShellCMD package? You should be able to setup the ShellCMD without having to manually edit the config file.

blackbelt

Unfortunately, the hosting company forces all traffic through their firewalls (i.e. everything coming out of any server MUST go through the default gateway, even to the same subnet). I know it would be easier to get the hosting company to change their configuration but this is not possible. This is not a mistake by the hosting company - it is a security measure. On a side note, the hosting company is Hetzner - and this is their standard configuration for all clients.
Please let me know how to persist the static route across reboots!
Note: I have tried adding the shellcmd route both with and without the shellcmd package installed. The result is the same each time - no route is created.

blackbelt

Oh yeah, and there's nothing applicable in the system logs as far as I can see (I've been looking in Status: System logs: System). I've searched on various terms and been through line-by-line after a reboot.

blackbelt

So, I've got a work-around: In shellcmd, I delete the route that is auto-added for the 1.2.3.0/24 subnet with the command:

route delete -net 1.2.3.0/24

This change sticks where the previous change (adding a static route) doesn't.
Hope this helps someone else in the same situation!

I would still appreciate it if anyone can help me add static routes like the one above and make them stick over a reboot!

jimp

If they're both in the same WAN subnet, to talk from box to box you may also want to disable reply-to on the WAN rules (System > Advanced, Firewall/NAT tab).