Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing not maintained after reboot

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackbelt
      last edited by

      I have two pfSense boxes [2.0.1-RELEASE (amd64)] connected to the same subnet.
      Their WAN addresses are (for example) BOX1: 1.2.3.4 and BOX2: 1.2.3.5. Both have the same default gateway on the WAN interface 1.2.3.1. Unfortunately, due to a thoroughly overzealous VLAN setup at my hosting company, BOX1 cannot communicate directly with BOX2, even though they are on the same subnet. They can, however, communicate with each other through the default gateway. To allow them to communicate over the WAN, I need to add a static route on each:
      BOX1: static route 1.2.3.5/32 gateway 1.2.3.1
      BOX2: static route 1.2.3.4/32 gateway 1.2.3.1
      I have done this through System > Routing > Routes. When I save and apply, the routes work perfectly and appear fine in Diagnostics > Routes.
      When I reboot the pfSense boxes, the static routes don't work and disappear from Diagnostics > Routes. They are still in the setup in System > Routing > Routes, but they don't work again until I edit, save and apply.
      Also, I can log in using SSH and and type the command:

      route add -net 1.2.3.4/32 1.2.3.1
```and the same thing will happen - the route is set up OK and will work and appear in Diagnostics > Routes.
I have tried editing /conf/config.xml and adding the line:

      <shellcmd>route add -net 1.2.3.4/32 1.2.3.1</shellcmd>

      just before the line:

However, this also appears to have no effect after a reboot.

Please help! How can I get this static route to work in my pfSense?
      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        The only reason I see it not working is that technically the route should not be needed as the 2 IPs are on the same subnet. Have you checked the system logs for any errors?
        If your IPs are in the same subnet then the VLAN IDs should be the same and allow communication like a switch. I would have your ISP correct this mistake. I have a similar setup and I don't have a problem accessing the other through the VLAN provided by the ISP.
        For the ShellCMD addition, did you installed the ShellCMD package? You should be able to setup the ShellCMD without having to manually edit the config file.

        1 Reply Last reply Reply Quote 0
        • B
          blackbelt
          last edited by

          Unfortunately, the hosting company forces all traffic through their firewalls (i.e. everything coming out of any server MUST go through the default gateway, even to the same subnet). I know it would be easier to get the hosting company to change their configuration but this is not possible. This is not a mistake by the hosting company - it is a security measure. On a side note, the hosting company is Hetzner - and this is their standard configuration for all clients.
          Please let me know how to persist the static route across reboots!
          Note: I have tried adding the shellcmd route both with and without the shellcmd package installed. The result is the same each time - no route is created.

          1 Reply Last reply Reply Quote 0
          • B
            blackbelt
            last edited by

            Oh yeah, and there's nothing applicable in the system logs as far as I can see (I've been looking in Status: System logs: System). I've searched on various terms and been through line-by-line after a reboot.

            1 Reply Last reply Reply Quote 0
            • B
              blackbelt
              last edited by

              So, I've got a work-around: In shellcmd, I delete the route that is auto-added for the 1.2.3.0/24 subnet with the command:

              route delete -net 1.2.3.0/24

              This change sticks where the previous change (adding a static route) doesn't.
              Hope this helps someone else in the same situation!

              I would still appreciate it if anyone can help me add static routes like the one above and make them stick over a reboot!

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                If they're both in the same WAN subnet, to talk from box to box you may also want to disable reply-to on the WAN rules (System > Advanced, Firewall/NAT tab).

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.