IPSec interface not always get a routing entry

ggzengel · Apr 2, 2013, 1:51 AM

If I choose interface (em1=wan=static ip) as interface for an ipsec tunnel it didn't make a route for the destination ip.
If I choose interface (em2=opt1=dhcp) or interface (em3=opt2=pppoe) I get a route to the destination ip.
If I turn back to interface (em1=wan=static ip) the wrong route will still exist until reboot. After reboot there is no new route.

A second pfsense don't have this problem.

But they have both the problem not to add/delete a route if I use a GW group as an interface.

ggzengel · Apr 7, 2013, 11:17 PM

I made a research on this.

If a interface has dhcp there will be a host route to the ipsec destination.
If a interface has a static IP there is no route.

If you change the settings for ipsec from WAN1 (dhcp) to WAN2 (static ip) the route over WAN1 still exists and ipsec won't work until you reboot the pfsense and the route is deleted.

I think the route for ipsec over a dhcp interface is no longer needed.
If you still use a route failover won't work if the second pfsense route to local WAN1 which has already failed.

ggzengel · Apr 9, 2013, 4:23 PM

That's a bug:

If you change the settings for ipsec from WAN1 (dhcp) to WAN2 (static ip) the route over WAN1 still exists and ipsec won't work until you reboot the pfsense and the route is deleted.

I don't know if this is still wanted, because if it's use gateway groups or static IPs no routes are made:

If a interface has dhcp there will be a host route to the ipsec destination.