IP Alias Route Issue - Possible Bug

Rhongomiant

I am using pfSense 2.1.5 in a multi-wan setup. I created an IP Alias on the 1st WAN interface to get to an alternate IP used for managing the cable modem. I changed the IP Alias to use the 2nd WAN interface and found that I was still connecting to the cable modem on the 1st WAN interface. When I looked at the route table the IP and network route statements were still set to the 1st WAN interface. I deleted the IP Alias and the IP and network route statements were still there and set to the 1st WAN interface. I created the IP Alias again using the 2nd WAN interface and that changed nothing.

I am applying changes giving pfSense time to actually apply the changes.

The logs show no errors.

I have not yet tested this issue using other IP types.

I have to reboot to get the route statements to change. Is this a bug or am I missing something?

Thanks,

Chris

Rhongomiant

This problem exists in 2.2 as well. A router/firewall should not have to be rebooted because when subnets are added, routes are created that are not removed when the subnets are removed.

Rhongomiant

cmb

Is that same IP subnet on both WANs?

What you're describing would only happen if the IP failed to be removed from the original interface (which would log to the system log), or if there is another IP on that interface in that subnet. Does ifconfig reflect the IP only on the appropriate interface?

Rhongomiant

cmb,

Thanks for the post. There is no errors in the logs and this is reproducible 100% of the time on multiple systems running pfSense 2.1.5 and 2.2.

Below is what shows up in the route table if I add an IP alias.

192.168.100.0/24 link#25 U 681 1500 em1_vlan5
192.168.100.161 link#25 UHS 0 16384 lo0

If I remove the IP alias, the 2nd line disappears and the first remains.

192.168.100.0/24 link#25 U 681 1500 em1_vlan5

If I add an IP alias for the same subnet to another interface weather it's the same IP or not, the lo for the IP is created, but the original subnet route remains.

192.168.100.0/24 link#25 U 681 1500 em1_vlan5
192.168.100.162 link#26 UHS 0 16384 lo0

The only way to get rid of the following line is to manually remove it or reboot.

192.168.100.0/24 link#25 U 681 1500 em1_vlan5

Thanks,

Rhongomiant

cmb

Are you always testing in a VLAN scenario? Something else specific to what you're doing that might be atypical?

I'm not sure what's specific to what you're doing, it cleanly removes the VIP from the old interface including the link route and adds it correctly to the new interface in every scenario I can come up with, including VLANs.

Rhongomiant

cmb,

I have a 2 port LAGG trunk with the internal network vlans. I have a single port trunk with the WAN network vlans. I have a GIF IPv6 tunnel.

Ip my examples the VIP (192.168.100.161    link#25    UHS    0    16384    lo0) is removed, but the route statement like "192.168.100.0/24    link#25    U    681    1500    em1_vlan5" is not removed.

The test is to have devices connected to different links using the same IP. Setup an alias IP to access the system on one of the links and make sure you can access it. Now delete the alias IP and then create it for the other link. Now try to access that device. Obviously there has to be something unique between the two device to ensure you know to which you are connected.

Thanks,

Rhongomiant