Skip rules when gateway is down - doesn't work, WUT?
-
G'day all ;D
pfSense 2.1.5
Top of the LAN rules:
[src] LAN-net [dest] VPN1-Alias [gateway] VPN1-gateway [src] LAN-net [dest] VPN2-Alias [gateway] VPN2-gatewayAnd set in System/advanced:
Skip rules when gateway is down
The rule for VPN1 works, however, for VPN2 it does not. It did work, and there is only one difference:
The account has expired. So there is no 10.x.x.x IP issued to me from that provider (VPN log: AUTH failed. Dashboard: no IP for that VPN). The gateway shows 'pending', not 'down' in the dashboard.
So, instead of blocking traffic out via VPN2 it happily sends it over the default gateway.
Ergo: when the account is expired SkipRulesWhenGateWayIsDown is ignored?
"This is not a bug, it's a feature"?
( ;D )
Bug?
Thank you in advance for any help :P
Bye,
-
I take it I should have read the manual, apparently somewhere in there will be a line saying it is a feature ;D ;D
-
The rule is literally skipped (omitted) when it's down – If you have a pass rule under that using a default gateway then it will go that way.
The behavior without the box checked is to simply act as if the gateway doesn't have a rule.
With the box checked, the rule is not put into the ruleset if the gateway is down.So if you really don't want them to go out some other way, then you could do
PASS [src] LAN-net [dest] VPN2-Alias [gateway] VPN2-gateway
BLOCK [src] LAN-net [dest] VPN2-AliasThen when the skip happens it will hit the block and not a later pass rule.
