Open at0msense opened 2 weeks ago
AdSchellevis
commented
2 weeks ago Most likely a misconfiguration on the wan interface requiring a far gateway (which was always selected by accident https://github.com/opnsense/core/issues/7483) or a proper subnet, I would check the wan subnet first.
at0msense
commented
2 weeks ago WAN Gateway is defined
AdSchellevis
commented
2 weeks ago interface subnet is likely your problem.
at0msense
commented
2 weeks ago Okay. Now I understand. I now have to click on “Far Gateway” for each gateway if I want to have a host route again. ( Although the gateway is not “Far”. )
fichtner
commented
2 weeks ago The gateway is "far" when it's not in your interface subnet. If it's a /32 subnet for example there is only room for your host IP, but not the gateway ;)
at0msense
commented
2 weeks ago But x.x.40.1 adresss is part of x.x.40.0/25 network. Therefor it works until 24.1.8 without far.
fichtner
commented
2 weeks ago There's two things here.. whether it works with far gateway ticked or not... and if it does indeed work with far gateway what the larger issue in your setup really is ;)
at0msense
commented
2 weeks ago It has been running smoothly for at least the last 4 years. ( as HA cluster ) What should be the problem if I define 3 gateways (as not Far) in “System: Gateways: Configuration” if the gateways are all in local networks? Only the host routes are missing due to the update, the network routes were correct.
fichtner
commented
2 weeks ago Comparing routing tables is viable diagnostics, but the pressing question is if that fixed it or not. If not we don’t need to argue the nuances of the far gateway/ host routes.
at0msense
commented
2 weeks ago I don't want to argue at all. I just want to understand the problem. But I am willing to constantly expand my knowledge.
fichtner
commented
2 weeks ago What I just meant to say is please try the setting. If it doesn’t work it’s not that particular issue and we need to look elsewhere.
at0msense
commented
2 weeks ago This is exactly what solved the problem. I have now set “Far Gateway” for both WAN gateways (IPv4 + IPv6) and an internal IPv4 gateway and the host routes were back under 24.1.8, which had only disappeared after the update to 24.1.8.
at0msense
commented
2 weeks ago After a few tests in my HA setup, I removed “Far Gateway” from the WAN interfaces. I only had to leave it on the local gateway in VLAN 190, otherwise I couldn't reach the second route in the subnet.
fichtner
commented
2 weeks ago IPv6 doesn’t support far gateway. Something the MVC GUI probably lost in user side feedback due to the conversion.
If your gateway is inside the WAN subnet I don’t really know what it fixes. Correcting a bug or misconfiguration elsewhere, but entirely unsure.
at0msense
commented
2 weeks ago The WAN side works correctly without the “Far Gateway”.
The error now only relates to the local gateway.
I only noticed that host routes were missing after the upgrade because I could no longer get from one firewall in the cluster to the other and because I could no longer access our dial-in computer remotely via IPsec.
The dialog network 192.168.190.0/24 has 192.168.190.254 as its router.
The dial-in computer has the IP 192.168.190.200. It has a host route, which was also gone after the upgrade. Now I have the host route as “Far Gateway” again.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
after update from 24.1.7_4 to 24.1.8 the routing is no longer correct 2 routes missing after I went back to opnsense version 24.1.7_4, the routing is correct again
A clear and concise description of what the bug is, including last known working version (if any).
Software version used and hardware type if relevant, e.g.:
OPNsense 24.1.7_4-amd64 FreeBSD 13.2-RELEASE-p11 OpenSSL 3.0.13
Routing correct with 24.1.7_4
Routing wrong with 24.1.8
The missing routes are