I upgraded my EdgeRouter X yesterday with the latest code but it seems to have broken my source routing rules. The relevent route tables and configs are below.
Version: v1.9.0 Build ID: 4901118 Build on: 08/04/16 11:31 Copyright: 2012-2016 Ubiquiti Networks, Inc. HW model: EdgeRouter X 5-Port
Config:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify SOURCE_ROUTE {
rule 10 {
action modify
description "VPN Traffic"
modify {
table 1
}
source {
address 10.1.30.0/24
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 10.1.254.6/30
duplex auto
firewall {
in {
modify SOURCE_ROUTE
}
}
ip {
ospf {
cost 10
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
speed auto
}
ethernet eth1 {
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
local-address 10.99.99.1 {
}
local-port 1194
mode site-to-site
openvpn-option --comp-lzo
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--cipher AES-128-CBC"
protocol udp
remote-address 10.99.99.2
remote-host remote-vpn-host
remote-port 1194
shared-secret-key-file /config/auth/secret
}
switch switch0 {
mtu 1500
}
}
protocols {
ospf {
area 0.0.0.0 {
network 10.1.254.4/30
}
parameters {
abr-type cisco
router-id 172.16.0.3
}
redistribute {
connected {
metric 10
metric-type 2
}
static {
metric 10
metric-type 2
}
}
}
static {
table 1 {
description "route media traffic through VPN"
route 0.0.0.0/0 {
next-hop 10.99.99.2 {
}
}
}
}
}
service {
gui {
http-port 80
https-port 443
older-ciphers disable
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name vpn
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Chicago
traffic-analysis {
dpi enable
export enable
}
}Route Table:
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
O E2 *> 0.0.0.0/0 [110/1] via 10.1.254.5, eth0, 31w5d01h
O *> 10.1.27.0/24 [110/11] via 10.1.254.5, eth0, 31w5d01h
O *> 10.1.30.0/24 [110/11] via 10.1.254.5, eth0, 31w5d01h
O *> 10.1.99.0/24 [110/11] via 10.1.254.5, eth0, 31w5d01h
O *> 10.1.254.0/30 [110/11] via 10.1.254.5, eth0, 31w5d01h
C *> 10.1.254.4/30 is directly connected, eth0
O E2 *> 10.8.0.0/24 [110/20] via 10.1.254.5, eth0, 31w5d01h
C *> 10.99.99.1/32 is directly connected, vtun0
C *> 10.99.99.2/32 is directly connected, vtun0
C *> 127.0.0.0/8 is directly connected, lo
O E2 *> 174.49.32.0/21 [110/20] via 10.1.254.5, eth0, 31w5d01h
O E2 *> 192.168.0.0/24 [110/20] via 10.1.254.5, eth0, 31w5d01hRoute Table 1: (this is where I think it's broken, table 1 does not have any entries)
~$ show ip route table 1
Interface stats:
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 10.1.254.6/30 u/u
eth1 - u/D
eth2 - u/D
eth3 - u/D
eth4 - u/D
lo 127.0.0.1/8 u/u
::1/128
switch0 - u/u
vtun0 10.99.99.1 u/uThe remote tunnel is reachable:
PING 10.99.99.2 (10.99.99.2) 56(84) bytes of data. 64 bytes from 10.99.99.2: icmp_req=1 ttl=64 time=36.8 ms 64 bytes from 10.99.99.2: icmp_req=2 ttl=64 time=37.0 ms 64 bytes from 10.99.99.2: icmp_req=3 ttl=64 time=37.0 ms 64 bytes from 10.99.99.2: icmp_req=4 ttl=64 time=36.3 ms --- 10.99.99.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 36.306/36.794/37.038/0.377 ms
Anyone have any thoughts or experiences with source routing on version 1.9.0?
--Ben