@shooters running into the same problem. Were you able to hunt down a solution?

@stephenw10 thank for your reply

All,

Thank you for your responses. After trying various things you suggested i figured something wasn't right - i removed all my rules to default and FTP connection worked right away. I do not know why FTP didn't work yet other things from LAN->WAN did but i guess i will learn these next few months.

Appreciate the support - thank you

Jon

Do you have any IPv6 connectivity? Some partial v6 connection can cause massive issues as things have to timeout v6 if it's broken before falling back to v4.

Perfect, thanks for the info. I'll look around online for more details

Hmm, GRE tunnel to where? Between the amplifi nodes? To some cloud location?

More info needed there. Not really sure how that might be used, though it probably could be....

Steve

@jimp Seems to be working - thanks so much! Will keep an eye on it, let you know if I come across any issues. Much appreciated!

@ibbetsion said in sshguard complaining about an attack from the pfSense system itself?:

192.168.1.2 is assigned IP of the pfSense firewall from my ISP router. It is the only device connected to the ISP router

This is a WAN interface ...

192.168.7.1 is the IP of the pfSense firewall itself (WAN1)

Another WAN interface ...

192.168.5.2 is the assigned IP of the second WAN port on the pfSense firewall (WAN2)

And another WAN interface ...

No LAN(s) ?

Remove all rules on all WAN interfaces.
The default action will be block all (DROP) - so sshguard won't be bothered again.

@Sasil-M said in how to avoid daisy-chain 5 unmanaged switches my setup is 285m.:

My second option is to use High-Gain, Directional, 2x2 MIMO Antenna.

You can get something like this, which is designed for the task.
https://www.engeniustech.com/engenius-products/enturbo-outdoor-5-ghz-11ac-wave-2-ptp-wireless-bridge/

Thanks! I'll give that a shot!

Looks like a type of bug that was fixed in a more recent release anyhow. Upgrading to a current release is the most likely solution.

You need to check to see what the mask is actually suppose to be - a /24 seems large as well.. See the other one you have with a /29 that is more realistic for IP space an ISP would give you, etc.

I would check with ISP what the settings should be!!!

What I can tell you for sure though - is not suppose to be a /5 ;) That is a freaking HUGE!!!!!! 134 Million addresses!!!

If I had to make an educated guess if that address is assigned to you I would guess either a /30 or /29 would be the most logical.. Those or maybe a /28 would put the wire at .16 and would make sense for your .17 gateway and .18 address.

With that /5 you wouldn't of been able to access any internet site using any of those 134 some million addresses..

In what way? Be as specific with error messages as possible. It does work, people do it all the time. That said, occasionally there are bugs due to items in the old config that might need edits to get past. That's rare but possible.

For example, you should probably edit out any <package>...</package> blocks from the configuration before restoring one that old.

@jimp Thanks that was it!!!

Well, I think @jimp nailed it. I've never been a big fan of onboard NICs so purchased a couple 2x Intel NICs and a riser card (RSC-RR1U-E16 R3.6) a year or so ago. I found they don't fit my board/chassis though (ebay, so who knows) and put everything back in the box last time I went through all this. I decided to pull the box back out the other day and make the card fit somehow.

Luckily, the add-on nic enumerated first and got moved to em0 automatically. I've rebooted the modem three or four times now and it's picking up a routable IP within a couple minutes.

@stephenw10 thanks for the link. @NollipfSense I think I wore out the contacts in the power switches rebooting everything so many times.

nic-0.pngnic-2.png)

@BaseBallHat You have to be more consistent.
Pings should run continiοusly, preferably not from pfsense (or from pf with multiple ssh sessions.
What we are trying to see is if the problem (when it happens) is only related to traffic passing through the tunnel, or everything.
This practically means that you need to configure traffic passing outside the vpn.
(and going preferably to a local chinese site...which has ping enabled e.g baidu.cn
it pings for me and looks like is in china.. )
With the pings running and things working normally you should be abe to establish a baseline on how things work as far as packet loss and rtt is concerned.
Then when you have issues pings will give you an idea where the problem is.
(local wifi, baseband ? connection, local traffic, vpn traffic/throttling).

Good luck.