No connectivity with pfSense from new Desktop unless I issue ARPING?
-
I built a new Windows 11 workstation and was using it directly connected to a fiber modem for a few months at my office. It would connect with an X540 10G Intel NIC, the motherboard does not have any wireless NIC, only one 2.5G Intel NIC.
I brought the workstation to my house a few nights ago and needed to connect to internet so I connected an Alfa AWUS036NH USB WiFi NIC, I see the 2.4GHz SSID of my home network, and connect.
I realize right away I have no internet access, and see that DHCP is not working. I manually set the IP address and subnet mask, and DNS / gateway pointing toward pfsense. (10.44.44.44, 10.44.44.1/24). I was seeing broadcast and multicast traffic, my phone has a "LAN scan" tool (Network Anaylzer Pro) and it detected my workstation. My workstation was able to see several of the devices on my LAN, but could not connect to pfSense web configuration or anything on pfSense including SSH. I went to bed and then the next day, after a few hours of me being totally confused, I tried arping from pfSense webgui and when I arpinged 10.44.44.44, instantly the system came online , and things were normal.
Last night I was playing a game on the system (Starcraft 2) and I got the "Waiting for players" screen. I grabbed my phone, opened pfSense SSH session, issued the arping command ,and instantly the game is reconnected. I had to do it again 2-3 minutes later. What's going on? I have nothing setup really on this Window 11 machine that has anything to do with networking except Surfshark vpn client.
-
Check the ARP table in the client and pfSense when it's failing.
It sounds like one of them is getting a bad ARP entry.
Steve
-
@stephenw10 They both have the correct ARP table entry for one another after I issue arping, and then neither has an entry when it fails. I was running wireshark on the client and when it fails, it says that the network adapter has been removed, and the capture stops. However, at the AP, the client does not appear to drop. It's time connected does not reset.
I launched a screen SSH session when connecting to pfSense a few days ago that has
arping 10.44.44.44(the workstation's manually assigned IP) running constantly and connectivity has been uninterrupted. This seems quite strange of a problem because it is solved with such a hack as a continuous 'arping' from pfsense to client. I don't necessarily believe it is an error or bug or the fault of pfSense. There's other issues that do not involve pfSense at all.For instance, what explanation is there for a lack of connectivity to the access point's WebGUI, or SSH, when other clients can access it and there is no WiFi isolation / MAC ACL'ing involved?
I don't expect an answer to this, I know it is well outside your domain, just sharing for context.
A pfSense centric issue is in the PCAP I had started on the LAN interface within pfSense while troubleshootnig. ARPing frames are not captured in the PCAP. Additionally, there are DNS responses with no query captured, and it is not the case that the query originated from before the start of the PCAP.
Finally, on the client PCAP during one of the troubleshooting sessions, there is a single packet originating from the internet, with no outside connectivity otherwise for maybe 30 minutes. Its L2 address is that of the pfSense LAN interface
-
Assuming the AP management is in the same subnet it too would need an ARP entry in order to reply to connections from the client. If pfSense is losing it's ARP entry or has a bad one the AP may well be seeing the same thing.
When it fails do you just see no ARP entry rather than a bad entry?
With no entry it should just ARP for the device to create one.You should see ARPing entries in the pcap. Make sure you're not filtering them.
If the wifi interface became detatched n the client I imagine that would blow away any ARP entries that were built on it. I would still expect the client to just send ARP queries as soon as it re-attached though.
Steve
