Outlook O365 won't update after upgrade to 2.6.0
-
Thank you for the reply. I do not have any extra software installed, just running the Firewall. Below is what I see in the firewall log. Let me know if I should be looking for something specific. I tried sending an email from my Phone Outlook APP on my WiFi with no luck, as soon as I switched over to cellular the emails went through, so I know it is the firewall.
Dec 23 22:37:21 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:21 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:22 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:22 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:22 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:22 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:23 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:24 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:24 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:24 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:24 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:24 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:25 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:25 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:25 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP
Dec 23 22:37:25 WAN Block IPv4 link-local (1000000101) 169.254.171.107:137 169.254.255.255:137 UDP
Dec 23 22:37:25 LAN Default deny rule IPv6 (1000000105) [fe80::1445:ec5c:79b6:5f4]:5353 [ff02::fb]:5353 UDP -
Can you show a diagram of your network ?
Your WAN port receives 169.254.x.x packets.That from a pfSense point of view upstream device that didn't get an IP from a DHCP server. Not related to your issue, but it shows already your network isn't configured.
Normally, you "should" have <ISP> <=> <ISP Router or Modem> <=> <pfSense>
<=> <[switch]> <=> <all your LAN devices, and also APs for your wireless devices>>For example, when you connect your phone to the wireless network, that should be part of your LAN, you see this in the pfSense LAN DHCP server log :
which shows that my phone (I recognize it by it's MAC address) asks for an IP, and pfSEnse gave it 192.168.1.11.
On my phone I see the same thing : the IP? the DNS and gateway (both the LAN IP of pfSense).My default LAN firewall rule is :
so it can connect to 'everything'.
So, what are you doing ?
You use a VM, and that part isn't set up well ?
You have your LAN and WAN mixed up ?Remember : a dafault pfSEnse is like any other high end or low end router on the planet : a LAN, a WAN, a default LAN firewall rule, an active DHCP server on LAN, and of you go.
You change the password of pfSEnse, and it works out of the box.
Then you add your own settings .... what did you add/change ? -
The network design you listed is how mine is set up. My devices are getting their IPs, I see them all in the DHCP report. Also being requested.
I upgraded from 2.5.4 (I think) which I didn't have any issues with. The only settings I changed was the DHCP range prob 3 versions ago. The upgrade brought over those settings.
My LAN rules:
My WAN rule:
My DCHP6 does show pending, not sure how to resolve that? Interfaces WAN shows DHCP6
But my LAN interface shows none for IPv6, I am sure that is one of the problems. Is IPv4 correct, shouldn't that be DHCP and the same for IPv6? The DHCPv6 relay is not enabled, not sure where to get the destination server address.
Let me know if you need any other details.
Thanks for the help! -
@theclient said in Outlook O365 won't update after upgrade to 2.6.0:
Is IPv4 correct, shouldn't that be DHCP
The LAN of the router needs to be a static IP. It can't assign an address to itself.
You could try disabling IPv6 on WAN and see if that resolves your issue. Sometimes if it isn't configured properly pfSense and/or devices will try to use it and fail.
-
Something is definitely not configured correctly. On a speed test my upload is .08MB. I have a 1GB circuit. Would resetting to factory defaults put everything back to a fresh install?
-
@theclient yes it would. You can always restore from backup.
.08 is probably more indicative of packet loss or some other connection issue. Is speed/duplex correct? Can you put a switch between pfSense and the ISP hardware? -
Yup, check the link status of the WAN and LAN. An upload speed that low could certainly cause problems for any app.
-
I reset the system back to factory defaults. Still have upload speed issues. Ran speed test directly from the router and received expected results of 1GB upload speed, instead of .08MB through my network. Included firewall log, different from the last log. I think my email sending issue is related to the poor upload speed. Emails do go through but it took 2 hours to just send a test email before it sent. There hasn't been any changes to the physical server/VM. New firewall log after the factory settings reset. Now I see a lot more IPv4 blocks compared to prior they were IPv6. Anyone know where I can look for the upload slowness?
-
@theclient In the second screen cap, LAN has two allow all rules by default. All other interfaces have no rules hence the default deny rule applies. Is that a rule you created or did you delete the IPv6 allow rule?
re: IPv4 link local, something on your WAN doesn't have an IP address and is trying to broadcast. You can ignore it, or turn off the option to log packets blocked by the default block rule, in the logging settings.
Did you check the speed/duplex of LAN and WAN? If a speed test from the router works then whatever issue you're having would seem to be on the LAN side. Can you put a switch there between pfSense and whatever it's connected to now?
You also mentioned a VM, is pfSense a VM? What hypervisor?
-
@SteveITS Thanks for taking the time to help me with this, I confirmed Pfsense is set to auto negotiate in the LAN and WAN interfaces. My server drivers are also set to auto negotiate. Strange thing, I am pretty sure my cards are 1GB but Pfsense shows 10GB. I am running MS Server 2019 and Pfsense is running in a Hyper-V, there wasn't any changes to the Hyper-V that Pfsense has been running on for the last 3 years. I have two cables plugged into the server, one goes to my ISP's router and the second goes to my switch. The only thing I have plugged in to the ISP router (WAN) is the server. I have not removed or modified any of the firewall rules, the ones from my previous post, the three LAN and the one WAN were what the system created after the reset. Can you tell me what min rules I would need. I did just create a pass WAN rule but it didn't make a difference, I used the same settings that are in the LAN pass rule, just sub WAN for LAN selections.
WAN Rule:
-
@theclient There have been complaints/issues with Hyper-V, read through https://forum.netgate.com/topic/169884/pfsense-2-6-0-22-01-is-very-slow-on-hyper-v for suggestions.
Firewall rules don't affect speed.
Allowing all on WAN will allow the Internet to try to log in to your pfSense, really suggest not allowing that.
In a default config there are only two rules created:
WAN - none
LAN - allow all IPv4, allow all IPv6There are default block all rules that don't show in the GUI.
10 Gbit IIRC is the default speed for the internal Hyper-V switch.
-
Yup, that^
Disable RSC in Hyper-V or upgrade to 2.7 or 22.05.
-
That did it. Outlook emails now fly out of the outbox and send numbers are back to normal. Thank you so much @SteveITS for all the assistance, greatly appreciate it.