[solved] 2.7.0.a.20230510.0600 diag/ping only works by selecting WAN-address

Bob.Dig · May 14, 2023, 6:48 PM

I am somewhat unintentionally on 2.7 on my first VPS install of pfSense because I had problems upgrading from 2.6 to Plus... so I tried 2.7.

Anyways I noticed that for example ping from pfSense wouldn't work to a public IP-address unless I specify the WAN-address manually.
Of note is that this VPS only has one NIC, which is WAN, and a wireguard interface, which is LAN.
In Diagnostics/Routes the default destination is the gateway on WAN.
But on WAN "Use non-local gateway" has to be checked because of the VPS-provider. So maybe there is the cause?

Also DNS-lookup of an IP-address is not working for me on that VPS install.

jimp · May 15, 2023, 5:48 PM

Your interface layout is probably preventing it from using automatic outbound NAT rules for traffic from the firewall itself (e.g. localhost)

Bob.Dig · May 15, 2023, 7:04 PM

@jimp Outbound NAT is looking good.

login-to-view

For the DNS Lookup it helped that I specified the Gateway for the DNS-Servers in System/General Setup. I am not using unbound or the other one locally.

Ping problem (with auto) still persists. Also the update check mostly fails.

Bob.Dig · May 15, 2023, 8:41 PM

I noticed that IPv6 wasn't working anymore and that the gateway had "v6" at the end in the name. I deleted it and created a new one, where ich wrote the V upper case. Lets hope this will last longer.

After a reboot IPv6 is lost again, looks like that server is doomed.

Bob.Dig · May 17, 2023, 1:45 PM

Today I installed 2.6 and I noticed some differences. I tried to upgrade this install but I am probably hitting some rate limits. Anyway, first difference, on the first page that is displayed after installation, there was the gateway set like I did before on the console, with 2.7 the non-local gateway was missing. Second difference, DHCPv6 on WAN is working with 2.6, wasn't with 2.7.
Now I hope everything still work when I am able to do the double upgrade to 23.05.

Bob.Dig · May 18, 2023, 8:37 PM

@bob-dig I did the upgrade to 23.01 and 23.05 RC on that (low RAM VMWare) VPS. IPv6 on WAN wasn't working with DHCP. I changed the settings to static IPv6 but after that, the connection on its IPv4-address was lost, even after a reboot. So I had to roll back the config change via console and disabled IPv6 completely.

And still some routing is not correct e.g. not using the default gateway.
login-to-view

login-to-view

Bob.Dig · May 20, 2023, 11:28 AM

@bob-dig said in 2.7.0.a.20230510.0600 diag/ping only works by selecting WAN-address:

And still some routing is not correct e.g. not using the default gateway.

Or better, the firewall itself is not always using the default gateway. If I do the ping test with IPv4, it will work for every manually selected interface other than "WAN IPv6 Link-Local" (and Automatic).

login-to-view

Bob.Dig · May 27, 2023, 12:18 PM

Re: 2.7.0.a.20230510.0600 diag/ping only works by selecting WAN-address

I installed from scratch again (fifth time) but problem came back again. I can't install anymore packages, the "list" is just empty. And I can't install patches either.

I am getting tired with 23.05-RELEASE and probably will just cancel that VPS.

Or take a look at the other side...

[Marked solved because I have to switch, this VPS from IONOS will not run with pfSense Plus]