Issues to registration system
-
Hmm, I'd be very interested to know what NAT states are created with that rule. You should never need to NAT traffic from the firewall itself unless it's from localhost.
With that rule in place the firewall will NAT it's own traffic and that will include IPSec connections that may fail with it set.
Steve
-
@stephenw10 That's true, I agree but some times if you modify in some way the routing table like add nat out rules, do that the system refresh something unexplainable
-
Yes it could restore a default route for example. I would be wary about adding a NAT rule for all traffic. I have seen that break things numerous times!
-
@stephenw10 Yes that is why In my way to add that rule, I put the source as this firewall only, and not 0.0.0.0
-
That still catches traffic from the WAN IP though which is what should not be done and what can break IPSec, for example.
-
I encountered a similar issue and found a solution by disconnecting all inactive ExpressVPN OpenVPN clients. Previously, I had them connected at all times to switch interfaces quickly if a streaming service blocked me. However, with only one active OpenVPN client connected to my VPN WAN interface, the problem was resolved and everything is functioning correctly now.
-
This is an old post so hoping my guess is accurate regarding the issue in the first post.
I am building up a new system and only have the LAN interface active with a LAN gateway attached and have been able to get modules downloaded and etc. The WAN interface is disabled and not connected yet.
My hunch is that for some reason NetGate wants to see something from the WAN side or firewall directly from this device. Otherwise one cannot register the box. Is my hunch correct?
If so, why can't we register a box in a semi online mode, no WAN connection yet.
Thanks for any thoughts!
JOhn
-
You don't need a 'WAN' specifically to register. As long as the firewall has a default route and can connect out it should be able to reach the registration system.
You would want to have the WAN NIC physically present in the device before registering though even if it's disabled. If you add it later you would change the system NDI and have to re-register.
Steve
-
Thank-you for the reply!
Well... my WAN interface is enabled but it is not attached to any wan switch as I am just trying to configure it up and have everything mostly ready to swap and go... plug and play maybe?!
I tried again several times and the same thing comes up every time.
Thank you for choosing Netgate pfSense
Plus
The registration system is not currently available. Please check your network connection and try again.Is the system down and been down for some period of time? I can download modules and was able to update to the latest version, 2.7.0. There may be a x.x.5 update? Dunno.
Anyway, any other workaround?
Thanks!
John
-
Not it's not down. Can the firewall ping out? Can it resolve hosts? Is it trying to use IPv6?
-
Yes to all questions. Using my lan gateway on the lan interface only. Using OpenDNS to resolve names.
WAN interface is enabled, set with my ISPs Static credentials, (ready to go when I get everything configured. Still learning), but attached to nothing... no WAN connection yet. Just an empty RJ45 receptacle.
Thank you again very much!
John
-
Ok try setting the firewall to prefer IPv4 in System > Advanced > Networking.
-
-
R raaalf referenced this topic on
