Problem with inter VLAN Connections
-
Okay I really do need the help of the community here:
I really cant find any issue with my routing or why the state gets stale so fast.Here i Tried to find the issue:
First I can open an ssh connection, but after 20 Seconds the Flag doesnt get accepted anymore even the Rule is build to accept any TCP Flag
I really cant find an issue with the routing or some sort of, maybe its a flag configuration but the optimazation options are the same as before: Normal
same as the State Timeouts:
Nothing fits with this 20 Seconds, the packet capture shows that its not 20 Seconds but 10 but even that makes no sense. -
@sysadminfromhell Are you running any part of it through a VM instance?
-
@Popolou no the pfsense is Baremetal but I found that the driver which currently get shipped with pfsense should be broken with the x710. The card is not very populated right now because its hard to get it cheap but I guess this should be the case here maybe. I try ti get more information about it to find a way to troubleshoot that.
https://forum.netgate.com/topic/162333/intel-x710-issues/36 -
@sysadminfromhell Under System -> Advanced -> Networking towards the bottom under Network Interfaces, can i ask what do you have ticked/unticked?
-
@Popolou as before with the x550:
-
@sysadminfromhell Those seem correct. I had very similar issues (posted about it) and noticed some of the same symptoms. Needed to remove all hardware offloading to restore functionality. Have you disabled the checksum offloading and tested? I've had mixed results with this on an x710 too.
-
@Popolou I did not check that, but I can test it and see if this works. I Keep you updated
-
@Popolou unfurtanatly its the same problem:
I now try to enable all the offload and see if this fixes it.
If not, maybe I need and developer to look at it or give me a hint to troubleshoot it more. Maybe I need the new drivers? -
@sysadminfromhell Even here the same issue:
-
I will buy a new x550 and replace it once again if not someone has a Idea (driver update or some sort of trick). I just need to inform netgate before because if I change my network card the ndi changes too.
-
@Popolou So I pciked up a x550 locally to replace the broken one and the x710 which appearently doesnt work properly and see there: "almost" no problems. I guess somehow the IPSec is broken and the S2S connection to my lab doesnt work properly.
-
@sysadminfromhell I suppose it's possible it could have been a cheap/fake x710 giving you the problems. I'd have probably looked at the firewall rules or checked if there was any rate limiting in place but it sounds like the replacement nic has put you right.