Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote syslog using WAN interface.

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 2 Posters 475 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Upgrade to 2.8?

      How do you have the source address set?

      You might also be hitting the state policy change in 2.8:
      https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#config-advanced-firewall-state-policy-history

      You can try setting that back to floating.

      1 Reply Last reply Reply Quote 0
      • D
        dersini @dersini
        last edited by

        @dersini said in Remote syslog using WAN interface.:

        @stephenw10 said in Remote syslog using WAN interface.:

        If it's a policy based tunnel it won't match the defined traffic selectors unless it's sourced from the internal interface address.

        There is a (pretty hacky) workaround but a better solution would be to use a route based IPSec tunnel.

        https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html

        It is a policy based tunnel which worked for years on 2.6 and 2.7 code.
        Syslog is sourced from a VLAN address and it worked until the upgade.

        Upgraded to 2.8 two days ago.
        Source interface is set Under Status>System Logs>Settings.

        Changing to float state policy still results in syslog UDP packets being sent out of WAN interface to a private IP address behind the IPSEC tunnel.

        Thanks for taking interest in this post.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Ah, OK.

          Check the state table. How does that traffic appear? Is it actually binding to the correct address?

          D 1 Reply Last reply Reply Quote 0
          • D
            dersini @stephenw10
            last edited by

            @stephenw10 said in Remote syslog using WAN interface.:

            Ah, OK.

            Check the state table. How does that traffic appear? Is it actually binding to the correct address?

            State table shows syslogd binding to the WAN address.

            I tested with NTP and it does bind to the interface configured in WebUI. Also communicates via IPSEC to configured NTP server without any issues.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by stephenw10

              Ok replicated that in 2.8. Digging...

              https://redmine.pfsense.org/issues/16285

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                This is fixed upstream already. Will be in new builds soon.

                https://github.com/pfsense/FreeBSD-src/commit/ae4f708f0b383277505daa191e21db399b558839

                D 1 Reply Last reply Reply Quote 0
                • D
                  dersini @stephenw10
                  last edited by

                  @stephenw10 said in Remote syslog using WAN interface.:

                  This is fixed upstream already. Will be in new builds soon.

                  https://github.com/pfsense/FreeBSD-src/commit/ae4f708f0b383277505daa191e21db399b558839

                  Thanks.
                  I just tried syslog-ng and it behaves exactly the same.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    In the mean time that local gateway workaround should work if you can't switch to a route based tunnel.

                    D 2 Replies Last reply Reply Quote 0
                    • D
                      dersini @stephenw10
                      last edited by

                      @stephenw10 said in Remote syslog using WAN interface.:

                      In the mean time that local gateway workaround should work if you can't switch to a route based tunnel.

                      Working on setting up VTI.

                      Thanks,

                      1 Reply Last reply Reply Quote 1
                      • D
                        dersini @stephenw10
                        last edited by

                        @stephenw10 said in Remote syslog using WAN interface.:

                        In the mean time that local gateway workaround should work if you can't switch to a route based tunnel.

                        VTI resolved the issue.

                        Thanks again.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.