Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows 10 login not working

    Scheduled Pinned Locked Moved Firewalling
    14 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      Can we help you with that amount of info - NO..

      Other than your doing something wrong.. What else would you like us to go over?  So if your running in transparent mode?  What is doing the nat?  Do you have multiple public IPs?

      Why do you want to run pfsense in transparent mode?  How exactly did you verify your connection was a working setup before you try and log into some wifi?  If your wifi router is in front of pfsense - what would that that to do with anying.

      More than happy to help but your going to need to provide more info.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • N
        noesberger
        last edited by

        Hi

        I have an ADSL Modem with one public IP (NAT is done by this modem).
        The Modem is connected on the WAN Port of the pfSense. The LAN Port of the pfSense is connected to my cisco switch, where all the devices are connected to.

        When I remove the pfSense and connect the ADSL Modem directly to the Cisco Switch, I can login into Windows 10 without any problem. So my assumption is, that pfSense is blocking some traffic. But when I check the log, I can't see any blocking traffic from this device.

        What else I can check on the pfSense to find the root-cause of the problem? Maybe someone of you had similar issues with logins to microsoft (live.com)

        1 Reply Last reply Reply Quote 0
        • N
          noesberger
          last edited by

          Packet Trace shows:
          17:17:13.537522 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
          17:17:13.707694 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0
          17:17:16.548574 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
          17:17:16.718489 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0
          17:17:20.086588 IP 192.168.1.131.54495 > 94.245.121.253.3544: UDP, length 61
          17:17:20.139370 IP 94.245.121.253.3544 > 192.168.1.131.54495: UDP, length 109
          17:17:22.556470 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
          17:17:22.726707 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0
          17:17:24.714343 ARP, Request who-has 192.168.1.1 (d4:7b:b0:d5:c4:c0) tell 192.168.1.131, length 46
          17:17:24.714587 ARP, Reply 192.168.1.1 is-at d4:7b:b0:d5:c4:c0, length 46
          17:17:34.567014 IP 192.168.1.131.50031 > 131.253.61.64.443: tcp 0
          17:17:34.734215 IP 131.253.61.64.443 > 192.168.1.131.50031: tcp 0
          17:17:37.566502 IP 192.168.1.131.50031 > 131.253.61.64.443: tcp 0
          17:17:37.732957 IP 131.253.61.64.443 > 192.168.1.131.50031: tcp 0
          17:17:39.742572 ARP, Request who-has 192.168.1.131 tell 192.168.1.1, length 46
          17:17:39.743934 ARP, Reply 192.168.1.131 is-at 28:18:78:57:97:9b, length 46
          17:17:43.572412 IP 192.168.1.131.50031 > 131.253.61.64.443: tcp 0
          17:17:43.739304 IP 131.253.61.64.443 > 192.168.1.131.50031: tcp 0

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Clearly from that sniff there is traffic flow and your getting answers from public IPs..

            17:17:13.537522 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
            17:17:13.707694 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0

            Where did you do that sniff?

            Maybe that answer is a RST??  From that amount of info can not really say what is happening.. Other than you sent packet to that public IP and there was some sort of reply..

            Your doing an arp to what I assume is your isp device.. Not really a modem if its doing nat now is it ;)
            17:17:24.714343 ARP, Request who-has 192.168.1.1 (d4:7b:b0:d5:c4:c0) tell 192.168.1.131, length 46
            17:17:24.714587 ARP, Reply 192.168.1.1 is-at d4:7b:b0:d5:c4:c0, length 46

            I show that d4:7b:b0 as ASKEY COMPUTER CORP.

            How exactly did you setup transparent mode?  Why would you not just put your isp device into bridge more or run double nat?  What is providing wifi?  I assume your isp device??  Which would be in front of pfsense anyway..  I have to assume your surface pro 2 is wifi, its a tablet is in not.. So wifi not a wire connect to your cisco switch.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • N
              noesberger
              last edited by

              I did that sniff on the pfSense. (Diagnostic - Packet Capture)
              Yes, that's exactly the strange thing. 131.253.61.80 is an public IP from Microsoft. I can see that traffic is going out and some sort of reply. Without changing anything on my laptop, only removing the pfSense and cabling the ADSL Modem directly to my switch, the login is working. So it must be something with the config of the pfSense. But I can't find anything that is blocking or wrong configured.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                How would pfsense have anything to do with wifi connection to your isp device??

                What is providing wifi to your tablet?  Your isp device or some AP connected to your switch?  How is that configured?  Is that IP address list your tablet IP 192.168.1.131?

                How did you configure pfsense in transparent mode - what are you firewall rules?  Clearly where you sniff your seeing an answer from public IP..  Load that up into wireshark, post up the pcap..

                You did that sniff on what interface of pfsense?

                setup.jpg
                setup.jpg_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • N
                  noesberger
                  last edited by

                  An Ubiquity Wireless access point is connected to the cisco switch. So all the traffic (wireline and wireless) has to pass the pfSense for connecting to the internet.
                  Yes, 192.168.1.131 is the IP of the surface pro.

                  IPv4 * LAN net * * * * none Default allow LAN to any rule    
                  IPv6 * * * * * * none Default allow LAN IPv6 to any rule

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    And how exactly did you setup pfsense in transparent mode.  To do that you need to setup a bridge.. So what are your rules on your bridge?  Where exactly did you do that sniff?  What interface of pfsense?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • N
                      noesberger
                      last edited by

                      set net.link.bridge.pfil_bridge to 1.
                      Configured: BRIDGE0 with the 2 interfaces: WAN, LAN
                      Sniff was on the LAN Interface, but on the WAN Interface I get the same results (because of the bridge config, or?)

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        And what are you rules on your bridge interface?

                        Again clearly your seeing packets with some sort of reply.. Maybe it was RST??  So did you assign pfsense an IP to the bridge?  What interface did you assign to bridge?  Did you make sure wan and lan don't have any IP?

                        Your going to have to go into more details of your bridge setup if you want help figuring out what you did wrong or what you forgot to do.  Why do you not put isp device into bridge mode or double nat… What exactly are you thinking your accomplishing via transparent mode?  Your isp device is the nat device so you have to setup the rules there for any port forwarding.  And then you would have to also allow that traffic on your pfsense.  If your just going to do any any - what exactly does pfsense get you in this sort of setup.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • N
                          noesberger
                          last edited by

                          On the LAN Interface, I configured an internal IP 192.168.1.10 for accessing the GUI of the pfSense.
                          The WAN and OPT1 (Brigde) have no IP configuration.

                          In the Firewall Rule configuration I have an outgoing any allow Rule on the LAN-Interface, on the WAN Interface I have one special rule for allowing openVPN and on the bridge interface is no rule configured.

                          I'm just learning how to use the pfSense, so if I make any mistakes, I can just remove the pfsense and cable the modem directly and all the other devices are working without any IP changes or reconfigurations. Until now all is working fine. I can access the internet on all my other devices without any problem (mac). But the only windows system I have is making problems at the login when I have the pfSense between my modem and cisco switch.

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            "The WAN and OPT1 (Brigde) have no IP configuration."

                            And that is not a valid configuration..

                            If your going to setup a transparent you would put your IP on the bridge interface an dfirewall on the Bridge interface, etc.

                            What does learning have to do with trying to setup a complex setup like a bridge?  Just turn of pfsense out of the box and everything will work with your double nat..  Just make sure you pfsense lan network is different than what your isp router is using.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 0
                            • N
                              noesberger
                              last edited by

                              Hi

                              I found a good document describing how to setup correctly a bridge:
                              http://users.ox.ac.uk/~clas0415/assets/Setting-up-pfSense-as-a-Stateful-Bridging-Firewall-with-commodity-hardware.pdf

                              After making all the steps described there, it worked fine. WAN and OPT1 still have no IP configuration. I think changing the advanced settings and disable the auto-creation of NAT rules completly solved the problem.

                              Thanks for your help.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.