Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows 10 login not working

    Scheduled Pinned Locked Moved Firewalling
    14 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      noesberger
      last edited by

      Packet Trace shows:
      17:17:13.537522 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
      17:17:13.707694 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0
      17:17:16.548574 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
      17:17:16.718489 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0
      17:17:20.086588 IP 192.168.1.131.54495 > 94.245.121.253.3544: UDP, length 61
      17:17:20.139370 IP 94.245.121.253.3544 > 192.168.1.131.54495: UDP, length 109
      17:17:22.556470 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
      17:17:22.726707 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0
      17:17:24.714343 ARP, Request who-has 192.168.1.1 (d4:7b:b0:d5:c4:c0) tell 192.168.1.131, length 46
      17:17:24.714587 ARP, Reply 192.168.1.1 is-at d4:7b:b0:d5:c4:c0, length 46
      17:17:34.567014 IP 192.168.1.131.50031 > 131.253.61.64.443: tcp 0
      17:17:34.734215 IP 131.253.61.64.443 > 192.168.1.131.50031: tcp 0
      17:17:37.566502 IP 192.168.1.131.50031 > 131.253.61.64.443: tcp 0
      17:17:37.732957 IP 131.253.61.64.443 > 192.168.1.131.50031: tcp 0
      17:17:39.742572 ARP, Request who-has 192.168.1.131 tell 192.168.1.1, length 46
      17:17:39.743934 ARP, Reply 192.168.1.131 is-at 28:18:78:57:97:9b, length 46
      17:17:43.572412 IP 192.168.1.131.50031 > 131.253.61.64.443: tcp 0
      17:17:43.739304 IP 131.253.61.64.443 > 192.168.1.131.50031: tcp 0

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Clearly from that sniff there is traffic flow and your getting answers from public IPs..

        17:17:13.537522 IP 192.168.1.131.50030 > 131.253.61.80.443: tcp 0
        17:17:13.707694 IP 131.253.61.80.443 > 192.168.1.131.50030: tcp 0

        Where did you do that sniff?

        Maybe that answer is a RST??  From that amount of info can not really say what is happening.. Other than you sent packet to that public IP and there was some sort of reply..

        Your doing an arp to what I assume is your isp device.. Not really a modem if its doing nat now is it ;)
        17:17:24.714343 ARP, Request who-has 192.168.1.1 (d4:7b:b0:d5:c4:c0) tell 192.168.1.131, length 46
        17:17:24.714587 ARP, Reply 192.168.1.1 is-at d4:7b:b0:d5:c4:c0, length 46

        I show that d4:7b:b0 as ASKEY COMPUTER CORP.

        How exactly did you setup transparent mode?  Why would you not just put your isp device into bridge more or run double nat?  What is providing wifi?  I assume your isp device??  Which would be in front of pfsense anyway..  I have to assume your surface pro 2 is wifi, its a tablet is in not.. So wifi not a wire connect to your cisco switch.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • N
          noesberger
          last edited by

          I did that sniff on the pfSense. (Diagnostic - Packet Capture)
          Yes, that's exactly the strange thing. 131.253.61.80 is an public IP from Microsoft. I can see that traffic is going out and some sort of reply. Without changing anything on my laptop, only removing the pfSense and cabling the ADSL Modem directly to my switch, the login is working. So it must be something with the config of the pfSense. But I can't find anything that is blocking or wrong configured.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            How would pfsense have anything to do with wifi connection to your isp device??

            What is providing wifi to your tablet?  Your isp device or some AP connected to your switch?  How is that configured?  Is that IP address list your tablet IP 192.168.1.131?

            How did you configure pfsense in transparent mode - what are you firewall rules?  Clearly where you sniff your seeing an answer from public IP..  Load that up into wireshark, post up the pcap..

            You did that sniff on what interface of pfsense?

            setup.jpg
            setup.jpg_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • N
              noesberger
              last edited by

              An Ubiquity Wireless access point is connected to the cisco switch. So all the traffic (wireline and wireless) has to pass the pfSense for connecting to the internet.
              Yes, 192.168.1.131 is the IP of the surface pro.

              IPv4 * LAN net * * * * none Default allow LAN to any rule    
              IPv6 * * * * * * none Default allow LAN IPv6 to any rule

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                And how exactly did you setup pfsense in transparent mode.  To do that you need to setup a bridge.. So what are your rules on your bridge?  Where exactly did you do that sniff?  What interface of pfsense?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • N
                  noesberger
                  last edited by

                  set net.link.bridge.pfil_bridge to 1.
                  Configured: BRIDGE0 with the 2 interfaces: WAN, LAN
                  Sniff was on the LAN Interface, but on the WAN Interface I get the same results (because of the bridge config, or?)

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    And what are you rules on your bridge interface?

                    Again clearly your seeing packets with some sort of reply.. Maybe it was RST??  So did you assign pfsense an IP to the bridge?  What interface did you assign to bridge?  Did you make sure wan and lan don't have any IP?

                    Your going to have to go into more details of your bridge setup if you want help figuring out what you did wrong or what you forgot to do.  Why do you not put isp device into bridge mode or double nat… What exactly are you thinking your accomplishing via transparent mode?  Your isp device is the nat device so you have to setup the rules there for any port forwarding.  And then you would have to also allow that traffic on your pfsense.  If your just going to do any any - what exactly does pfsense get you in this sort of setup.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • N
                      noesberger
                      last edited by

                      On the LAN Interface, I configured an internal IP 192.168.1.10 for accessing the GUI of the pfSense.
                      The WAN and OPT1 (Brigde) have no IP configuration.

                      In the Firewall Rule configuration I have an outgoing any allow Rule on the LAN-Interface, on the WAN Interface I have one special rule for allowing openVPN and on the bridge interface is no rule configured.

                      I'm just learning how to use the pfSense, so if I make any mistakes, I can just remove the pfsense and cable the modem directly and all the other devices are working without any IP changes or reconfigurations. Until now all is working fine. I can access the internet on all my other devices without any problem (mac). But the only windows system I have is making problems at the login when I have the pfSense between my modem and cisco switch.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        "The WAN and OPT1 (Brigde) have no IP configuration."

                        And that is not a valid configuration..

                        If your going to setup a transparent you would put your IP on the bridge interface an dfirewall on the Bridge interface, etc.

                        What does learning have to do with trying to setup a complex setup like a bridge?  Just turn of pfsense out of the box and everything will work with your double nat..  Just make sure you pfsense lan network is different than what your isp router is using.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 0
                        • N
                          noesberger
                          last edited by

                          Hi

                          I found a good document describing how to setup correctly a bridge:
                          http://users.ox.ac.uk/~clas0415/assets/Setting-up-pfSense-as-a-Stateful-Bridging-Firewall-with-commodity-hardware.pdf

                          After making all the steps described there, it worked fine. WAN and OPT1 still have no IP configuration. I think changing the advanced settings and disable the auto-creation of NAT rules completly solved the problem.

                          Thanks for your help.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.