[SOLVED] First installation, but PC no longer connects

WhiteTiger-IT

@Gertjan
I can't even connect to SSH, which I'm sure I have enabled.
I also thought it might be PowerSaving.
The Motherboard expects this and the CPU is a Celeron. So this shouldn't be the problem.
However I install pfSense again and don't enable the option. I had already "discarded" the standby of the disc.
Considering that little is used, I would not mind that they would consume less, if everything does not stop.
Now I reset pfSense another time

WhiteTiger-IT

@Gertjan
Is it normal that after installation I cannot surf the Internet from the LAN?
I have to use a second PC connection on a Hotspot of my Smartphone to be able to surf the Internet and access the documentation.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

Is it normal that after installation I cannot surf the Internet from the LAN?

If the LAN NIC is ok, your PC NIC is ok, the cable is ok - and at least one of the NIC's support MDX (rather standard these days, before you needed a hub/switch/or cross over cable), then all you need is a cable and your connected.

Do understand that I use just one line for something that needs to meets hundreds of conditions to work.

Your PC will use it's default DHCP client to obtain an IP (and mask and gateway and DNS) from the DHCP server on pfSense - this is something every router on earth does, pfSense does the same thing.
This can be sen in the DHCP server log right away.
On your PC, a Windows thing ? Enter

ipconfig /all

and you see the other side.

edit : just by any chance : when you set up the DHCP pool on LAN, it's bigger as "1" - something like 192.168.1.10 to 192.168.1.100 and the LAN's mask is /24, not /32 (yep, this happens).

WhiteTiger-IT

@Gertjan said in First installation, but PC no longer connects:
The cable is OK, the switch is a good HP and it's OK.
On the other hand, the problem occurs after switching off and on.
pfSense refuses the connection.
Now I do a new installation of Win10Pro.
Mine is a clean PC with only very few applications installed: Dropbox, OpenVPN, VMWare Workstation, Evernote.
I do a new installation since on the net we talk about the problems with the latest Win Updates, but I'm sure that's not the problem.
Now I'm going by attempts.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

problems with the latest Win Updates

2004 ?
Runs fine on several machines here.

@WhiteTiger-IT said in First installation, but PC no longer connects:

VMWare Workstation

This one can do 'things' with the NIC of your PC .... Never sued it myself, although I have a VM using Windows Pro Hyper-V running pfSense just fine @home.

edit : side note : I wouldn't call a today fresh Windows machine a "clean" thing.
Bought two news PC's from dell this morning, equipped with Win10Pro and probably lose my temper (again) when I see that Candy & family popping up in my phase. These two PC's will get probably de-bloated first.

WhiteTiger-IT

@Gertjan
New installation from scratch of pfSense.
New installation from scratch of Win10 Pro.
No configuration neither in pfSense, nor in Win 10; not even an update.
A failed connection error returns from Edge http://192.168.1.1 and https://192.168.1.1.
I also tried with Xubuntu 20.04 Live. Always mistake.

With the PC clean and from a Live there are no more potential conflicts with other particular programs or configurations.
On the other hand, this PC has always connected to IPFire, OpnSense, Proxmox, VMWare ESXi, Debian & Ubuntu Server.
I have never had connection problems, both when SSH was needed and when I had to use a web panel.

Tomorrow I change the firewall PC, but I don't understand why since it never gave problems.

Then I give up because I don't know what to do anymore.

P.S .: I don't think it's some game that MS downloads in the Start Menu to create problems since I haven't even opened it.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

I change the firewall PC

What firewall ? where ? WinPro10 ?
When you buy a new PC, and you hook it to to some SOHO router - any router - it will obtain IP settings, and "connect to the net". Exception : the upstream network isn't using default settings, your you're behind a captive portal, you're using a company network with an "admin" above you. Or your WinPro10 found an Microsoft AD server, and that one forbid any network activity. But these things are rare and known in advance.

Have a look at these : https://www.youtube.com/results?search_query=pfsense+setup - look at any of them and see for yourself that there is really nothing special.

JeGr

@WhiteTiger-IT said in First installation, but PC no longer connects:

A failed connection error returns from Edge http://192.168.1.1 and https://192.168.1.1.

As you configured pfSense UI to port 1020 without redirection, that would be expected?

In System / Advanced / Miscellaneous

** Power Savings Activate Enable PowerD

** Cryptographic & Thermal Hardware / Thermal Sensors = Intel CPU

** NO! Hardware Settings / Hard disk standby time = 12 (I tried with this settings)

That makes me curious. I never ever had to configure anything on any hardware for PowerD. Yes I could, but what's the sense of it? It's a firewall it has to run 24/7 so why should I even think about sending it to sleep or configuring standby things? I'd leave PowerD off and set up the HDD standby to off, too. Makes no sense to me. Setting the Intel CPU for thermal on a Celeron is OK, if it has AES-NI capabilities switch that on, too. Otherwise leave the defaults.
Hardware can behave like a bitch with faulty ACPI/Power/Standby settings and BSD has had a few strange things in corner cases with few ACPI BIOS implementations, so I'd rather play it safe here and configure it to run 24/7 and NOT go into any kind of sleep mode. Would check the BIOS/UEFI for that, too.

Done Backup -1-Post Installation

So after a new installation, does your pfSense have proper internet via WAN? (you didn't write anything about the WAN side, only LAN and OPT1) Are the diagnostic options like Ping, DNS check etc. working? Can you install e.g. the sudo or cron package without a problem?

Is it normal that after installation I cannot surf the Internet from the LAN?

No it's not. If the above is true (my block above with checking WAN connectivity) and your pfSense has working WAN connection and can install e.g. a package without effort, a client connected to your LAN interface should work immediatly as the defaults allow any client on the LAN to access anything (default LAN any any rule and default auto. outbound NAT are enabled). So if your PC wouldn't work then, there's some other/bigger issues at play.

A PC on OPT1 will not work out of the box as there is no default firewall rule on OPT1 and it is blocked to access anything.

But as @Gertjan wrote, we'd need more info and probably screenshots about your interface settings and NAT and firewall rules as well as the DHCP server and DNS settings to see why that wouldn't work.

The Motherboard expects this and the CPU is a Celeron. So this shouldn't be the problem.

Nope it doesn't. No MB expects any form of power saving to be enabled. It's just an option to use.

If you tell me where I find the log from the console, I'll go and see it

You need to have console access to the machine (if it's a PC/Server, attach keyboard and monitor, for an appliance some kind of serial console etc.). If you have that available you can check the system like @Gertjan showed.
For the logs you also see in "System Logs", go to /var/log

cd /var/log
ls -la

# should show something like this:

[2.4.5-RELEASE][root@fwl01.lab.test]/var/log: ls -la
total 798
drwxr-xr-x   4 root  wheel      27 Jun  2 23:54 .
drwxr-xr-x  28 root  wheel      28 Jun  2 23:54 ..
-rw-r--r--   1 root  wheel   72179 Sep 23  2019 bsdinstall_log
-rw-------   1 root  wheel  511488 Jul  1 11:17 dhcpd.log
-rw-r--r--   1 root  wheel   12580 Jun 17 21:04 dmesg.boot
-rw-------   1 root  wheel  511488 Jul  1 11:19 filter.log
-rw-------   1 root  wheel  511488 Jun 17 21:06 gateways.log
-rw-------   1 root  wheel  511488 Jul  1 11:19 ipsec.log
-rw-------   1 root  wheel  511488 Sep 23  2019 l2tps.log
-rw-r--r--   1 root  wheel       0 Sep 24  2019 lastlog
drwxr-xr-x   2 root  wheel       3 Sep 23  2019 nginx
-rw-------   1 root  wheel  511488 Jul  1 11:18 nginx.log
drwxr-xr-x   2 root  wheel       2 Sep 23  2019 ntp
-rw-------   1 root  wheel  511488 Jun 17 21:06 ntpd.log
-rw-------   1 root  wheel  511488 Jul  1 11:19 openvpn.log
-rw-------   1 root  wheel  511488 Sep 23  2019 poes.log
-rw-------   1 root  wheel  511488 Sep 23  2019 portalauth.log
-rw-------   1 root  wheel  511488 Sep 23  2019 ppp.log
-rw-------   1 root  wheel  511488 Sep 23  2019 relayd.log
-rw-------   1 root  wheel  511488 Jul  1 11:17 resolver.log
-rw-------   1 root  wheel  511488 Jun 29 15:52 routing.log
-rw-------   1 root  wheel  511488 Jul  1 11:19 system.log
-rw-------   1 root  wheel   29744 Jun 17 21:05 userlog
-rw-r--r--   1 root  wheel    1182 Jul  1 11:19 utx.lastlogin
-rw-------   1 root  wheel    7155 Jul  1 11:19 utx.log
-rw-------   1 root  wheel  511488 Sep 23  2019 vpn.log
-rw-------   1 root  wheel  511488 Sep 23  2019 wireless.log

# you can then read a log with "clog" (tail -100 only shows the newest 100 lines)

[2.4.5-RELEASE][root@fwl01.office.nroute.de]/var/log: clog system.log | tail -100
...
Jul  1 11:15:06 fwl01 sshd[86395]: Received disconnect from 10.100.1.130 port 33390:11: disconnected by user
Jul  1 11:15:06 fwl01 sshd[86395]: Disconnected from user nbackup 10.100.1.130 port 33390
Jul  1 11:17:29 fwl01 sshd[18858]: Connection closed by 10.0.0.217 port 56214 [preauth]
Jul  1 11:19:03 fwl01 sshd[84209]: user root login class  [preauth]
...

Hope that helps in getting to know why it behaves so strange.

Gertjan

@JeGr said in First installation, but PC no longer connects:

you configured pfSense UI to port 1020 without redirection

Me slam head hard ..... I didn't even see that one.
Your brand of coffee is better as mine....

( I'm still somewhat presuming that @WhiteTiger-IT means http://192.168.1.1:1020 when he writes http://192.168.1.1 .... (== http://192.168.1.1:80)

@WhiteTiger-IT : Stop watching those 'bad' Youtube videos. Do what other (should) do : read the official manual - watch the official Netgate videos. Live will be so easy afterwards.

WhiteTiger-IT

Today I can't work on pfSense, I'm too late with other jobs.
I hope tomorrow.
Thus I answer only a few things.

Normally a firewall is always on, but this is in a test environment.
I thought about activating the power saving features because it should be used very little.
To avoid problems, I have not activated these functions since the last installation.

I have read all the pfSense documentation except the things that don't interest me right now.
On the other hand, I'm still stuck at the starting point.
I read other pages on the Internet, but they were related to rule management.
I haven't even opened the rules and interfaces menu yet.

The WAN is active with DHCP.
I honestly don't remember if from console a ping on 8.8.8.8 or google.com worked. I did many of those tests that I am confused by now.

Obviously there are no other firewalls, either upstream or downstream of pfSense.
The router is a Teltonika with a Vodafone SIM.
There are some ports (80, 443, 25, 53, 22) addressed on the pfSense WAN card, but have not yet been configured.
So I didn't ask myself the problem.

The last installation was in a totally clean environment.
No configuration of pfSense, Win 10 installed from the beginning, Ubuntu Live.
And yet even 192.168.1.1 was not accessible.

I'll reinstall everything tomorrow and if it doesn't work I'll change the PC.

For the moment, thank you for your support.

JeGr

@WhiteTiger-IT said in First installation, but PC no longer connects:

The last installation was in a totally clean environment.
No configuration of pfSense, Win 10 installed from the beginning, Ubuntu Live.
And yet even 192.168.1.1 was not accessible.
I'll reinstall everything tomorrow and if it doesn't work I'll change the PC.
For the moment, thank you for your support.

That's alright. We all miss having time we'd like to have to work on lab setups. Comes with the job so no worries :)

If you haven't even looked into the Firewalls/Rules section, then just keep in mind, that any interface other than LAN won't work out of the box with the default setup/rules generated. Only LAN will have that. Also if unsure, check after a fresh installation of pfSense and setting WAN to DHCP (and perhaps quick configuration of LAN), if you can ping/DNS/etc. from the firewall itself. Easily tested by e.g. installing the sudo packge. As that only requires one package from the update servers, it should go quick and painless. If that works, it's very much assured, that the firewall itself can access upstream/internet correctly. Then you can go on to testing the LAN side of things.

Regards,
Jens

WhiteTiger-IT

From console:

• Ping Google is OK
• pkg install sudo nano OK

From PC I'm able to surf Internet.

Everything is working fine. Hopefully everything stays that way!
It is true that I am installing the bare minimum.
Or that the green goblins are sleeping.
If tomorrow I still find everything stuck, I mean I will set the goblins' traps!

==== Update ====
Turned everything off and on again is still OK.
I'm thinking about the differences between this installation and those made so far.

On the console, in addition to the installation, I limited myself to assigning the interfaces.
Then I did it all via the browser.
1- enabling of the OPT1 interface and changed name in DMZ;
2- assignment of addresses;
3- activation of DHCP;
4- I have NOT activated any Power Saving function;
5- I also activated the temperature diagnostics here through the Intel core;
6- I haven't changed the port for the browser;
7- I have not disabled IPV6;
8- in addition activated the static lease and assigned my PC to the WOL.

Aside from the green goblins, if there is anything that bothered you, it is in these differences.
We will see what happens tomorrow morning

JeGr

@WhiteTiger-IT said in First installation, but PC no longer connects:

From PC I'm able to surf Internet.

Great so far :)

We will see what happens tomorrow morning

I'm excited to hear it. Hopefully the goblins still sleep (or even better are now extinct) ;)

WhiteTiger-IT

Everything is working well and frankly I do not understand what may have bothered it in recent days.
Perhaps the problem is just in power saving.
I can try enabling it again to see if it crashes all over again.
But then I have to be able to disable it from Console if I don't want to reinstall everything again.
For the moment I consider in any case the problem solved.
Thanks everyone for the support and help.

valentinius

everything worked well and then suddenly stopped working, I am puzzled over this question which is disturbing me more than anything else, i see that i not only me encountered such a challenge but i am unlike others not. I had to be able to disable it from Console too otherwise i would need to make reinstallation..