pfSense WAN connection hangs after about a minute
-
Success! My one laptop test worked. pfSense is up and running. After testing for 10-15 minutes with just one laptop I put it back on the main switch and so far so good.
The only thing I couldn't do was get a good pcap of the WAN link coming up. As suggested, I rebooted pfSense, cleared the States, re-logged into the GUI and then started a promiscuous pcap with full details up to 10,000 packets on the WAN interface with the WAN cable unplugged. I then plugged the cable in and worked with it until it stopped (or in this case, didn't stop).
When I stopped the pcap after a few minutes, I only had three packets listed. I've pasted the three packets in below, but why only three IPv6 packets? I should be seeing a lot more than this shouldn't I? Or does plugging the cable in somehow disrupt the capture?
No. Time Source Destination Protocol Length Info
1 0.000000 :: ff02::16 ICMPv6 100 Multicast Listener Report Message v2Frame 1: 100 bytes on wire (800 bits), 100 bytes captured (800 bits)
Null/Loopback
Internet Protocol Version 6, Src: ::, Dst: ff02::16
Internet Control Message Protocol v6No. Time Source Destination Protocol Length Info
2 0.152920 :: ff02::1:ff1e:22f0 ICMPv6 76 Neighbor Solicitation for fe80::2e0:67ff:fe1e:22f0Frame 2: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Null/Loopback
Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff1e:22f0
Internet Control Message Protocol v6No. Time Source Destination Protocol Length Info
3 0.636174 :: ff02::16 ICMPv6 80 Multicast Listener Report Message v2Frame 3: 80 bytes on wire (640 bits), 80 bytes captured (640 bits)
Null/Loopback
Internet Protocol Version 6, Src: ::, Dst: ff02::16
Internet Control Message Protocol v6 -
So after switching back to DNS forwarding mode and using Clouflare for upstream you are no longer being blocked after a few minutes?
Are you using DNS over TLS for that?Steve
-
That's correct except for the Cloudflare part. Right now it's just using the ISP DNS provided by the PPPoE connection. I'll try Cloudflare and DNS over TLS again this evening and see if that affects anything.
-
So it was never that your connection was down, its your resolution of dns was not work.. Which is why somestuff worked and other stuff didn't
-
Not entirely. While DNS was definitely part of the issue, the WAN connection did appear to stop returning packets. For example, pings from a box on the LAN to a public IP like 8.8.8.8 would start timing out; as would pings to any other public IPs. I would initially get DNS resolution and traffic, but after a short period (15-60 seconds) both DNS resolution and ICMP responses would stop.
-
I re-enabled Cloudflare DNS+TLS and it's still stable. I'm beginning to think it was that Enable Forwarding Mode checkbox that caused the issue (will test this later when the rest of the household isn't online). I wonder if all the root traffic was convincing my ISP that I was hosting a DNS server and they blocked my connection. I'll report back if I find out anything further, but I'm happy that the Vault is up and working like it should be.
Thank you both for taking the time to look at my issue and for providing both solid suggestions and feedback. It really helped to have some experienced eyes on the problem.
-
@fulkren said in pfSense WAN connection hangs after about a minute:
I'm beginning to think it was that Enable Forwarding Mode checkbox that caused the issue
Huh?? When you forward you do not talk to roots..
-
Sorry, I should have been more specific. I was postulating that accidentally having Enable Forwarding Mode disabled (unchecked) was causing the issue.
-
I would check with your ISP - I personally would be livid and looking for another ISP if my isp was interfering in my dns traffic like that.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
Yeah, that should not happen. But that is what I was postulating above.
Steve
-
@johnpoz said in pfSense WAN connection hangs after about a minute:
I would check with your ISP - I personally would be livid and looking for another ISP if my isp was interfering in my dns traffic like that.
I love when you speak from your heart. Usually that's the truth.
In fact ISP use your DNS queries to make a profile of you, it can be use for you (adds) or against you (if you sue ISP). On top of that they reduced costs by participate on Google Global Cache or GGC program for Youtube, Netflix, and so on.
Just block their GGC cache and you will get a faster speed.
