Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I don't use IPSec, but I'm having a similar problem to that bug. Related?

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pffffSensing-N00b-3485901
      last edited by

      2.2.6-RELEASE (i386)
      built on Mon Dec 21 14:50:36 CST 2015
      FreeBSD 10.1-RELEASE-p25

      My LAN Interface has crapped out.  >:( :(  It's a chinese USB NIC (Realtek) on a laptop and the whole thing is an experiment for me to get my feet wet with pfSense.  I'm building a better box BTW.

      I can access pfSense from the WAN interface, but not the LAN interface.  pfSense says the LAN interface is up, but it's not issuing ipv4 DHCP addresses, I can't access the web interface, and it's not receiving any packets from the network.  It seemed to be that it was crapping out every 2 hours, and then I discovered that the DHCP lease time was 2 hours.  Rebooting the laptop would fix the issue for a few weeks, and then today I changed the lease time.  Today it also stopped working completely.  I tried swapping out the WAP attached to the switch, and it's still not working.

      I searched the forum and found this thread:
      https://forum.pfsense.org/index.php?topic=110710.0

      This is a very similar phenomenon.  However, I've set up pfSense to ship traffic out to a commercial VPN (like a proxy) via OpenVPN.  In effect, it's just a VPN appliance sitting behind a SOHO router.  It's not doing anything with IPSec.

      The problem seems to have had a half life.  Meaning that things started out fine and have been getting  frequent and now they are dead.

      Is it possible/probable that whatever affected IPSec, also affected OpenVPN about the same time?  Or should I start looking elsewhere?

      1 Reply Last reply Reply Quote 0
      • M
        mer
        last edited by

        Is your problem on 2.2.6 or on 2.3.x?  Your link is specifically related to IPSec issues with SMP (more than 1 core) that were due to porting issues of FreeBSD IPSec from 11-Current to pfSense (10.3) specifically in pfSense 2.3.

        If your problem is being seen on 2.2.6, it's not the 2.3/IPSec/SMP issue.

        There may be other Realtek issues;  you really haven't given much info related to the specific hardware you are seeing an issue on.

        1 Reply Last reply Reply Quote 0
        • P
          pffffSensing-N00b-3485901
          last edited by

          I don't have that much to go on.  Seems that i can't get adapter information from the web interface.  ue0 just means USB Ethernet 0.  However, this is what I am using: http://www.microcenter.com/product/444552/UED011_USB_20_to_Fast_Ethernet_Adapter?rf=Search+Results+Top+%3E+Feature+1+%3E+Inland+UED011+Feature

          ![pfsense system status.PNG](/public/imported_attachments/1/pfsense system status.PNG)
          ![pfsense system status.PNG_thumb](/public/imported_attachments/1/pfsense system status.PNG_thumb)
          ![pfsense LAN status.PNG](/public/imported_attachments/1/pfsense LAN status.PNG)
          ![pfsense LAN status.PNG_thumb](/public/imported_attachments/1/pfsense LAN status.PNG_thumb)

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            try changing the nic to pci-e intel nic

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Yeah. Use decent gear first. No confidence in realtek, especially as described. USB NIC, Bridging, and Realtek. Those are three general areas that give people fits all by themselves. You have a trifecta.

              Your issue is definitely not that IPsec+SMP issue (6296) unless you are running 2.3 or 2.3_1 (not 2.3.1 as it is fixed there.) And it was pretty hard to trigger requiring substantial UDP traffic over the tunnel for hours.

              If this is a new install why are you messing about with 2.2? Just use 2.3.1.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • P
                pffffSensing-N00b-3485901
                last edited by

                I've got a box with 2x Intel NICs, and I spent an hour digging around for an IDE cable, so I'll be putting a drive and a fresh/latest copy of pfSense on it either later today or later this week.  However, the pfLaptop (described above) was me getting my feet wet with parts on hand and minimal expenditure, so I was trying to figure out what went wrong with it.

                The bridge is to OpenVPN (I think?).  Does that not work either?  If so, I'll need to rethink using pfSense.

                Although… I did try to have Wi-Fi on the bridge and never got it working.  I wonder if I did not disable it properly?  I turned off the adapter and that stopped the stuck beacon problem.  The laptop has an integrated Atheros Wi-Fi adapter.  I could not bridge Wi-Fi to LAN.  Someone gave me a tutorial but by that time I had already gotten a switch and a WAP and other problems.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Bridging to OpenVPN (tap mode) is not a recommended setup but it can generally be made to work.

                  Routed (tun mode) is the recommended way to use OpenVPN.

                  If you want to use that laptop you might try using the laptop NIC on the LAN side with the bridge and the USB NIC as the WAN.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • P
                    pffffSensing-N00b-3485901
                    last edited by

                    OK, I just checked the OpenVPN adapter.  It's set up to use tun mode.  I guess I interpreted something wrong.  See my edits to the previous post about the bridge being leftovers from trying to get the Wi-Fi working.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      If the bridge is unnecessary delete it and assign LAN directly to the USB NIC in Interfaces (assign).

                      If you can get into pfSense on WAN, do it from there so you don't lock yourself out.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.