Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfs 2.3.1.1 not forwarding traffic when lan is down, 2.2.6 works fine

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 862 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fentech
      last edited by

      I've got two boxes, one unfortunately very remote in Germany.  One box is running 2.2.6 here in the office and one is running 2.3.1.1.

      The hardware is identical, 3 gig-e ports and a wifi adaptor.  The config was backed up from the 2.2.6 box in the office and uploaded to the 2.3.1 box in Germany.  The lan ip address was changed to remove conflicts.

      Both boxes connect into the office firewall (pfsense too) via OpenVPN.  Because we're basically using the boxes to connect our office to some WiFi gadgets remotely, the boxes don't have anything plugged into their LAN ports, only the WAN port is connected.  When the boxes wake up, they establish the VPN connection back to the office.

      The wifi interface and the lan interface are bridged as per the usual instructions.

      Now for the issue.  On the 2.2.6 box, I can ping the WiFi gadget just fine.  I can also communicate with it over TCP just fine.  On the 2.3.1 box, running the same configuration, the PING is rejected (Network unreachable) and no TCP comms is possible.

      I've been through the settings a number of times today and I am getting nowhere fast.  I have been using pfsense for many years so I am not exactly a novice, but something hidden appears to have changed which is causing this problem.

      What is really confusing me is that the 2.2.6 box in the office which is running with the same configuration is working fine.

      Anyone know why this might be the case, or what to try?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Sounds like an issue on my list to track down with if_bridge. Guessing your bridge has a member NIC that's down, and it's the first member of the bridge? Traffic coming in over OpenVPN in that case results in an unreachable. Only workaround I'm aware of at the moment is to remove the down interface(s) from the bridge.

        1 Reply Last reply Reply Quote 0
        • F
          fentech
          last edited by

          Thanks for the reply, sorry been on holiday hence the delay.

          The bridge is used to join the WiFi adaptor to the LAN, so I guess it should be possible to remove.  I was considering even simpler solution though, such as plugging something into the LAN port, maybe just a cable from one of the spare ports on the box!

          I assume this is an issue introduced by 2.3 and thus quite high on your list of things to fix ?  ;)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.