Pfs 126.96.36.199 not forwarding traffic when lan is down, 2.2.6 works fine
fentech last edited by
I've got two boxes, one unfortunately very remote in Germany. One box is running 2.2.6 here in the office and one is running 188.8.131.52.
The hardware is identical, 3 gig-e ports and a wifi adaptor. The config was backed up from the 2.2.6 box in the office and uploaded to the 2.3.1 box in Germany. The lan ip address was changed to remove conflicts.
Both boxes connect into the office firewall (pfsense too) via OpenVPN. Because we're basically using the boxes to connect our office to some WiFi gadgets remotely, the boxes don't have anything plugged into their LAN ports, only the WAN port is connected. When the boxes wake up, they establish the VPN connection back to the office.
The wifi interface and the lan interface are bridged as per the usual instructions.
Now for the issue. On the 2.2.6 box, I can ping the WiFi gadget just fine. I can also communicate with it over TCP just fine. On the 2.3.1 box, running the same configuration, the PING is rejected (Network unreachable) and no TCP comms is possible.
I've been through the settings a number of times today and I am getting nowhere fast. I have been using pfsense for many years so I am not exactly a novice, but something hidden appears to have changed which is causing this problem.
What is really confusing me is that the 2.2.6 box in the office which is running with the same configuration is working fine.
Anyone know why this might be the case, or what to try?
cmb last edited by
Sounds like an issue on my list to track down with if_bridge. Guessing your bridge has a member NIC that's down, and it's the first member of the bridge? Traffic coming in over OpenVPN in that case results in an unreachable. Only workaround I'm aware of at the moment is to remove the down interface(s) from the bridge.
fentech last edited by
Thanks for the reply, sorry been on holiday hence the delay.
The bridge is used to join the WiFi adaptor to the LAN, so I guess it should be possible to remove. I was considering even simpler solution though, such as plugging something into the LAN port, maybe just a cable from one of the spare ports on the box!
I assume this is an issue introduced by 2.3 and thus quite high on your list of things to fix ? ;)