WAN goes offline intermittently due to Android phone running Tor Orbot

  • Hi,

    Every time a user on my small office network use the Tor Orbot proxy app on his Android phone, my WAN goes offline intermittently and I can't reach pfSense through the web interface. When he closes the app, everything works fine again.

    Here's what I see in the logs when it happens. This message repeats itself once every second until the Tor Orbot app is closed.

    kernel: arp: xx:xx:xx:xx:xx:xx is using my IP address on em1!
 is the LAN gateway IP address of my firewall. xx:xx:xx:xx:xx:xx is MAC address of the phone. I have given the Android phone's MAC address a static DHCP lease, but it still tries to use the gateway IP. What can I do to prevent the phone/app from attempting to use the LAN gateway IP address?

    I am using pfSense 2.0.1-RELEASE on a Hacom Mars II pfSense 1U Server (2GB DDR3 SO-DIMM, 2GB SATA DOM storage).

  • Hi,

    What about a firewall rule specially created for this device  ?

    I am using pfSense 2.0.1-RELEASE

    Can you publish a photo, please ?
    We have a photo of this "Windows 98 PC" up and running, but "pfSense 2.0.1" is missing in our collection  ;)

  • @Gertjan:

    Can you publish a photo, please ?

    Done :) (see the above attachment)

  • Would this work for the firewall rule?

    I have a static DHCP lease for the device's address assigned to I am blocking any traffic from that IP to the LAN address.

  • If your intention is to stop that device from reaching the internet, you need to move that rule to the WAN tab and change the dest. to "Any"

    As it is that rule will never match anything as pfSense doesn't need to be involved in LAN-LAN traffic.

  • Ok, thanks. I don't need to block the device from using the internet.

    I need to prevent it from using my pfSense firewall's IP address of

    I believe Tor Orbot creates a VPN, but I don't know much else about the app.

    Though if I can't do anything else, I suppose blocking the device from the internet will be the best bet.

  • Well in that case, leave your rule on the LAN Tab and change the destination to  If you really want to block it from everything, change the destination to "any".

    That'll block the device from talking to pfSense at all.
    It will still be able to talk to other devices on your network and/or flood your LAN with requests.
    Those don't go through pfSense at all, just your switch or AP.

  • That's a question for an Android forum. The phone is causing an IP conflict on your gateway IP, there is nothing you can do at the firewall level to stop that from happening. There must be some kind of IP configuration in the Orbot app that's set to use that IP, or else somewhere else on that phone. Even if you block the phone from reaching the Internet, that won't stop the IP conflict it's creating from breaking everything else on your LAN.

  • Thanks everyone. I have successfully blocked the device using a MAC address filter on my wireless APs so that the phone can't even even to the wifi network. This keeps the network stable when the employee comes in the the office and forgets to turn off the wifi or tor orbot app on his phone.

    The only other options I can think of are to A.) change the IP configuration on the Orbot app or B.) Change my pfSense IP.

    I will continue looking on Android and Tor forums for more info.