Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Log action is unkn(11)

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a.lefebvre
      last edited by

      Hi, i'm having a weird issue with a pfsense since yesterday.

      I could not connect one of my remote site using RDP, any protocol seems to work except RDP. I tried on some server on the remote network same issue. Seems nobody edit the configuration of the firewall.

      In the firewall log I noticed this :

      Action is unkn(11)

      The action is so sudden and apply to all the server so i really think the pfsense is the problem here. the pfsense is running the following version : 2.1.5-RELEASE (amd64)

      Any idea ?

      1 Reply Last reply Reply Quote 0
      • A
        a.lefebvre
        last edited by

        More information :

        I saw this unkn(11) one time; the issue was about asymmetrical routing.

        For my actual problem i double checked, and there is no routing problem.

        Any idea ?

        1 Reply Last reply Reply Quote 0
        • A
          a.lefebvre
          last edited by

          Here is a packet trace :

          (172.20 is the local site and 192.168 is the remote site)

          Every time i tried a connection to the remote site i get a RST.

          If i try a a connection from the remote site to my site i get the same issue. The server on the remote site send me an RST packet.

          May be not a pfsense issue, someone have an idea ?

          1 Reply Last reply Reply Quote 0
          • A
            a.lefebvre
            last edited by

            Ok I ran the same test with wireshark on the remote site and that's weird. I start the connection on my site to the remote site. the following two screenshot are from the same TCP session

            From my site (172.20.70.22) :

            From remote site (192.168.4.23)

            We don't have the same thing:
            From my site perspective the remote site send the RST flag.
            From the remote site perspective, my site sent the RST flag.

            Maybe a pfsense issue after all ?

            If anyone have an idea that would be nice.

            1 Reply Last reply Reply Quote 0
            • A
              a.lefebvre
              last edited by

              I'm still struggling with that.

              Is it possible that pfSense create those RST packets and send them to both device ?

              1 Reply Last reply Reply Quote 0
              • A
                a.lefebvre
                last edited by

                Another test :

                From the remote site I tried to connect to RDP to another computer (out of the company, out of the domain) using another port.

                Same issue, i received a RST packet and the connection closed again.

                I would really appreciate any help with that.

                1 Reply Last reply Reply Quote 0
                • A
                  a.lefebvre
                  last edited by

                  Side question : the pfsense version is kinda outdated - Is that issue have been resolved by an update ?

                  Can i update it easily to the latest version using manual update (can't autoupdate from China it seems but DNS&Internet is working at)
                  Is it "safe"  (no known error?) ?

                  I just found an option in System > Advanced > System Tunables :

                  net.inet.tcp.blackhole set to 2.  Here is the description : "Drop packets to closed TCP ports without returning a RST "

                  Seems to be my issue, looks like the pfsense is closing all RDP session with a RST, is there a way to disable that "functionnality" ?

                  Thanks.

                  1 Reply Last reply Reply Quote 0
                  • A
                    a.lefebvre
                    last edited by

                    In the end pfsense start to work properly again without any modification ….........

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.