Log action is unkn(11)
Hi, i'm having a weird issue with a pfsense since yesterday.
I could not connect one of my remote site using RDP, any protocol seems to work except RDP. I tried on some server on the remote network same issue. Seems nobody edit the configuration of the firewall.
In the firewall log I noticed this :
Action is unkn(11)
The action is so sudden and apply to all the server so i really think the pfsense is the problem here. the pfsense is running the following version : 2.1.5-RELEASE (amd64)
Any idea ?
More information :
I saw this unkn(11) one time; the issue was about asymmetrical routing.
For my actual problem i double checked, and there is no routing problem.
Any idea ?
Here is a packet trace :
(172.20 is the local site and 192.168 is the remote site)
Every time i tried a connection to the remote site i get a RST.
If i try a a connection from the remote site to my site i get the same issue. The server on the remote site send me an RST packet.
May be not a pfsense issue, someone have an idea ?
Ok I ran the same test with wireshark on the remote site and that's weird. I start the connection on my site to the remote site. the following two screenshot are from the same TCP session
From my site (172.20.70.22) :
From remote site (192.168.4.23)
We don't have the same thing:
From my site perspective the remote site send the RST flag.
From the remote site perspective, my site sent the RST flag.
Maybe a pfsense issue after all ?
If anyone have an idea that would be nice.
I'm still struggling with that.
Is it possible that pfSense create those RST packets and send them to both device ?
Another test :
From the remote site I tried to connect to RDP to another computer (out of the company, out of the domain) using another port.
Same issue, i received a RST packet and the connection closed again.
I would really appreciate any help with that.
Side question : the pfsense version is kinda outdated - Is that issue have been resolved by an update ?
Can i update it easily to the latest version using manual update (can't autoupdate from China it seems but DNS&Internet is working at)
Is it "safe" (no known error?) ?
I just found an option in System > Advanced > System Tunables :
net.inet.tcp.blackhole set to 2. Here is the description : "Drop packets to closed TCP ports without returning a RST "
Seems to be my issue, looks like the pfsense is closing all RDP session with a RST, is there a way to disable that "functionnality" ?
In the end pfsense start to work properly again without any modification ….........