4. Log action is unkn(11)

Log action is unkn(11)

  • A

    Hi, i'm having a weird issue with a pfsense since yesterday.

    I could not connect one of my remote site using RDP, any protocol seems to work except RDP. I tried on some server on the remote network same issue. Seems nobody edit the configuration of the firewall.

    In the firewall log I noticed this :

    Action is unkn(11)

    The action is so sudden and apply to all the server so i really think the pfsense is the problem here. the pfsense is running the following version : 2.1.5-RELEASE (amd64)

    Any idea ?

    0
  • A

    More information :

    I saw this unkn(11) one time; the issue was about asymmetrical routing.

    For my actual problem i double checked, and there is no routing problem.

    Any idea ?

    0
  • A

    Here is a packet trace :

    (172.20 is the local site and 192.168 is the remote site)

    Every time i tried a connection to the remote site i get a RST.

    If i try a a connection from the remote site to my site i get the same issue. The server on the remote site send me an RST packet.

    May be not a pfsense issue, someone have an idea ?

    0
  • A

    Ok I ran the same test with wireshark on the remote site and that's weird. I start the connection on my site to the remote site. the following two screenshot are from the same TCP session

    From my site (172.20.70.22) :

    From remote site (192.168.4.23)

    We don't have the same thing:
    From my site perspective the remote site send the RST flag.
    From the remote site perspective, my site sent the RST flag.

    Maybe a pfsense issue after all ?

    If anyone have an idea that would be nice.

    0
  • A

    I'm still struggling with that.

    Is it possible that pfSense create those RST packets and send them to both device ?

    0
  • A

    Another test :

    From the remote site I tried to connect to RDP to another computer (out of the company, out of the domain) using another port.

    Same issue, i received a RST packet and the connection closed again.

    I would really appreciate any help with that.

    0
  • A

    Side question : the pfsense version is kinda outdated - Is that issue have been resolved by an update ?

    Can i update it easily to the latest version using manual update (can't autoupdate from China it seems but DNS&Internet is working at)
    Is it "safe"  (no known error?) ?

    I just found an option in System > Advanced > System Tunables :

    net.inet.tcp.blackhole set to 2.  Here is the description : "Drop packets to closed TCP ports without returning a RST "

    Seems to be my issue, looks like the pfsense is closing all RDP session with a RST, is there a way to disable that "functionnality" ?

    Thanks.

    0
  • A

    In the end pfsense start to work properly again without any modification ….........

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy