AirVPN installed, where to go from here? & Unknown IP being blocked



  • Hey all, I am currently running Pfsense with AirVPN. The trouble I am having is there are certian IPs that are being blocked and I am not sure how to figure out what they are attached to and what they are intended for in my network. I pinpointed a few bloatware apps and promptly uninstalled and have cleared their notifications, but now I am stuck with other messages. 192.168.1.255, and 255.255.255.255 are showing up, in fact 52%(the nifty graphs in the web interface are awesome) of the messages are just for those IPs. Various ports are being blocked… I know that the IP is associated with a sort of call all function, but I do not understand what would need to do that. If it is valid, why is it blocked?

    I am a noob, and I am running this as an educational project. So pardon my ignorance or lack of understanding.

    What other things should I look for or understand to utilize my system better.

    Specs:
    i5-4590
    4gb ram
    PFsense is installed on a USB, will change to SSD later once I have this all sorted.

    Performance is needed so I can use my VPN at full speed. The machine was also $50, so couldn't beat that. I have tried to run a VPN on a router before and my speeds went from 220mpbs, to 10.



  • I ran a packet capture, and found that my bios is trying to communicate with my network? Digging more….  :o

    My Network:
    Modem < Wifi Router < PFsense box < PC - Temp setup as I get my configuration in order, then I can connect the box to the modem.

    Packet Capture Log:
    20:10:15.716297 IP xxx.xxx.62821 > 192.168.2.255.32414: UDP, length 21
    20:10:15.716472 IP xxx.xxx.62819 > 192.168.2.255.32412: UDP, length 21
    20:10:17.713118 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:18.463478 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:19.214249 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:20.707366 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:20.725220 IP xxx.xxx.62821 > 192.168.2.255.32414: UDP, length 21
    20:10:20.725416 IP xxx.xxx.62819 > 192.168.2.255.32412: UDP, length 21
    20:10:21.457955 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:22.208890 IP xxxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:25.716189 IP xxx.xxx.62819 > 192.168.2.255.32412: UDP, length 21
    20:10:25.716313 IP xxx.xxx.62821 > 192.168.2.255.32414: UDP, length 21
    20:10:25.960875 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:26.713842 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:27.464283 IP xxx.xxx.netbios-ns > 192.168.2.255.netbios-ns: UDP, length 50
    20:10:30.715987 IP xxx.xxx.62819 > 192.168.2.255.32412: UDP, length 21
    20:10:30.716109 IP xxx.xxx.62821 > 192.168.2.255.32414: UDP, length 21



  • Third update..

    So after digging and digging and digging… I found that netbios is enabled by default, and is not a necessity. It was being blocked by the rules set through LAN. I had to change the adapter settings on my windows machine so it would stop trying to ping through LAN.



  • Another update.

    I have learned that the rules that I have set caused the block… I also learned a whole slew of other things. Firewall is working as intended, as well as VPN.

    My pfsense box is up. Modem < Pfsense < Wifi AP < Devices