Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Http traffic blocked over openvpn site to site

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 618 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rajbps
      last edited by

      Hi Team,

      I have upgraded pfsense on a site to the latest version. There is a site to site vpn and on the other side I have an intranet server. It used to work but after the upgrade it stopped. I am looking at the logs and this is what I can see. The port 80 traffic is being blocked.

      Apr 9 22:36:19 LAN 192.168.30.101:63439 192.168.31.14:80 TCP:RA

      The rule that triggered this action is:

      @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

      I cant see why that specific traffic on port 80 is being blocked as I can ping the server from a wks on the local lan. but when I open a web page it just says trying to open.

      Can anyone please advise.

      Rajbps

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        That is out-of-state traffic. It is a RST+ACK (TCP:RA)

        An actual block of traffic by a firewall rule would be a SYN, (TCP:S)

        https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

        Can't think of anything in an upgrade that would change such behavior. Generally when that happens you had something configured that shouldn't have been working in the first place and is enforced in a newer version.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • N
          newlinux
          last edited by

          I had a similar issue when upgrading to 2.4.2. I haven't solved it…

          https://forum.pfsense.org/index.php?topic=141487.msg772193

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.