Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Http traffic blocked over openvpn site to site

    Installation and Upgrades
    3
    3
    215
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rajbps last edited by

      Hi Team,

      I have upgraded pfsense on a site to the latest version. There is a site to site vpn and on the other side I have an intranet server. It used to work but after the upgrade it stopped. I am looking at the logs and this is what I can see. The port 80 traffic is being blocked.

      Apr 9 22:36:19 LAN 192.168.30.101:63439 192.168.31.14:80 TCP:RA

      The rule that triggered this action is:

      @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

      I cant see why that specific traffic on port 80 is being blocked as I can ping the server from a wks on the local lan. but when I open a web page it just says trying to open.

      Can anyone please advise.

      Rajbps

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        That is out-of-state traffic. It is a RST+ACK (TCP:RA)

        An actual block of traffic by a firewall rule would be a SYN, (TCP:S)

        https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

        Can't think of anything in an upgrade that would change such behavior. Generally when that happens you had something configured that shouldn't have been working in the first place and is enforced in a newer version.

        1 Reply Last reply Reply Quote 0
        • N
          newlinux last edited by

          I had a similar issue when upgrading to 2.4.2. I haven't solved it…

          https://forum.pfsense.org/index.php?topic=141487.msg772193

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy