pfsense issues with Vodafone Gigabox (Ireland)
-
After a long break I decided to give pfsense a run again as my main firewall.
I connected it to my Vodafone Gigabox (VDSL) and it got an IP, but after about 30 seconds the Gigabox locked up and the gateway monitor on pfsense reported it as being unreacahable.
I rebooted the Gigabox and again the same thing happened. pfsense got an IP but less than a minute later the Gigabox locked up. I had previously used pfsense on this hardware with my old provider (SKY VDSL) and never had issue.
Steps taken:
Connected pfsense and a pc to the vodafone box, both got IP but the Gigabox locked up.
Connected just a PC and rebooted the gigabox and the PC got an IP and worked normally. Rebooted the gigabox and tried with a mikrotik router attached and it got IP and the Gigabox did not lock up.
Connected my switch to the gigabox and every device got an IP and it worked normally, connected the pfsense box in via the same switch and the gigabox locked up.
I set the IP address that was being assigned to pfsense in the DMZ so the firewall was bypassed, same issue.Something tells me there is something happening communication wise that is causeing the Gigabox to lock up.
I tried to get access to the logs on the Vodafone Gigabox but they are reset after each reboot and the closest I got was seeing something about UDP broadcast coming from pfsense before the box locked up again and I had to reboot.
I do not want to put the Gigabox into bridge mode as I will loose access to my VoIP and TV services. I can live with Double NAT if needs be.
Any ideas or suggestions?
I did see another post on here from 22 days ago about the same box and pfsense but that appeared to be DNS related.
-
@feighery said in pfsense issues with Vodafone Gigabox (Ireland):
I do not want to put the Gigabox into bridge mode as I will loose access to my VoIP and TV services. I can live with Double NAT if needs be.
Normally, the modem is placed in bridge mode though. So, when you attaches the Mikrotik, that's not is bridge mode? If it works with the Mikrotik, why not use it like that and connect the pfSense to the Mikrotik since you don't mind double NAT?
-
I cant place the modem in bridge mode though as the house phone connections and TV connections are via this modem and they do not work down stream from the modem if its in bridge mode. I contemplated moving the phones to a different voip provider but I have to pay line rental so I would be paying twice for the same thing. This setup worked fine with a Mikrotik in situ where the pfsense is in the drawing but its an old RB750 that is not as reliable as it once was.
I put a drawing of my intended setup below.
I live remotly and my internet can be unreliable so I have a backup wireless connection that I want to use the pfsense to fail over onto if needed.
-
Define 'locked up' here? It stops responding completely?
It's hard to imagine what pfSense could be doing that could cause anything like that. It certainly shouldn't be possible to do it.
If it was introducing a loop of some sort I'd expect to lose connection almost immediately.
It's possible it's triggering STP somehow and getting blocked but that wouldn't stop another client connected still working.
I assume the Gigabox has multiple LAN ports with a built in switch. I you have pfSense and another device connected there can they still communicate after the Gigabox 'locks up'?
Steve
-
@stephenw10
The Gigbox completly stops responding, none of the Ethernet ports work and anything connected to them looses connection to the internet and the management interface of the box. I can see by the blinking lights on the front that DSL is still connected and operating along with the voice, but anything on the ethernet side stops working.I though it might be STP but I tried it with just pfsense connected and my pc connected to pfsense so no possible loop. I figure this is something with the gigabox but since I cannot get the logs and there is no remote logging option on it to push the logs anywhere else to read I am kinda stuck. The vodafone forms are a simple, 'we dont support anything outside of the gigabox' as the answer but considering this same setup worked fine with my previous Sky VDSL Router, my third part netgear VDLS router, the common finger to point is at the vodafone gigabox. The problem here is that it does work fine with other devices so there is something being generated by the pfsense on that interface that is causing the device to lock up.
I posted here in the hope that someone might have a quick solution as every time I test this I interrupt the internet at home and im fast becoming unpopular with the kids.
If I get time I will setup a traffic capture using wireshark between the two and post results.
-
@feighery said in pfsense issues with Vodafone Gigabox (Ireland):
anything on the ethernet side stops working.
Does that include traffic between the ports on the Gigabox?
Because if it does that's really solidly locked up! Like more like a power issue.Does it include any sort of PoE?
What exactly is the pfSense hardware?
Though testing with another switch in between should remove that as a possibility.
Steve
-
@stephenw10
The pfSense hardware is a Watchguard XTM 5. Old but I have found it to be super reliable.I have not tested to see if anything can communicate between the switch points on the Gigabox but I will try this the next time I interrupt the connection to test.
There is no POE ports on the Gigabox but I have used it all 4 copper ports connected without issue in the past.
For me, its like something in BPDU frames is detected and the ports shut down but ports to other devices also shut down so I ruled this out. Plus I tried with a single connection so no loop was possible.
I think though it might be some sort of flood protection but when the firewall was bypassed it still happened.
-
Hmm, well that's pretty vanilla hardware. Do you have WAN just using one of the em ports dircetly? No bridges or laggs configured?
Have you tested using the fxp port as WAN?
Steve
