Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not pulling WAN IP and VPN no traffic after replacing bad PFSense (Protectli FW4B) hardware with new

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    1
    1
    114
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JeanClaude
      last edited by JeanClaude

      I wasn't sure where to post this, but I wanted to share an issue I recently encountered and the solution.

      Issue:

      • A recent power failure at my house, and subseqent failure of Protectli UPS, resulted in failure of my Protectly FW4B unit, which was running PFSense. I didn't have time to troubleshoot a potential hardware issue, so I ordered a new Protectli FW4B, installed PFSense, recovered from saved configurations. Everything seemed to be working as it should until I realized my BOVPN was not working (appeared connected, but no traffic). I checked the VPN config, firewall logs on both ends of VPN, and everything else I could think of, but could find no issues. It was then that I noticed the WAN address pulled into PFSense was private and not the public WAN. Ahh...that's a problem....and lead me to believe the issue was with the ATT Modem and not the Protectli (local) /Watchguard (remote) firewalls

      Solution:

      • I checked the ATT fiber modem configuration and found that the IP Pass-through function (part of DMZ-Plus) was assigned to the old Protectli unit....I assume through MAC address. I was able to re-assign the DMZ pass through to the new Protectli box, reboot everthing and then it pulled in the public WAN from the ATT modem. Then, like magic, my vpn came right back up and traffic flowed as expected.

      • I think another way to fix this would have been to spoof the old MAC by using the "MAC Address" field in the PFSense WAN interface, but I couldn't find MAC for the old Protectli, so it was easier to reassign to the new MAC within the modem.

      This took me several hours to figure out, so I'm hoping it will save someone else the time if they encounter a similar issue.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post