Wierd Behaviour since updating to Aug 25+ snapshots.



  • I don't typically update my pfsense 2.0 once it's working perfectly, but I figure I'd give the latest BETA4 snapshots a try (I was running on BETA2).  No problems during update, nothing unusual happening with the GUI, and everything looks like fine.  Were the weirdness comes in is after a little while I can't access a specific IP through the router (my buddy's public facing IP).  There are couple of things happening between us.  Let me run down the setup first and then I'll explain what stops working and what keeps working.  First there is an IPSec vpn setup between us, which has been functioning perfectly for years even after switching to pfsense 2.0.  Second there is a private virtual network inside his network which establishes an OpenVPN connection to me (a pfsense 2.0 virtual machine) which has also been working perfectly for years (it used to be smoothwall, then endian, before moving to pfsense 6 months or more ago).  And finally he has an Exchange server hosted on his public IP that I connect to with Outlook.  When my pfsense at home first comes up after boot, all of these things work perfect as they always have.  After a little while though I can no longer connect my Outlook, and I can no longer ping his his public IP.  Our IPSec vpn also goes down because his public IP cannot be contacted.  However the OpenVPN connection still connects from him to me and I can ping over that tunnel just fine still.  If I reboot my pfsense everything starts working again for a little while.  I honestly haven't done much testing or looking around to see what is going on, but I know that it is just his public IP that I lose the ability to talk to but he can still talk to me.  For now I'm downgrading to an earlier snapshot (July 16th) to see if the problem persist.  I haven't been able to reproduce the problem on demand unfortunately so I was wonder if anyone else is see this issue at all.

    Sorry for the long post.



  • Oh I'm running the i386 snapshots.



  • Definitely not a general problem. You'll need to trace the traffic with packet captures, make sure it's getting to the LAN side, make sure it's leaving the WAN side (or see where it isn't entering/leaving).


Log in to reply