WAN does not connect | how to debug? [solved]
-
I installed pfsense on a WRAP board. After running the config wizard the WAN connection came up, but droped only after a few seconds. No matter how often I press the button "connect", the connections stays down (status: up, connection: down). If I restore the default settings and run the wizard again, it works again for a few seconds again.
Are there any log file which could give me a hint, why the connections fails?
-
Are there any log file which could give me a hint, why the connections fails?
From the web GUI: Status -> System Logs, click on the tab corresponding to the log file of interest.
-
From the web GUI: Status -> System Logs, click on the tab corresponding to the log file of interest.
Not too much information there. "Getting Link up … link down... pausing... Getting Link up ..."
Is there a way to increase the log level?
-
What version (number) of pfSense? Does the network cable (and connection) work in another computer? What happens if you try swapping over the ports you're using for WAN and LAN?
-
I used "pfSense-1.2.3-RELEASE-4g-nanobsd_WRAP.img.gz" from https://home.zhaw.ch/~maym/.
I tried three different Cables, all working with my old router - which I have to use right now, because pfsense does not connect ;)
It does not seem to me, that there is someting wrong with the hardware, because the "green lights" are burning and, as I said, after a factory reset the Connection comes up - for one time. I think the connection is rejected (by the ISP?) for any reason. Therefore I am searching for the logfiles… ;)
But of course I will rule that possibility out, and try with switched ports...
-
Did you power off the ISP provided device before connecting pfSense?
-
I just powered off the DSL Modem, disconnected all cables, restartet pfsense, connected the cables, powered on the DSL modem. Nothing happend:
tail /var/log/system.log
Jan 4 18:02:06 pfSense mpd: [pppoe] device: DOWN event in state OPENING
Jan 4 18:02:06 pfSense mpd: [pppoe] device is now in state DOWN
Jan 4 18:02:06 pfSense mpd: [pppoe] link: DOWN event
Jan 4 18:02:06 pfSense mpd: [pppoe] LCP: Down event
Jan 4 18:02:06 pfSense mpd: [pppoe] device: OPEN event in state DOWN
Jan 4 18:02:06 pfSense mpd: [pppoe] pausing 6 seconds before open
Jan 4 18:02:06 pfSense mpd: [pppoe] device is now in state DOWN
Jan 4 18:02:12 pfSense mpd: [pppoe] device: OPEN event in state DOWN
Jan 4 18:02:12 pfSense mpd: [pppoe] device is now in state OPENINGDiagnostics, Interfaces, WAN:
Status: up
PPPoE: down
MAC address: 00:0d:b9:02:13:1e
Media: 100baseTX <full-duplex>In/out packets 0/162 (0 bytes/6 KB)
In/out errors 0/0
Collisions 0I switched sis0 and sis1, sis0 and sis2, sis1 and sis2, no change at all….</full-duplex>
-
Looks like you're losing Ethernet link on WAN, check your cables, and see if link is actually cycling.
-
I used the same cables with my old router and everything works finde, I switch back to pfsense and the connections stay down…
-
Your WAN link should be PPP and not DHCP? The packet count you displayed in an earlier reply suggests whatever is on the other end of the WAN link is either not seeing the packets from pfSense or ignoring them.
Another possibility that occurred to me: the WRAP is now a quite old board. Perhaps the NICs need a cross over cable to connect to another NIC.
-
Took one step forward, thanks a lot so far. Using a crossover cabel did make some difference, the WAN interface now comes up and stays up.
but I am not able to access any internet address. Neither any clients nor pfsense itself gets a connection to any address outside the local network. I restored the default settings oncee again:
firewall rule:
- LAN net * * * * Default LAN -> any
traceroute to pfsense.org from the firewall (pfsense) seems to work:
1 * 188.98.224.1 (188.98.224.1) 15.357 ms 15.421 ms
2 88.79.12.201 (88.79.12.201) 38.922 ms * 15.955 ms
3 92.79.212.105 (92.79.212.105) 18.843 ms 17.985 ms *
4 * 145.254.16.78 (145.254.16.78) 28.870 ms 28.885 ms
(…)but neither a client nor the firewall itself gets access to any internet address
I tried "system" | "packages" and get the error message: no connection
I checked "status" | "interface" once again, WAN is still up:
Status up
PPPoE up
MAC address 00:0d:b9:02:13:1d
IP address XX.69.69.96
Subnet mask 255.255.255.255
Gateway XX.69.64.1
ISP DNS servers 195.50.140.178
195.50.140.114the clients can resolve any internet address
nslookup pfsense.org
Server: firewall.local
Address: 10.18.0.1Name: pfsense.org
Address: 69.64.6.21but they are not able to access the site.
Did I miss something about the default firewall rules?
-
If you can traceroute to pfsense.org then you know that DNS is working (otherwise you wouldn't be able to resolve pfsense.org to an IP) and that you have an IP address, and that you have connectivity. I'd look now at your firewall rules, ensuring that you actually allow traffic.
-
I am not sure wether I am missunderstanding someting. I did not add any firewall rule by myself. I thought the default rule
- LAN net * * * * Default LAN -> any
allows any client from the local net to access any interface and that masquerading is enabled by default…..?
I activated logging for the default rule and the system logs show, that the client should have access to the internet
|> Jan 8 09:20:39 LAN 192.168.1.199:52203 66.220.145.37:80 TCP:SBut in fact, no internet seite whatsoever can be opened by any client....
the systemlogs shows entries like:
Jan 8 10:01:13 firewall mpd: [pppoe] IPCP: rec'd Code Reject #130 link 0 (Opened)
Jan 8 10:01:13 firewall mpd: [pppoe] IPCP: code 69 was rejected
Jan 8 10:00:47 firewall check_reload_status: reloading filter
Jan 8 10:03:36 firewall mpd: [pppoe] IPCP: rec'd Code Reject #131 link 0 (Opened)
Jan 8 10:03:36 firewall mpd: [pppoe] IPCP: code 69 was rejected
Jan 8 10:04:55 firewall mpd: [pppoe] LCP: rec'd Protocol Reject #228 link 0 (Opened)
Jan 8 10:04:55 firewall mpd: [pppoe] LCP: protocol 0xf021 was rejectedDoes this have something to do with it?
-
Possibly, though I don't use PPPoE so I don't know what those messages mean.
-
After several days I "solved" the problem:
Either pfsense or the WRAP board is very sensible about long cables (My old router - linksys WRT54GL - worked with the same configuration perfectly).
| telephone socket – 1m cable -- Modem -- 20m cable -- WRAP board
does not work properly. In my case the connection came up, but pfsense was not routing any traffic (do not ask me why).
| telephone socket -- 20m cable -- Modem -- 1m cable -- WRAP board works smoothly.
Just in case someone has the same problem...