4. WAN does not connect | how to debug? [solved]

WAN does not connect | how to debug? [solved]

  • M

    I installed pfsense on a WRAP board. After running the config wizard the WAN connection came up, but droped only after a few seconds. No matter how often I press the button "connect", the connections stays down (status: up, connection: down). If I restore the default settings and run the wizard again, it works again for a few seconds again.

    Are there any log file which could give me a hint, why the connections fails?

    0
  • W

    @meymona:

    Are there any log file which could give me a hint, why the connections fails?

    From the web GUI: Status -> System Logs, click on the tab corresponding to the log file of interest.

    0
  • M

    @wallabybob:

    From the web GUI: Status -> System Logs, click on the tab corresponding to the log file of interest.

    Not too much information there. "Getting Link up … link down... pausing... Getting Link up ..."

    Is there a way to increase the log level?

    0
  • C

    What version (number) of pfSense? Does the network cable (and connection) work in another computer? What happens if you try swapping over the ports you're using for WAN and LAN?

    0
  • M

    I used "pfSense-1.2.3-RELEASE-4g-nanobsd_WRAP.img.gz" from https://home.zhaw.ch/~maym/.

    I tried three different Cables, all working with my old router - which I have to use right now, because pfsense does not connect ;)

    It does not seem to me, that there is someting wrong with the hardware, because the "green lights" are burning and, as I said, after a factory reset the Connection comes up - for one time. I think the connection is rejected (by the ISP?) for any reason. Therefore I am searching for the logfiles… ;)

    But of course I will rule that possibility out, and try with switched ports...

    0
  • C

    Did you power off the ISP provided device before connecting pfSense?

    0
  • M

    I just powered off the DSL Modem, disconnected all cables, restartet pfsense, connected the cables, powered on the DSL modem. Nothing happend:

    tail /var/log/system.log
    Jan  4 18:02:06 pfSense mpd: [pppoe] device: DOWN event in state OPENING
    Jan  4 18:02:06 pfSense mpd: [pppoe] device is now in state DOWN
    Jan  4 18:02:06 pfSense mpd: [pppoe] link: DOWN event
    Jan  4 18:02:06 pfSense mpd: [pppoe] LCP: Down event
    Jan  4 18:02:06 pfSense mpd: [pppoe] device: OPEN event in state DOWN
    Jan  4 18:02:06 pfSense mpd: [pppoe] pausing 6 seconds before open
    Jan  4 18:02:06 pfSense mpd: [pppoe] device is now in state DOWN
    Jan  4 18:02:12 pfSense mpd: [pppoe] device: OPEN event in state DOWN
    Jan  4 18:02:12 pfSense mpd: [pppoe] device is now in state OPENING

    Diagnostics, Interfaces, WAN:

    Status: up
    PPPoE: down 
    MAC address: 00:0d:b9:02:13:1e
    Media: 100baseTX <full-duplex>In/out packets 0/162 (0 bytes/6 KB)
    In/out errors 0/0
    Collisions 0

    I switched sis0 and sis1, sis0 and sis2, sis1 and sis2, no change at all….</full-duplex>

    0
  • C

    Looks like you're losing Ethernet link on WAN, check your cables, and see if link is actually cycling.

    0
  • M

    I used the same cables with my old router and everything works finde, I switch back to pfsense and the connections stay down…

    0
  • W

    Your WAN link should be PPP and not DHCP? The packet count you displayed in an earlier reply suggests whatever is on the other end of the WAN link is either not seeing the packets from pfSense or ignoring them.

    Another possibility that occurred to me: the WRAP is now a quite old board. Perhaps the NICs need a cross over cable to connect to another NIC.

    0
  • M

    Took one step forward, thanks a lot so far. Using a crossover cabel did make some difference, the WAN interface now comes up and stays up.

    but I am not able to access any internet address. Neither any clients nor pfsense itself gets a connection to any address outside the local network. I restored the default settings oncee again:

    firewall rule:

    • LAN net * * * *   Default LAN -> any

    traceroute to pfsense.org from the firewall (pfsense) seems to work:
    1  * 188.98.224.1 (188.98.224.1)  15.357 ms  15.421 ms
    2  88.79.12.201 (88.79.12.201)  38.922 ms *  15.955 ms
    3  92.79.212.105 (92.79.212.105)  18.843 ms  17.985 ms *
    4  * 145.254.16.78 (145.254.16.78)  28.870 ms  28.885 ms
    (…)

    but neither a client nor the firewall itself gets access to any internet address

    I tried "system" | "packages" and get the error message: no connection

    I checked "status" | "interface" once again, WAN is still up:

    Status up
    PPPoE up 
    MAC address 00:0d:b9:02:13:1d
    IP address XX.69.69.96 
    Subnet mask 255.255.255.255
    Gateway XX.69.64.1
    ISP DNS servers 195.50.140.178
    195.50.140.114

    the clients can resolve any internet address
    nslookup pfsense.org
    Server:  firewall.local
    Address:  10.18.0.1

    Name:    pfsense.org
    Address:  69.64.6.21

    but they are not able to access the site.

    Did I miss something about the default firewall rules?

    0
  • C

    If you can traceroute to pfsense.org then you know that DNS is working (otherwise you wouldn't be able to resolve pfsense.org to an IP) and that you have an IP address, and that you have connectivity. I'd look now at your firewall rules, ensuring that you actually allow traffic.

    0
  • M

    I am not sure wether I am missunderstanding someting. I did not add any firewall rule by myself. I thought the default rule

    • LAN net    *    *    *    *         Default LAN -> any

    allows any client from the local net to access any interface and that masquerading is enabled by default…..?

    I activated logging for the default rule and the system logs show, that the client should have access to the internet
    |> Jan 8 09:20:39 LAN 192.168.1.199:52203 66.220.145.37:80 TCP:S

    But in fact, no internet seite whatsoever can be opened by any client....

    the systemlogs shows entries like:
    Jan  8 10:01:13 firewall mpd: [pppoe] IPCP: rec'd Code Reject #130 link 0 (Opened)
    Jan  8 10:01:13 firewall mpd: [pppoe] IPCP: code 69 was rejected
    Jan  8 10:00:47 firewall check_reload_status: reloading filter
    Jan  8 10:03:36 firewall mpd: [pppoe] IPCP: rec'd Code Reject #131 link 0 (Opened)
    Jan  8 10:03:36 firewall mpd: [pppoe] IPCP: code 69 was rejected
    Jan  8 10:04:55 firewall mpd: [pppoe] LCP: rec'd Protocol Reject #228 link 0 (Opened)
    Jan  8 10:04:55 firewall mpd: [pppoe] LCP: protocol 0xf021 was rejected

    Does this have something to do with it?

    0
  • C

    Possibly, though I don't use PPPoE so I don't know what those messages mean.

    0
  • M

    After several days I "solved" the problem:

    Either pfsense or the WRAP board is very sensible about long cables (My old router - linksys WRT54GL - worked with the same configuration perfectly).

    | telephone socket – 1m cable -- Modem -- 20m cable -- WRAP board

    does not work properly. In my case the connection came up, but pfsense was not routing any traffic (do not ask me why).

    | telephone socket -- 20m cable -- Modem -- 1m cable -- WRAP board works smoothly.

    Just in case someone has the same problem...

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy