Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfflowd report Netflow info with old IP Address

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thuynh
      last edited by

      Hi all,

      I configured Ntop server as a netflow collector for 40+ pfsense. Pfflowd reports netflow traffic to Ntop server via openVPN connection. Everything work quite well. However, when the openVPN connection is reset and new IP Address is assigned. Pfflowd stop send flow packages back to Ntop. I used tcpdump to debug netflow traffic and found out an interesting problem: The netflow traffic source address still uses the old IP Address of OpenVPN interface instead of the new IP Address. I have to restart Pfflowd service on the pfsense to correct this error. For more information please see the output of commands that I used to debug below. Commands are run on pfsense that Pfflowd was installed.

      #ifconfig

      tun1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
             inet6 fe80::230:18ff:fea6:6034%tun1 prefixlen 64 scopeid 0xd
             inet 10.10.12.98 –> 10.10.12.97 netmask 0xffffffff
             Opened by PID 435

      #tcpdump -i tun1 -vv udp dst port 2055

      08:17:28.127720 IP (tos 0x0, ttl 64, id 21429, offset 0, flags [none], proto UDP (17), length 100) 10.10.12.170.5450 > 172.21.0.239.2055: UDP, length 72
      08:17:28.128061 IP (tos 0x0, ttl 64, id 18429, offset 0, flags [none], proto UDP (17), length 100) 10.10.12.170.5450 > 172.21.0.239.2055: UDP, length 72
      08:17:28.128093 IP (tos 0x0, ttl 64, id 51635, offset 0, flags [none], proto UDP (17), length 100) 10.10.12.170.5450 > 172.21.0.239.2055: UDP, length 72

      #restart Pfflowd service using pfsene web UI
      #tcpdump -i tun1 -vv udp dst port 2055
      07:47:20.518556 IP (tos 0x0, ttl 64, id 5784, offset 0, flags [none], proto UDP (17), length 148) 10.10.12.98.22828 > 172.21.0.239.2055: UDP, length 120
      07:47:21.959823 IP (tos 0x0, ttl 64, id 24050, offset 0, flags [none], proto UDP (17), length 148) 10.10.12.98.22828 > 172.21.0.239.2055: UDP, length 120
      07:47:23.717304 IP (tos 0x0, ttl 64, id 947, offset 0, flags [none], proto UDP (17), length 148) 10.10.12.98.22828 > 172.21.0.239.2055: UDP, length 120

      You can see that the new IP Address of OpenVPN interface is 10.10.12.98. But the follow traffic source address is 10.10.12.170 (I guess it is the previous IP). After restart Pfflowd  service, the source address is changed to 10.10.12.98 and evrything work well again.

      Any ideas to fix this problem?

      Thanks,
      Tuong</up,pointopoint,running,multicast>

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        OpenVPN supports static IPs based on login/mac, why not use static IPs?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.