Strange problem, no internet yet outbound vpn connection working
-
I had a strange problem yesterday that still has me scratching my head. My wife works from home and called yesterday to tell me she couldn't get on her office vpn. I'm working 40 miles away so I tell her to reboot the dsl modem as a first step and this seemed to fix the problem. A few minutes later she calls back to say the internet connection is down again. Rebooting the dsl modem allows the connection to work for about 3-5 minutes and then it goes down again. As a last resort before I drive home I tell her to reboot the pfsense box and this allows the connection to work for a few minutes before it's down again.
I drive home to see what I can do. If I reboot the dsl modem or disconnect/reconnect the WAN interface the system will be fine for a few minutes and then pfsense will show the gateway as offine. While it's down I can't ping anything on the internet by dns name or ip address. I logged into the dsl modem, which is in transparent bridge mode, and the entire time it's showing that it's connected to the internet. I have a backup dsl modem and swap it in and see the same problems, pfsense sees the internet connection going down after a few minutes while the modem seems to stay connected.
At this point I take one of the modems out of bridge mode and connect my main switch to the modem, bypassing pfsense completely, and the connection stays up and works fine for 30 minutes or so. I plug pfsense back into the bridged modem and it loses the connection after a few minutes. While pfsense was connected to the internet I looged into my company vpn and was checking emails. Even after pfsense was showing the connection was down and I couldn't ping internet sites by dns name or ip address I was still connected to the vpn at my office and continued to work for a few hours. This entire time pfsense was showing the gateway as offline and I couldn't initiate any new connections, yet my vpn connection continued to work.
This was with the 64bit pfsense v2.1.5 installed on a mini itx Atom machine and an Actiontec Q1000 modem. This configuration has been running for about a year with no issues and there have been no recent changes.
The only way I could get the connection to stay stable and keep pfsense in the mix was to revert an SSD drive I was using before I updated from pfsense v2.1.4 to v2.1.5 a little over a month ago. Instead of upgrading at the time I just reinstalled from scratch to a new drive and restored the config, figuring it never hurts to have a fallback.
If anyone has any suggestions as to what may have caused this I'd be curious to know. Connecting my home network directly to the dsl modem did solve the issue, but there's no way I'd want to live without pfsense as my router.
edit: I should have mentioned that the vpn connections are outbound using Cisco's vpn client, we're not using the pfsense vpn capabilities at all.
-
Note to self, when you think you've checked everything make sure that Snort is not blocking access to your gateway :o