Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shew soft + Windows 7 Ipsec to pfSense 2.15 box

    Scheduled Pinned Locked Moved IPsec
    7 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bc2011
      last edited by

      Hi there,

      I've pfSense as VM on VMWare in the cloud and some services behind it. Don't want to use publishing for RDP to internal servers so i thought client-server IPSEC might do it. Decided to use IPSEC, use manual for configuring Windows 7, install Shrew Soft Vpn client and it all went fine.

      I have following segments behind pfSense
      10.99.101.x/24
      10.99.102.x/24
      10.99.103.x/24

      Tunel is established fine but it's impossible to work (RDP) because i have tons of timeouts, see attached picture, i'm pinging google ns to just to demonstrate my wan is fine - no timeouts
      Can someone please point me to what should i troubleshoot?

      thanks

      pfsense1.png
      pfsense1.png_thumb

      1 Reply Last reply Reply Quote 0
      • B
        bc2011
        last edited by

        I've also noticed that if I ping only to one of the segments  pings stay stable, as soon as i start pinging to all three (servers are behind all three) timeouts begin…  this is really driving me mad,  NAT publish rules are locked to my ip but i would rather use ipsec... Any ideas?

        1 Reply Last reply Reply Quote 0
        • C
          Clouseau
          last edited by

          Actually I have simular problems with site-to-site tunnel, but only whit ONE device where I get connection timeouts like you have. I have not figured out why, but my ping logs look like yours.

          ![000506-2015-01-14 12_15.jpg](/public/imported_attachments/1/000506-2015-01-14 12_15.jpg)
          ![000506-2015-01-14 12_15.jpg_thumb](/public/imported_attachments/1/000506-2015-01-14 12_15.jpg_thumb)

          –--------------------------------------------------------------
          Multible Alix 2D13, APU1,APU2,APU3 - pfSense 2.4.x 64bit
          Multible Vmware vSphere - pfSense 2.4.x 64bit

          pfSense - FreeNAS - OwnCloud

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            @bc2011:

            I've also noticed that if I ping only to one of the segments  pings stay stable, as soon as i start pinging to all three (servers are behind all three) timeouts begin…  this is really driving me mad,  NAT publish rules are locked to my ip but i would rather use ipsec... Any ideas?

            Something rate-limiting UDP in between maybe? That's assuming NAT-T is in use. Doesn't seem like any negotiation or keying problem if you never get drops when pinging just one. Packet capture on the IPsec interface server-side and see if all your ICMP echo requests are showing up there. If so, see if they're going out the destination interface and whether they're getting a reply.

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              I would also recommend to switching to Windows 7 ipsec client since 2.2 has support for IKEv2 which is a better choice!

              1 Reply Last reply Reply Quote 0
              • C
                Clouseau
                last edited by

                @cmb:

                Something rate-limiting UDP in between maybe? That's assuming NAT-T is in use. Doesn't seem like any negotiation or keying problem if you never get drops when pinging just one. Packet capture on the IPsec interface server-side and see if all your ICMP echo requests are showing up there. If so, see if they're going out the destination interface and whether they're getting a reply.

                All traffic goes thru ipsec tunnel from Client to device [ Client –-[b]pf1==ipsec==pf2–-Device]

                Packet capture at pf2 end of the ipsec tunnel that echo request are showing up there as also on LAN side of pf2. Packet capture is also taken pf2 LAN side what Device is replying to echo request.

                Packet capture with full Level of Detail at LAN interface pf2:

                Client 10.0.1.139 pinging Device 10.0.0.113  - the failing Device connection

                
10:52:02.464635 00:0d:b9:35:a1:02 > 00:10:be:0c:85:47, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5547, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->111b)!)
    10.0.1.139 > 10.0.0.113: ICMP echo request, id 4, seq 62835, length 40
10:52:02.472533 00:10:be:0c:85:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.113, length 46
10:52:03.471592 00:10:be:0c:85:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.113, length 46
10:52:04.232425 00:0d:b9:35:a1:02 > 00:10:be:0c:85:47, ethertype IPv4 (0x0800), length 298: (tos 0x0, ttl 126, id 5604, offset 0, flags [DF], proto TCP (6), length 284, bad cksum 0 (->5d86)!)
    194.136.187.120.443 > 10.0.0.113.42060: Flags [P.], cksum 0x7554 (correct), seq 903453078:903453322, ack 2739757810, win 254, length 244
10:52:04.232552 00:10:be:0c:85:47 > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 7777, offset 0, flags [DF], proto TCP (6), length 40)
    10.0.0.113.42060 > 194.136.187.120.443: Flags [.], cksum 0x9b21 (correct), seq 1, ack 244, win 3990, length 0
10:52:04.281130 00:10:be:0c:85:47 > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 233: (tos 0x0, ttl 64, id 7778, offset 0, flags [DF], proto TCP (6), length 219)
    10.0.0.113.42060 > 194.136.187.120.443: Flags [P.], cksum 0x9b2e (correct), seq 1:180, ack 244, win 4005, length 179
10:52:04.470663 00:10:be:0c:85:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.113, length 46
10:52:04.481083 00:0d:b9:35:a1:02 > 00:10:be:0c:85:47, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 126, id 5605, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->5e79)!)
    194.136.187.120.443 > 10.0.0.113.42060: Flags [.], cksum 0xa906 (correct), seq 244, ack 180, win 254, length 0
10:52:07.462898 00:0d:b9:35:a1:02 > 00:10:be:0c:85:47, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5563, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->110b)!)
    10.0.1.139 > 10.0.0.113: ICMP echo request, id 4, seq 62841, length 40
10:52:07.467901 00:10:be:0c:85:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.113, length 46

                Pinging other Device2 10.0.0.115 in same network and same switch - this device is working great

                
10:51:13.053872 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:13.063340 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5344, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11e4)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62776, length 40
10:51:13.063441 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40648, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62776, length 40
10:51:13.063566 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 63331, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->6eee)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40648, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62776, length 40
10:51:14.063540 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5347, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11e1)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62777, length 40
10:51:14.063664 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40649, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62777, length 40
10:51:14.063788 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 8129, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->4691)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40649, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62777, length 40
10:51:14.063967 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:15.063075 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:15.064868 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5350, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11de)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62778, length 40
10:51:15.065053 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40650, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62778, length 40
10:51:15.065260 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 59161, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->7f38)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40650, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62778, length 40
10:51:16.062673 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:16.066433 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5353, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11db)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62779, length 40
10:51:16.066638 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40651, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62779, length 40
10:51:16.066884 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 20561, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->1601)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40651, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62779, length 40
10:51:17.066880 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5357, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11d7)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62780, length 40
10:51:17.066985 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40652, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62780, length 40
10:51:17.067134 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 43312, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->bd21)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40652, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62780, length 40
10:51:17.067217 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:17.332362 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 95: (tos 0x0, ttl 64, id 57241, offset 0, flags [DF], proto TCP (6), length 81)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [P.], cksum 0x3d2c (correct), seq 2151161109:2151161150, ack 383192847, win 11680, length 41
10:51:17.332586 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 64, id 2151, offset 0, flags [none], proto ICMP (1), length 68, bad cksum 0 (->5ddf)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 48
	(tos 0x0, ttl 64, id 57241, offset 0, flags [DF], proto TCP (6), length 81)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [P.], seq 0:41, ack 1, win 11680, length 41
10:51:17.377132 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 95: (tos 0x0, ttl 126, id 5359, offset 0, flags [DF], proto TCP (6), length 81, bad cksum 0 (->d1ba)!)
    10.0.1.139.50674 > 10.0.0.115.80: Flags [P.], cksum 0x0341 (correct), seq 1:42, ack 41, win 16102, length 41
10:51:17.412138 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 57242, offset 0, flags [DF], proto TCP (6), length 40)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [.], cksum 0xe26e (correct), seq 41, ack 42, win 11680, length 0
10:51:17.412272 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 64, id 13438, offset 0, flags [none], proto ICMP (1), length 68, bad cksum 0 (->31c8)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 48
	(tos 0x0, ttl 64, id 57242, offset 0, flags [DF], proto TCP (6), length 40)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [.], cksum 0xe26e (correct), seq 41, ack 42, win 11680, length 0
10:51:17.461909 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 95: (tos 0x0, ttl 126, id 5360, offset 0, flags [DF], proto TCP (6), length 81, bad cksum 0 (->d1b9)!)
    10.0.1.139.50674 > 10.0.0.115.80: Flags [P.], cksum 0x6bdb (correct), seq 42:83, ack 41, win 16102, length 41
10:51:17.462026 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 57243, offset 0, flags [DF], proto TCP (6), length 40)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [.], cksum 0xe245 (correct), seq 41, ack 83, win 11680, length 0
10:51:17.462113 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 64, id 26456, offset 0, flags [none], proto ICMP (1), length 68, bad cksum 0 (->feed)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 48
	(tos 0x0, ttl 64, id 57243, offset 0, flags [DF], proto TCP (6), length 40)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [.], cksum 0xe245 (correct), seq 41, ack 83, win 11680, length 0
10:51:17.492212 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 95: (tos 0x0, ttl 64, id 57244, offset 0, flags [DF], proto TCP (6), length 81)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [P.], cksum 0x88bb (correct), seq 41:82, ack 83, win 11680, length 41
10:51:17.492356 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 64, id 31877, offset 0, flags [none], proto ICMP (1), length 68, bad cksum 0 (->e9c0)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 48
	(tos 0x0, ttl 64, id 57244, offset 0, flags [DF], proto TCP (6), length 81)
    10.0.0.115.80 > 10.0.1.139.50674: Flags [P.], seq 41:82, ack 83, win 11680, length 41
10:51:17.716448 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 126, id 5363, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->d1df)!)
    10.0.1.139.50674 > 10.0.0.115.80: Flags [.], cksum 0xd0e0 (correct), seq 83, ack 82, win 16092, length 0
10:51:18.061873 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:18.068096 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5364, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11d0)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62782, length 40
10:51:18.068217 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40653, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62782, length 40
10:51:18.068302 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 56901, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->880c)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40653, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62782, length 40
10:51:19.061474 00:10:be:0b:bb:ba > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.115, length 46
10:51:19.068848 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 126, id 5367, offset 0, flags [none], proto ICMP (1), length 60, bad cksum 0 (->11cd)!)
    10.0.1.139 > 10.0.0.115: ICMP echo request, id 4, seq 62783, length 40
10:51:19.069181 00:10:be:0b:bb:ba > 00:0d:b9:35:a1:02, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 40654, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62783, length 40
10:51:19.069412 00:0d:b9:35:a1:02 > 00:10:be:0b:bb:ba, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 43991, offset 0, flags [none], proto ICMP (1), length 56, bad cksum 0 (->ba7a)!)
    10.0.0.1 > 10.0.0.115: ICMP redirect 10.0.1.139 to host 10.0.1.139, length 36
	(tos 0x0, ttl 64, id 40654, offset 0, flags [none], proto ICMP (1), length 60)
    10.0.0.115 > 10.0.1.139: ICMP echo reply, id 4, seq 62783, length 40

                Device works on local network perfectly. IP with DHCP from pf2, like the working device2. Same network, same switch, same tunnel and same client. Only one not working. Tryed to change IP, Switch, new pf hardware, ipsec configs etc…

                All connections (tcp or udp) fails or has cut-offs like you can see on ping. Mysterious for me.

                –--------------------------------------------------------------
                Multible Alix 2D13, APU1,APU2,APU3 - pfSense 2.4.x 64bit
                Multible Vmware vSphere - pfSense 2.4.x 64bit

                pfSense - FreeNAS - OwnCloud

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  @Clouseau:

                  
10:52:02.472533 00:10:be:0c:85:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.113, length 46
10:52:03.471592 00:10:be:0c:85:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.139 tell 10.0.0.113, length 46

                  There you go, your subnet mask is wrong on 10.0.0.113. It should never ARP a remote device.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.