Client loses its connection to pfSense gateway, but not to the network



  • Hello group,

    I am experiencing a very strange problem. I am at a loss here, and I truly hope someone here has an idea what is going on and how to solve it…

    First I will explain my setup:
    I have recently obtained a new HP Proliant Microserver Gen8 (entry level). This nifty machine is destined to take a central position in my home network.
    The server comes with 2 integrated Gigabit NICs (HP NC332i) and I installed a 3rd Gigabit NIC in the PCIe slot (HP NC112T / Intel 82574L). NIC1 is connected directly to my ADSL router, NIC2 to my home network and NIC3 to my wireless router. My home network contains a total of 3 Gigabit switches in line to reach various places in my house.
    (The router connection is 100Mbit due to limitations on my router)

    I plan to run several VMs in KVM for various network functions, NAS, and of course for hobbying :)
    I am using CentOS 7 as virtual host. I have created 4 software bridges: br_extern, br_intern, br_wifi and br_dmz. All three NICs are added as slaves to these bridges accordingly. Only br_intern has a local IP address on the virtual host.

    My first VM is connected to all 4 bridges, and it runs pfSense 2.2.5 to use as firewall / router / etc. (this fulfills old dream of me :) ) pfSense configuration went without a problem, it seems to run fine. In principle it functions correctly as DHCP / DNS server and internet gateway for clients on my internal network. On my internal network I am using are several Linux clients, and on the Wifi I use Android phones and an iPad, and sometimes a Linux laptop, which all use the pfSense functions without a problem.

    A very similar setup has worked flawless for years, running on an old PC, using Debian as virtual host and ipfire as firewall in a paravirtualized VM.

    This is my problem:
    I also have one Windows 8.1 client which loses its connection to the pfSense gateway, but not to the network itself.

    This is what I have observed so far:

    • Initially the connection works. The machine correctly obtains a DHCP address and connects to the internet

    • However, after a short period, the connection with the pfSense VM fails

    • I can still ping the pfSense internal IP address. All other connections - SSH, web interface, DNS, DHCP, gateway, … - fail with a timeout

    • Obviously the W8 machine loses its internet connection

    • The W8 machine still connects without a problem to other clients in the internal network

    • I can no longer ping the W8 machine from the pfSense command line (this ping works until the connection fails)

    • After rebooting the W8 machine the connection stil does not work, not even for a short period

    • The problem seems to persist irrespective of whether Window is running - for example, in the BIOS there is also an network function that does not work

    • The only way I have found so far to restore the connection is by rebooting pfSense. The client can then acces pfSense and internet. However the connection inevitably fails again after a few minutes

    • The time until failure seems to be affected when the network is used. For example, when I stream a movie from internet on the W8 client, the connection does not fail (or at least much later) Shortly after I stop the movie the connection fails again

    • I tried switching NICS, using the extra 3rd NIC in stead of the builtin 2nd NIC for the internal network. This did not help

    • I cannot find anything unusual in the pfSense logs

    • All other clients in my network seem to run fine

    I have installed all the latest firmwares on both the client and the server. In Windows 8 I installed all recent drivers I could find, using the tooling provided by the motherboard manufacturer. CentOS 7 is fully patched. pfSense is fully up to date.

    I have spent many hours on this problem but I did not manage to solve it.  ???
    Who can save me?

    Kind regards,
    Lucas



  • Update:

    I solved my problem! Of course my issue turned out to not be related to pfSense or Windows:

    I was unaware that one of the switches I used in my network is actually a managed switch, and guess what: the management interface used the same IP address as my pfSense gateway. Now who would have thought that!?! This explains all the symptoms I have described. Changing the internal IP address on my pfSense VM solved all my problems. I am happy.

    Of course pfSense helped me to solve my problem: I discovered that during the boot sequence, at the point where the interfaces are configured, a message was printed that the IP address was already in use, including the MAC address. It took me some time to figure out where this MAC address came from - but it was the switch.

    At least my firmwares are up to date now ;)

    Anyway, thanks for the great product, I am looking forward to years of fun using pfSense!

    Regards,
    Lucas



  • You should have your managed switch's management interface on a separate VLAN. Then you wouldn't have had that issue in the first place.


Log in to reply