Opt1 No internet access



  • Sorry for probably posting a question that has been posted a million times.  I've probably looked through twenty five different posts and they all seem to say the same thing which I believe I've setup correctly but I can't seem to get it working.  Lan1 is working fine and is able to connect to the internet without any issues.

    I added in the rules to match lan1 for opt1 as that seemed to be the biggest thing on the forum people ran into.  I've attached the screenshot for that.
    Also I added in a screenshot of my nat rules however I have not made any changes besides clicking manual.

    I appreciate your help and again sorry for probably a dumb question.








  • Also if it is relevant here are my pings as well.  I'm unable to ping anything while connected to the opt1 network.  While connected to lan1 I can ping both routers.

    Any help is greatly appreciated.  Been racking my brain for a few hours trying to figure this out.

    Thanks in advance.






  • Hi,

    Have you setup a gateway for your interface? if yes, is this the IP of the lan1 or the opt1?
    Can you post your route table and a tracert test?

    jyrandrianiaina



  • Thank you for your reply jyrandrianiaina.

    I have the default gateway setup so I'm assuming this is for lan1.  I've attached a screenshot for that.  (I've since added PIA back on to my server so I could use my unraid box and watch a show… haha)  Also I read on one of the related troubleshooting that it's important for the opt1 to use the gateway so I added that into my firewall rule.  I've attached a new screenshot for that.

    I've attached the ipv4 and ipv6 route tables below.  The window was too big so they are separated.

    As for the traceroute I'm unfamiliar with how to use that.  I've attached a screenshot of what I put but it timed out.  If you can give me any advice on what to put here that would be helpful.

    Thanks again.











  • Rebel Alliance Global Moderator

    "I have not made any changes besides clicking manual."

    Why would you do that??

    And why do you have a gateway setup on your opt1 rules now?

    What is your client on your opt1 network pointing to for gateway/dns?  Does it get its info from pfsense dhcp?

    There is nothing you need to do extra on creating a new opt1 interface other than creating firewall rules to allow traffic everything else is automatic.  Well and setup dhcp if you want to use that.

    Are they 2 physical interfaces or are you trying to setup vlans?  Can device ping pfsense IP on the opt1 network?

    Why are seeing reply from 10.0.0.1 ???  When your on the opt1 network??  Please describe/draw how your network is connected together.  What switch(es) etc..



  • Hi,

    Please post the gateway for your PC you send ping not the gateway in pfSense.
    If you are on windows, open a cmd and run :

    1. route -n
    2. tracert google.com
      If you are on linux/Unix, install mtr and run:
    3. mtr google.com

    and please post the screenshot. I think, it is a problem on your PC's gateway.

    Regards,


  • Rebel Alliance Global Moderator

    yeah gateway on the client is most likely 10.0.0.1???  Which would mean a odd ball mask as well..  since that would not be in his clients network unless he was using a 255.0.0.0 mask or /8



  • @johnpoz:

    "I have not made any changes besides clicking manual."

    Why would you do that??

    I will be setting up PIA through OpenVPN on LAN1 and on OPT1 I'd like to have it setup with no encryption for a seperate network in my home.  I'll have to switch to manual settings for the PIA so that's why it switched it to manual.

    And why do you have a gateway setup on your opt1 rules now?

    I saw something on another post that said it might be the problem.  I tried it.  It didn't work but posted it in the event that I was on to something.  I can remove it.

    What is your client on your opt1 network pointing to for gateway/dns?  Does it get its info from pfsense dhcp?

    I don't fully understand the question as networking is not really my strongest point - more in to other computer things but I'm a quick learner so I'll do my best to figure it out.  As for the gateway/dns if I understand that correctly it should be the gateway table in the 4th post.  The DNS i used in the setup wizard was 209.222.18.218 and 209.222.18.222.  (Used from this article - https://www.privateinternetaccess.com/forum/discussion/18111/openvpn-step-by-step-setup-for-pfsense-firewall-router-with-video).  When I setup PfSense from the non-gui I did setup both Lans to use DHCP.  Lan1 is 10.194.50.101:200 and Opt1 is 10.194.51.101:200.

    Are they 2 physical interfaces or are you trying to setup vlans?  Can device ping pfsense IP on the opt1 network?

    They are physical devices.
    I have not tried the ping yet, I'm not at home right now but I'll try that when I get there and post new results for that.

    Why are seeing reply from 10.0.0.1 ???  When your on the opt1 network??  Please describe/draw how your network is connected together.  What switch(es) etc..

    I'm pretty sure the 10.0.0.1 is being handed out by the wireless router.  As for the setup it looks like this currently.

    Modem
    PfSense connected to modem via WAN.
    Lan 1 - Physical 1000 LAN card connected to WNDR3700 Netgear Router (This currently also has three wired computers plugged into it, this should be distributing the PIA VPN service on this network)
    Opt 1 - Physical 100 LAN card connected to DIR-868L D-Link Router (This currently has nothing hooked up to it as it isn't working)

    I have two switches coming tomorrow as well as a new 1000 LAN card to replace the 100 card.  My plan is to put them in between the NIC cards and plug the routers into them for wireless access on each network.

    Beyond that I've got a standard slew of wifi connected devices in the home, tablets, phones, connected devices, etc

    Also for what its worth I did change the connections from LAN 1 to the second router to make sure I didnt' have a problem with the router and it worked.  Connecting Opt1 into the first router still did not function.



  • @jyrandrianiaina:

    Hi,

    Please post the gateway for your PC you send ping not the gateway in pfSense.
    If you are on windows, open a cmd and run :

    1. route -n
    2. tracert google.com
      If you are on linux/Unix, install mtr and run:
    3. mtr google.com

    and please post the screenshot. I think, it is a problem on your PC's gateway.

    Regards,

    Jyrandrianiaina,

    I've attached the tracert.  The route -n didn't seem to do much except data dump some instructions on me.  I attached the first one i did of those as well.  The second posted the same information from what I could tell.

    Lan1 appeared to contact without any issue.  Opt 1 could not resolve the host.










  • Hi,

    For windows, use route print (sorry, route -n is for linux/unix).

    To use the gateway as lan1 in your pc, change your gateway as lan1's address.
    And for opt1, change the IP address of the gateway of the PC as opt1's address.

    For example: if the lan1 IP is: 10.10.10.1, and your PC is 10.10.10.2, the gateway must be 10.10.10.1 (lan1 ip).
    if the opt1 IP is: 10.10.20.1, and yours is 10.10.20.2, your gw must be 10.10.20.1 if you want to connect via the opt1.
    You can't ping the LAN1 IP if your gateways is opt1 and if you have not setup a route.

    Jyrandrianiaina


  • Rebel Alliance Global Moderator

    So your wireless router is handing out dhcp??  That is not how you should be doing it… Use your wireless router behind pfsense as AP only... turn off its dhcp server, connect it to your network via lan port and setup its lan ip to be on the network you connected too.

    As for your clients, do an ipconfig /all so we can see what IP it has, what gateway, what dns and what the dhcp server was, etc..



  • Ok so update - Got my switches and the new NIC.  Setup my routers(had to get new ones since the ones I had didn't have AP mode) in Access point mode and everything is working the way I want it to.

    Two questions and it's unrelated to the internet access not working - just the next steps I want to do with my network and I should be finished.

    1. I've got my PIA network (50.1) and my open network (51.1) setup and computers on each one.  How do I share files on them internally?  Basically I've got my unraid box on 51.1 with plex media server so it can serve outside of my network - I've got transmission and sonarr on 50.1 and I need to get the files from there to the unraid box.

    2. Secondly if for any reason the VPN on 50.1 goes out or stops working for whatever reason is there a firewall rule or something else I can set so it will no longer access the WAN?  I don't want transmission still downloading files in the event that it is showing my IP to the world due to the VPN stopping.

    Thanks again for all your help.  (If you don't have the full answer or if you know what I should be looking for that will help too.  Just not familiar with the terminology I should be searching for)


  • Rebel Alliance Global Moderator

    "had to get new ones since the ones I had didn't have AP mode"

    Huh?? Every single soho wifi route on the planet can be just an AP.. Turn off its dhcp server connect it network via one of its lan ports..

    So did you get a REAL AP or just some soho router you click AP mode on??  Just curious..



  • @johnpoz:

    "had to get new ones since the ones I had didn't have AP mode"

    Huh?? Every single soho wifi route on the planet can be just an AP.. Turn off its dhcp server connect it network via one of its lan ports..

    So did you get a REAL AP or just some soho router you click AP mode on??  Just curious..

    I wasn't aware of that for the routers.  The DIR-868L specifically said on Cnet it didn't support being an access point.  Possibly that just meant it didn't have the "easy mode" that you just click.  I was having problems with random disconnects and the other one had two lan ports actually fail so it was time to upgrade.  I ended up picking up new AC1750 routers.  I toyed with the idea of getting the ubiquiti access points but I kept reading that the fall off on the range was terrible.  Great for a room or two but if you didn't overlap them then you could expect speeds to drop dramatically as you lost signal.  None the less it seems everything is working now with the new routers so I'm happy.  Would you be able to point me in the right direction for my other questions?

    Thanks again.



  • Ok so new problem… not sure if this is my settings or a limitation but if one of you could look it over.

    So I've got everything setup and I've got the two lans working however I am constantly losing connection to the PIA OpenVPN, not entirely sure what is causing it as when I ran it all by itself it stayed connected without any issues and now it's shutting off every 10-20 minutes and reconnecting after a few.  My problem is when it dies it also kills the connection to the WAN entirely for the other network.

    I've taken a screenshot of my settings if you could check and advise.

    Thanks again for all your help.













  • Rebel Alliance Global Moderator

    Well couple things I notice from a quick look is why do you have your outbound nats like that, so do you need pfsense itself to go out the vpn connection?  Why do you have your other network that you don't want going down the vpn connection setup with a outbound nat?

    So I have vpn client setup to one of my vps, you see the nat I have setup for it attached.

    You also have your networks going out specific gateways, but not even allowing access to pfsense? Nor any rule to allow your network to talk to each other? You send everything out specific gateways.  Also if setup your vpn as a gateway, and you tell pfsense to reset connections on loss of gateway then yeah your going to have problems with 1 gateway going down all connections being reset.. Advanced, misc section.

    And looks like your client isn't even running so how would you have a vpn connection?  Look into your log why its stopping.






  • Hey Guys,

    So I thought I had the internet working on the second lan but I guess i didn't.  I went away for a few weeks for work and am back trying to figure this out.  I feel like I'm missing something stupid but I can't figure it out.

    I switched to the hybrid NAT and added the VPN to that like your last screenshot johnpoz.  I've also got the any rule set for that opt1 lan.  I've attached the route print like you previously asked for, I'm able to ping the network and access the pfsense gui from the second lan but unable to access the internet still(windows does seem to think I have internet).

    Also the VPN hasn't gone down in quite awhile, I killed the config file and restarted it and it seems to have worked like a charm since.

    Thanks again and sorry to keep bothering you.  Just would love to get this working.











  • Rebel Alliance Global Moderator

    where did that mac come from.. that can not be correct all 88 with one 87.. No did you hide that?

    Why does this machine have not only an IP address 10.194.51.1 but also a 192.168.56.1 ??

    Why don't you do the basics here.. Clearly your resolving google to IP from your ping.  Ok follow the traffic.  Sniff on pfsense opt1 interface when your pinging do you see the pings?  Sniff on pfsense wan do you see the pings go out?



  • Hey johnpoz. Thanks for the reply.

    Have no clue about the 88 and 87s. Also not sure about the two IPs. These were direct screenshots.

    Would you be able to give me further instructions on how to do a sniff on PfSense to the opt1 and WAN?  I tried googling it but didn't come up with anything.

    Thanks.


  • Rebel Alliance Global Moderator

    diag, packet capture. Pick your interface, follow the bouncing ball.

    What box is this on…  That is not a registered mac address... 88:88:88 doesn't belong to anyone.. Its not registered that I can find..

    Is this a virtual machine?  If so what software?



  • @johnpoz:

    What box is this on…  That is not a registered mac address... 88:88:88 doesn't belong to anyone.. Its not registered that I can find..

    Is this a virtual machine?  If so what software?

    Johnpoz it's a Windows 10 machine, nothing special i5 home built.  If it matters the cable from opt1 was plugged directly into the computer for easier diagnostic and cutting out any potential problems with a router or switch.

    I'm at work now but I'll have the diag done in a few hours when I get back hopefully.


  • Rebel Alliance Global Moderator

    But who made the nic, what motherboard??

    That is not a real mac address, and don't understand why it would be such odd setting.

    from an ipconfig /all what does it show?

    example

    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
      Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3

    I can lookup 180373

    That it shows such an odd mac does not bode well for being up to standards, etc.

    Guessing MSI ?
    https://forum-en.msi.com/index.php?topic=266441.0

    You really should fix that… Here is another thread that says they have multiple machines with the same mac.. Yeah putting more than 1 device with the same mac is going to make those devices not freaking work.
    https://forum-en.msi.com/index.php?topic=134964.0

    So for all we know the mac of pfsense opt1 interface has that same mac if your using the same hardware, etc..  What are the mac of the pfsense interfaces.. You can find them with a ifconfig Or look under status/ interfaces on the gui.




  • @johnpoz:

    diag, packet capture. Pick your interface, follow the bouncing ball.

    Ok I didn't see a bouncing ball… but I did do the rest.  I'm not sure if I was supposed to stop the packet capture after a bit, couldn't find clarification on that but I stopped it after about a minute and this is what showed up for the WAN.

    14:26:46.182358 ARP, Request who-has 72.218.90.253 tell 72.218.88.1, length 46
    14:26:46.195481 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.195731 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.195775 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1125
    14:26:46.196230 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.198977 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 293
    14:26:46.205309 ARP, Request who-has 72.218.96.247 tell 72.218.96.1, length 46
    14:26:46.208262 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 141
    14:26:46.213707 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 93
    14:26:46.213734 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 93
    14:26:46.233652 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 189
    14:26:46.240650 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 93
    14:26:46.240698 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 93
    14:26:46.241216 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.241241 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.242819 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 285
    14:26:46.242848 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 285
    14:26:46.251258 IP6 fe80::f6f2:6dff:fe00:16ab > fe80::e22f:6dff:fe6c:fed9: ICMP6, echo request, seq 17050, length 8
    14:26:46.254208 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 901
    14:26:46.254608 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1141
    14:26:46.256857 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 69
    14:26:46.257729 IP6 fe80::e22f:6dff:fe6c:fed9 > fe80::f6f2:6dff:fe00:16ab: ICMP6, echo reply, seq 17050, length 8
    14:26:46.273563 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.273963 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.274012 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.274106 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.274360 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.274384 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.274559 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1261
    14:26:46.274866 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.276764 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.277168 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.277171 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.277215 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1445
    14:26:46.277554 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.277655 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.277736 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 1261
    14:26:46.278160 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.287818 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 77
    14:26:46.305946 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 293
    14:26:46.307131 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 293
    14:26:46.317555 ARP, Request who-has 72.214.76.151 tell 72.214.76.1, length 46
    14:26:46.320754 ARP, Request who-has 72.218.100.239 tell 72.218.96.1, length 46
    14:26:46.327157 ARP, Request who-has 72.218.93.195 tell 72.218.88.1, length 46
    14:26:46.329333 ARP, Request who-has 98.182.179.90 tell 98.182.179.1, length 46
    14:26:46.335689 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 189
    14:26:46.336277 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.337264 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 189
    14:26:46.337482 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 597
    14:26:46.337526 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1125
    14:26:46.337668 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.337979 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 677
    14:26:46.338090 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1125
    14:26:46.359546 ARP, Request who-has 72.218.96.153 tell 72.218.96.1, length 46
    14:26:46.367476 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 181
    14:26:46.367836 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.368049 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 77
    14:26:46.368731 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 469
    14:26:46.369028 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.369134 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 677
    14:26:46.369249 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1365
    14:26:46.370758 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 469
    14:26:46.371323 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.395061 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 77
    14:26:46.398186 ARP, Request who-has 72.218.93.99 tell 72.218.88.1, length 46
    14:26:46.420778 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 469
    14:26:46.421351 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.438986 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 485
    14:26:46.440448 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1349
    14:26:46.440942 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1445
    14:26:46.440992 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1445
    14:26:46.441047 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 1445
    14:26:46.441073 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 157
    14:26:46.441113 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 229
    14:26:46.450832 ARP, Request who-has 72.218.96.47 tell 72.218.96.1, length 46
    14:26:46.472066 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 77
    14:26:46.472491 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 77
    14:26:46.475217 IP6 fe80::e22f:6dff:fe6c:fed9 > ff02::1: ICMP6, router advertisement, length 32
    14:26:46.505848 IP 70.161.205.13 > 70.161.200.1: ICMP echo request, id 3570, seq 17050, length 8
    14:26:46.551698 ARP, Request who-has 10.237.249.230 tell 10.237.249.1, length 46
    14:26:46.553297 ARP, Request who-has 72.218.95.215 tell 72.218.88.1, length 46
    14:26:46.584086 ARP, Request who-has 72.218.99.39 tell 72.218.96.1, length 46
    14:26:46.587712 ARP, Request who-has 72.218.97.75 tell 72.218.96.1, length 46
    14:26:46.607119 ARP, Request who-has 72.218.94.98 tell 72.218.88.1, length 46
    14:26:46.608720 ARP, Request who-has 72.218.103.43 tell 72.218.96.1, length 46
    14:26:46.610503 IP 209.95.50.134.1194 > 70.161.205.13.27043: UDP, length 485
    14:26:46.616924 ARP, Request who-has 72.214.76.231 tell 72.214.76.1, length 46
    14:26:46.657740 ARP, Request who-has 72.218.97.184 tell 72.218.96.1, length 46
    14:26:46.664101 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 77
    14:26:46.682325 ARP, Request who-has 72.218.102.163 tell 72.218.96.1, length 46
    14:26:46.721566 ARP, Request who-has 72.214.76.33 tell 72.214.76.1, length 46
    14:26:46.726717 ARP, Request who-has 72.218.101.22 tell 72.218.96.1, length 46
    14:26:46.736922 ARP, Request who-has 68.230.179.244 tell 68.230.179.225, length 46
    14:26:46.752847 IP6 fe80::f6f2:6dff:fe00:16ab > fe80::e22f:6dff:fe6c:fed9: ICMP6, echo request, seq 17051, length 8
    14:26:46.758856 IP 70.161.205.13.27043 > 209.95.50.134.1194: UDP, length 69
    14:26:46.760306 IP6 fe80::e22f:6dff:fe6c:fed9 > fe80::f6f2:6dff:fe00:16ab: ICMP6, echo reply, seq 17051, length 8
    14:26:46.767534 ARP, Request who-has 72.218.93.105 tell 72.218.88.1, length 46
    14:26:46.810327 ARP, Request who-has 72.214.76.90 tell 72.214.76.1, length 46
    14:26:46.845766 ARP, Request who-has 72.218.101.201 tell 72.218.96.1, length 46
    14:26:46.899363 ARP, Request who-has 72.214.76.188 tell 72.214.76.1, length 46

    This is what shows up on opt1

    14:31:01.026826 IP 10.194.51.101.50810 > 216.58.219.238.443: UDP, length 1350
    14:31:01.083126 IP 10.194.51.101.49725 > 216.58.219.238.443: tcp 0
    14:31:01.275305 IP 10.194.51.101.50810 > 216.58.219.238.443: UDP, length 1350
    14:31:01.442793 IP 10.194.51.101.49726 > 131.253.61.100.443: tcp 0
    14:31:01.772783 IP 10.194.51.101.50810 > 216.58.219.238.443: UDP, length 1350
    14:31:01.906864 IP6 fe80::b0f3:617f:d41f:630b.58703 > ff02::c.1900: UDP, length 150
    14:31:02.289452 IP 10.194.51.101.49717 > 162.125.32.129.443: tcp 0
    14:31:02.587194 IP 10.194.51.101.137 > 10.194.51.255.137: UDP, length 50
    14:31:02.587460 IP6 fe80::b0f3:617f:d41f:630b.60573 > ff02::1:3.5355: UDP, length 22
    14:31:02.587768 IP6 fe80::b0f3:617f:d41f:630b.63274 > ff02::1:3.5355: UDP, length 22
    14:31:02.766400 IP 10.194.51.101.50810 > 216.58.219.238.443: UDP, length 1350
    14:31:02.997597 IP6 fe80::b0f3:617f:d41f:630b.63274 > ff02::1:3.5355: UDP, length 22
    14:31:02.997622 IP6 fe80::b0f3:617f:d41f:630b.60573 > ff02::1:3.5355: UDP, length 22
    14:31:03.046090 IP 10.194.51.101.17500 > 10.194.51.255.17500: UDP, length 240
    14:31:03.317683 IP 10.194.51.101.49718 > 108.160.172.236.443: tcp 0
    14:31:03.336376 IP 10.194.51.101.137 > 10.194.51.255.137: UDP, length 50
    14:31:03.596668 IP 10.194.51.101.49719 > 65.55.252.43.443: tcp 0
    14:31:03.638248 IP 10.194.51.101.65238 > 10.194.51.1.53: UDP, length 49
    14:31:03.638351 IP 10.194.51.1.53 > 10.194.51.101.65238: UDP, length 65
    14:31:03.639116 IP 10.194.51.101.49727 > 65.52.108.231.443: tcp 0
    14:31:03.830531 IP 10.194.51.101.49722 > 204.79.197.213.443: tcp 0
    14:31:03.832487 IP 10.194.51.101.49723 > 216.58.219.238.443: tcp 0
    14:31:03.914085 IP 10.194.51.101.49728 > 131.253.34.230.443: tcp 0
    14:31:03.952499 IP 10.194.51.101.49724 > 131.253.61.100.443: tcp 0
    14:31:04.084020 IP 10.194.51.101.49725 > 216.58.219.238.443: tcp 0
    14:31:04.089109 IP 10.194.51.101.137 > 10.194.51.255.137: UDP, length 50
    14:31:04.093562 IP6 fe80::b0f3:617f:d41f:630b.546 > ff02::1:2.547: UDP, length 93
    14:31:04.443380 IP 10.194.51.101.49726 > 131.253.61.100.443: tcp 0
    14:31:04.752306 IP 10.194.51.101.50810 > 216.58.219.238.443: UDP, length 1350
    14:31:04.807945 IP 10.194.51.101.50810 > 216.58.219.238.443: UDP, length 69
    14:31:04.907807 IP6 fe80::b0f3:617f:d41f:630b.58703 > ff02::c.1900: UDP, length 150
    14:31:06.639580 IP 10.194.51.101.49727 > 65.52.108.231.443: tcp 0
    14:31:06.657202 IP 10.194.51.101.49729 > 173.194.122.241.443: tcp 0
    14:31:06.657556 IP 10.194.51.101.49730 > 74.125.192.188.5228: tcp 0
    14:31:06.905737 IP 10.194.51.101.49731 > 173.194.122.241.443: tcp 0
    14:31:06.914208 IP 10.194.51.101.49728 > 131.253.34.230.443: tcp 0
    14:31:07.646291 ARP, Request who-has 10.194.51.1 (00:1a:92:50:f7:ea) tell 10.194.51.101, length 46
    14:31:07.646307 ARP, Reply 10.194.51.1 is-at 00:1a:92:50:f7:ea, length 28
    14:31:08.289742 IP 10.194.51.101.49717 > 162.125.32.129.443: tcp 0
    14:31:09.318895 IP 10.194.51.101.49718 > 108.160.172.236.443: tcp 0
    14:31:09.597233 IP 10.194.51.101.49719 > 65.55.252.43.443: tcp 0
    14:31:09.656905 IP 10.194.51.101.49730 > 74.125.192.188.5228: tcp 0
    14:31:09.656918 IP 10.194.51.101.49729 > 173.194.122.241.443: tcp 0
    14:31:09.830296 IP 10.194.51.101.49722 > 204.79.197.213.443: tcp 0
    14:31:09.833305 IP 10.194.51.101.49723 > 216.58.219.238.443: tcp 0
    14:31:09.907066 IP 10.194.51.101.49731 > 173.194.122.241.443: tcp 0
    14:31:09.952365 IP 10.194.51.101.49724 > 131.253.61.100.443: tcp 0
    14:31:10.084794 IP 10.194.51.101.49725 > 216.58.219.238.443: tcp 0
    14:31:10.443793 IP 10.194.51.101.49726 > 131.253.61.100.443: tcp 0
    14:31:12.007855 IP 10.194.51.101.62034 > 10.194.51.1.53: UDP, length 37
    14:31:12.007966 IP 10.194.51.1.53 > 10.194.51.101.62034: UDP, length 77
    14:31:12.021840 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:12.041874 IP 10.194.51.101.49732 > 216.58.219.238.443: tcp 0
    14:31:12.053521 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:12.115908 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:12.240982 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:12.293202 IP 10.194.51.101.49733 > 216.58.219.238.443: tcp 0
    14:31:12.490661 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:12.499305 IP 10.194.51.101.63626 > 157.56.144.215.3544: UDP, length 61
    14:31:12.640318 IP 10.194.51.101.49727 > 65.52.108.231.443: tcp 0
    14:31:12.913874 IP 10.194.51.101.49728 > 131.253.34.230.443: tcp 0
    14:31:12.987774 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:13.980615 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:14.645747 ARP, Request who-has 10.194.51.1 (00:1a:92:50:f7:ea) tell 10.194.51.101, length 46
    14:31:14.645761 ARP, Reply 10.194.51.1 is-at 00:1a:92:50:f7:ea, length 28
    14:31:15.043002 IP 10.194.51.101.49732 > 216.58.219.238.443: tcp 0
    14:31:15.294420 IP 10.194.51.101.49733 > 216.58.219.238.443: tcp 0
    14:31:15.360075 IP 10.194.51.101.55674 > 10.194.51.1.53: UDP, length 32
    14:31:15.498893 IP 10.194.51.1.53 > 10.194.51.101.55674: UDP, length 125
    14:31:15.518511 IP 10.194.51.101.54684 > 10.194.51.1.53: UDP, length 32
    14:31:15.518598 IP 10.194.51.1.53 > 10.194.51.101.54684: UDP, length 125
    14:31:15.521246 IP 10.194.51.101.49736 > 104.107.34.108.80: tcp 0
    14:31:15.657408 IP 10.194.51.101.49730 > 74.125.192.188.5228: tcp 0
    14:31:15.657424 IP 10.194.51.101.49729 > 173.194.122.241.443: tcp 0
    14:31:15.907943 IP 10.194.51.101.49731 > 173.194.122.241.443: tcp 0
    14:31:15.965520 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 1350
    14:31:16.022088 IP 10.194.51.101.62035 > 216.58.219.238.443: UDP, length 69
    14:31:18.520912 IP 10.194.51.101.49736 > 104.107.34.108.80: tcp 0
    14:31:18.907936 IP6 fe80::b0f3:617f:d41f:630b.58703 > ff02::c.1900: UDP, length 150
    14:31:19.747769 IP 10.194.51.101.49737 > 173.194.122.242.443: tcp 0
    14:31:20.145315 ARP, Request who-has 10.194.51.1 (00:1a:92:50:f7:ea) tell 10.194.51.101, length 46
    14:31:20.145328 ARP, Reply 10.194.51.1 is-at 00:1a:92:50:f7:ea, length 28
    14:31:20.307208 IP 10.194.51.101.56315 > 10.194.51.1.53: UDP, length 31
    14:31:20.403587 IP 10.194.51.1.53 > 10.194.51.101.56315: UDP, length 217
    14:31:20.404612 IP 10.194.51.101.49739 > 108.160.172.193.443: tcp 0
    14:31:21.000600 IP 10.194.51.101.49741 > 173.194.122.242.443: tcp 0
    14:31:21.044252 IP 10.194.51.101.49732 > 216.58.219.238.443: tcp 0
    14:31:21.101423 IP 10.194.51.101.49742 > 173.194.122.242.443: tcp 0
    14:31:21.202005 IP 10.194.51.101.49743 > 173.194.122.242.443: tcp 0
    14:31:21.294875 IP 10.194.51.101.49733 > 216.58.219.238.443: tcp 0
    14:31:21.336046 IP 10.194.51.101.49744 > 108.160.172.193.443: tcp 0
    14:31:21.344839 IP 10.194.51.101.49745 > 162.125.32.129.443: tcp 0
    14:31:21.451726 IP 10.194.51.101.65019 > 10.194.51.1.53: UDP, length 36
    14:31:21.575565 IP 10.194.51.101.65029 > 10.194.51.1.53: UDP, length 27
    14:31:21.598131 IP 10.194.51.1.53 > 10.194.51.101.65019: UDP, length 150
    14:31:21.602198 IP 10.194.51.101.49746 > 23.101.158.111.443: tcp 0
    14:31:21.704894 IP 10.194.51.1.53 > 10.194.51.101.65029: UDP, length 43
    14:31:21.706063 IP 10.194.51.101.65030 > 216.58.219.229.443: UDP, length 1350
    14:31:21.850610 IP 10.194.51.101.49747 > 204.79.197.213.443: tcp 0
    14:31:21.856359 IP 10.194.51.101.65030 > 216.58.219.229.443: UDP, length 1350



  • @johnpoz:

    But who made the nic, what motherboard??

    That is not a real mac address, and don't understand why it would be such odd setting.

    from an ipconfig /all what does it show?

    example

    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
      Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3

    I can lookup 180373

    That it shows such an odd mac does not bode well for being up to standards, etc.

    Guessing MSI ?
    https://forum-en.msi.com/index.php?topic=266441.0

    You really should fix that… Here is another thread that says they have multiple machines with the same mac.. Yeah putting more than 1 device with the same mac is going to make those devices not freaking work.
    https://forum-en.msi.com/index.php?topic=134964.0

    So for all we know the mac of pfsense opt1 interface has that same mac if your using the same hardware, etc..  What are the mac of the pfsense interfaces.. You can find them with a ifconfig Or look under status/ interfaces on the gui.

    I've attached the ipconfig all and the interfaces screen.  I believe the interfaces all have correct mac addresses and nothing out of the norm.  The motherboard is a MSI Z77-GD55.  I will follow those instructions for the motherboard and see if I can get that fixed.  As far as I can tell it's the only one that has that, it's also the only MSI product I have.






  • Check your BIOS settings, some BIOSes allow setting of the MAC address of the integrated NIC to whatever you desire.



  • @kpa:

    Check your BIOS settings, some BIOSes allow setting of the MAC address of the integrated NIC to whatever you desire.

    Unfortunately no go on that one - it actually says the factory mac address is the 88:88:88 etc in there.  It looks like the link - https://forum-en.msi.com/index.php?topic=266441.0 - johnpoz posted has a tutorial from MSI on how to fix that.  I don't have any conflicting mac's though so that shouldn't be my issue and this computer works fine on LAN1.  I'll definitely get it fixed tonight though, headed to a wedding in a moment so I can't play with it right now.


  • Rebel Alliance Global Moderator

    So where you pinging when you sniffed… I don't see any pings..

    But what I see is you asked pfsense for some dns query, and looks like you got an answer

    4:31:20.307208 IP 10.194.51.101.56315 > 10.194.51.1.53: UDP, length 31
    14:31:20.403587 IP 10.194.51.1.53 > 10.194.51.101.56315: UDP, length 217

    And I see your client sending lots of other requests, but nothing going out the wan to those IPs.

    Get a running ping going with -t

    ping 8.8.8.8 -t

    Then sniff on wan, with full details for ICMP and only your IP address that .101 machine that your having problems with.

    You should get something like attached.  You will want to validate that your machine is actually sending to pfsense correct mac..  And with that ping still running run a sniff on wan, put in the 8.8.8.8 for host.. Do you see any pings going out??  If not then pfsense is not sending them or sending out some other interface.

    Your other option is to open up 2 ssh connections to pfsense and get your sniffs going with tcpdump and then get your ping going..

    So see my second screen pic.  So I run tcpdmp not resolve -n, interface -i mylanint host 8.8.8.8

    In the other connection I run same command but with my wan interface.  You will notice this is how it would look in working connection..  I send a ping to 8.8.8.8, pfsense sees it on its lan.  Then a few some microseconds later you see that go out my wan, but from my wan IP..






  • Johnpoz,

    I may have done this incorrectly but when I did it set on WAN I got zero results in there.  Screen just came up blank for packets captured.  I did change the interface to opt1 and was able to get results while the ping was going.  I've attached that screenshot.

    Also if it matters at all when I switch the ethernet cable on this rig from the opt1 interface back to my lan1 network this computer has zero issues so I don't think it's a problem with that if we are looking into that at all.

    Thanks again and let me know if I need to change something with the test.



  • Rebel Alliance Global Moderator

    Ok so pfsense is seeing the ping.. But for some reason it isn't going anywhere, or atleast not out the wan.  Maybe its sending it somewhere else?  My guess is it want to send it out your PIA interface, but no nat for that, etc.

    What is the routes on pfsense?  And you could sniff on that interface to see if the pings our going out that way.



  • Ok so I did the packet capture on the PIA interface and the openvpnclient and both came back with results when the ping was going.  I'm not completely sure but I'm guessing because that is happening something is routing the 10.194.51.1 through the VPN somehow which is not what I want, I just want this one to be clear internet.  The 10.194.50.1 is the VPN and it has been working fine for a few weeks. I've attached those screen shots as well as the routes.  I've made no changes to the routes so maybe that is causing me issues?











  • Rebel Alliance Global Moderator

    Looks like you grabbed the routes from you vpn connection.. see that 0.0.0.0/1 route – on your vpn client connection disable grabbing your routes




  • Johnpoz that fixed it.  I appreciate all the back and forth and working with me.  Thanks again.


  • Rebel Alliance Global Moderator

    NP glad you got it sorted.