Re: [pfSense] pfSense 2.4 Sporadic Routing Issues
Just for the archives, setting up totally new VMs seems to have fixed it. Looking at the difference between the old and new VMs, the only change that caught my eye was that the old VMs were set to dynamically allocate memory, where as the new ones have a fixed memory size. Thanks, Andrew Kester The Storehouse https://sthse.co On 12/16/2017 12:38 PM, Andrew Kester wrote: > Looking through the mailing list, I disabled Firewall Scrub (System > > Advanced > Firewall & NAT) per the "pfSense 2.4 consistently crashes > daily" thread, but I'm still having issues. > > When the nodes go offline, there aren't any kernel messages in the > console that would indicate a panic or similar. The log files just stop > at that time, there are no entries that indicate issues. > > I'm at a loss for what troubleshooting I should try short of a complete > re-install. Any help is greatly appreciated. > > Thanks, > > Andrew Kester > The Storehouse > https://sthse.co > > On 12/01/2017 07:20 PM, Andrew Kester wrote: >> >> Hi List- >> >> I'm having some issues with a pfSense 2.4.2 installed on a VM in Proxmox >> VE. I've kinda run into a stumper for me, and I'm not really sure where >> to start looking. >> >> Basically, the router will stop routing traffic at times and requires a >> restart. The node is still "up," I think, because VPN clients are able >> to connect (although they can't reach anything) and CARP doesn't fail >> over to the second router. The Zabbix agent on the node becomes >> unresponsive along with pings on all interfaces though. >> >> I don't think it's an issue with CARP, since CARP fails over correctly >> in all other instances and once the node is powered off, failover occurs >> immediately. >> >> This has occurred a number of times, all around 12:50 - 1:15 in the >> morning local time. Nodes do not run Snort and backups scheduled for >> that time complete well before the node goes offline. Dates seem >> random, no rhyme or reason on which days it actually occurs. >> >> I've also changed which physical node the router runs on and how the >> disk is stored, to try and isolate if it's an issue with PVE, but the >> issue remains. >> >> I have all the logs from the machine, and have local monitoring that >> records various network / service errors on applications running on the >> network during the failures, I'm happy to send along whatever would be >> helpful, I'm just not sure where to start looking :/ >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Open ports with OpenVPN tunnel
Hi, Its the rules that are under the heading "Additional steps to route WAN through tunnel" at the bottom of this page: https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/ Regards Antonio Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 01/01/2018 21:50, Chris L ha scritto: > What are the Firewall > Rules on your OpenVPN tab and the OpenVPN assigned > interface tab for the ExpressVPN connection? > > >> On Jan 1, 2018, at 1:48 PM, Antonio wrote: >> >> Hi, >> >> I recently managed to get pfSense to run a OpenVPN connection with my VPN >> provider (ExpressVPN). All traffic is routed through this VPN tunnel via my >> pfSense device. >> >> I randomly use ShieldsUp to test my ports and see if they are dropping >> requests. All fine when the VPN tunnel is down. I then ran the ShieldsUp >> (https://www.grc.com/x/ne.dll?bh0bkyd2) >> test when the VPN tunnel was up and to my surprise I found that when I run >> the ShieldUp against the IP i get off "What my IP" (which presumably is the >> IP of the VPN server which I'm connecting to) there are a few open ports: >> 80, 81, 443. >> >> I' assuming that as these are the open ports of the VPN server that is >> allowing me to connect, its not reflecting the configuration of OpenVPN on >> my pfSense device, correct? Apologies, this may be a bit OT but I thought I >> would check that its not a pfSense related issue before I knock on >> ExpressVPN's door. Presumably, this is the way OpenVPN works ... >> >> >> Regards >> >> -- >> >> >> Respect your privacy and that of others, don't give your data to big >> corporations. >> Use alternatives like Signal (https://whispersystems.org/) for your >> messaging or >> Diaspora* (https://joindiaspora.com/) for your social networking. >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Open ports with OpenVPN tunnel
What are the Firewall > Rules on your OpenVPN tab and the OpenVPN assigned interface tab for the ExpressVPN connection? > On Jan 1, 2018, at 1:48 PM, Antonio wrote: > > Hi, > > I recently managed to get pfSense to run a OpenVPN connection with my VPN > provider (ExpressVPN). All traffic is routed through this VPN tunnel via my > pfSense device. > > I randomly use ShieldsUp to test my ports and see if they are dropping > requests. All fine when the VPN tunnel is down. I then ran the ShieldsUp > (https://www.grc.com/x/ne.dll?bh0bkyd2) > test when the VPN tunnel was up and to my surprise I found that when I run > the ShieldUp against the IP i get off "What my IP" (which presumably is the > IP of the VPN server which I'm connecting to) there are a few open ports: > 80, 81, 443. > > I' assuming that as these are the open ports of the VPN server that is > allowing me to connect, its not reflecting the configuration of OpenVPN on my > pfSense device, correct? Apologies, this may be a bit OT but I thought I > would check that its not a pfSense related issue before I knock on > ExpressVPN's door. Presumably, this is the way OpenVPN works ... > > > Regards > > -- > > > Respect your privacy and that of others, don't give your data to big > corporations. > Use alternatives like Signal (https://whispersystems.org/) for your messaging > or > Diaspora* (https://joindiaspora.com/) for your social networking. > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Open ports with OpenVPN tunnel
Hi, I recently managed to get pfSense to run a OpenVPN connection with my VPN provider (ExpressVPN). All traffic is routed through this VPN tunnel via my pfSense device. I randomly use ShieldsUp to test my ports and see if they are dropping requests. All fine when the VPN tunnel is down. I then ran the ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2) test when the VPN tunnel was up and to my surprise I found that when I run the ShieldUp against the IP i get off "What my IP" (which presumably is the IP of the VPN server which I'm connecting to) there are a few open ports: 80, 81, 443. I' assuming that as these are the open ports of the VPN server that is allowing me to connect, its not reflecting the configuration of OpenVPN on my pfSense device, correct? Apologies, this may be a bit OT but I thought I would check that its not a pfSense related issue before I knock on ExpressVPN's door. Presumably, this is the way OpenVPN works ... Regards -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Open ports with OpenVPN tunnel
On Jan 1, 2018, at 2:35 PM, Antonio wrote: > > Hi, > > Its the rules that are under the heading "Additional steps to route WAN > through tunnel" at the bottom of this page: > > https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/ > > Regards > > Antonio > OK those are not rules on OpenVPN or the assigned interface tabs. You are probably seeing something at the OpenVPN provider responding when you test from shields up. To be certain you should packet capture on the OpenVPN interface and see if the traffic to 80, 81, 443 actually arrives at your location and is responded to. That is highly doubtful. For an OpenVPN provider connection, which is essentially a WAN connection, you should have no rules (which is a default deny all) on the OpenVPN tab or the assigned interface tab. > Il 01/01/2018 21:50, Chris L ha scritto: >> What are the Firewall > Rules on your OpenVPN tab and the OpenVPN assigned >> interface tab for the ExpressVPN connection? >> >> >>> On Jan 1, 2018, at 1:48 PM, Antonio wrote: >>> >>> Hi, >>> >>> I recently managed to get pfSense to run a OpenVPN connection with my VPN >>> provider (ExpressVPN). All traffic is routed through this VPN tunnel via my >>> pfSense device. >>> >>> I randomly use ShieldsUp to test my ports and see if they are dropping >>> requests. All fine when the VPN tunnel is down. I then ran the ShieldsUp >>> (https://www.grc.com/x/ne.dll?bh0bkyd2) >>> test when the VPN tunnel was up and to my surprise I found that when I run >>> the ShieldUp against the IP i get off "What my IP" (which presumably is the >>> IP of the VPN server which I'm connecting to) there are a few open ports: >>> 80, 81, 443. >>> >>> I' assuming that as these are the open ports of the VPN server that is >>> allowing me to connect, its not reflecting the configuration of OpenVPN on >>> my pfSense device, correct? Apologies, this may be a bit OT but I thought I >>> would check that its not a pfSense related issue before I knock on >>> ExpressVPN's door. Presumably, this is the way OpenVPN works ... >>> >>> >>> Regards >>> >>> -- >>> >>> >>> Respect your privacy and that of others, don't give your data to big >>> corporations. >>> Use alternatives like Signal (https://whispersystems.org/) for your >>> messaging or >>> Diaspora* (https://joindiaspora.com/) for your social networking. >>> >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
