Re: [pfSense] Bridging to wireless interface issues (ping not working) on 2.3.2

Wed, 14 Sep 2016 08:20:15 -0700 

Hi Moshe,
192.168.9.0/24 is the local LAN, 10.0.9.2 is the near VPN Tunnel end, 10.0.9.1 is the remote VPN tunnel end and 192.168.10.0/24 is the remote LAN. 

Best,
Raimund


Ray,

Can you clarify which IP range is assigned where?

We can make an educated guess based on the information you provided, 
but

it's always better to have confirmation.


Moshe

--
Moshe Katz
-- moshe at ymkatz.net
-- +1(301)867-3732

On Thu, Sep 8, 2016 at 6:06 AM, Ray <ray at renegade.zapto.org> wrote:

> Hi,
>
> I'm running a few ALIX 2D13s with pfsense 2.3.2.
>
> All of them have a bridge configured which incorporates two of the
> Ethernet interfaces and a Wireless interface (some Atheros card).
>
> Apart from that there is an OpenVPN client on each box to connect
> satellite sites.
>
> There is something weird with the bridge which I would like to understand:
>
> When I connect my laptop to one of the Ethernet ports, I get a correct IP
> from the DHCP server on pfsense and can immediatley ping all the other
> machines at other sites. The Ping echo enters through the Ethernet
> interface into the bridge, from there it's forwarded into the tunnel. The
> echo reply comes back through the tunnel and from there via the
> bridge/Ethernet interface to my laptop, all sweet and as expected:
>
> Here's a tcpdump (while connected via Ethernet) of three consecutive pings
> (separated by empty lines) on the ovpnc1 interface:
>
> # tcpdump -n -i ovpnc1 icmp and host 192.168.10.236
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535
> bytes
> 09:49:56.816755 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
> 16470, seq 6, length 64
> 09:49:56.917771 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
> 16470, seq 6, length 64
>
> 09:50:01.817050 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
> 16470, seq 7, length 64
> 09:50:01.949133 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
> 16470, seq 7, length 64
>
> 09:50:06.817352 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
> 16470, seq 8, length 64
> 09:50:06.951798 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
> 16470, seq 8, length 64
>
> ... works just as nice on the bridge0 interface:
>
> # tcpdump -n -i bridge0 icmp and host 192.168.10.236
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 09:51:11.820663 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
> 16470, seq 21, length 64
> 09:51:11.909411 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
> 16470, seq 21, length 64
>
> 09:51:16.820863 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
> 16470, seq 22, length 64
> 09:51:16.918607 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
> 16470, seq 22, length 64
>
> 09:51:21.821359 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id
> 16470, seq 23, length 64
> 09:51:21.915379 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id
> 16470, seq 23, length 64
>
>
> When I change the laptop's connection from Ethernet to Wireless, however,
> the same pings no longer work:
>
> ovpnc1 interface:
>
> # tcpdump -n -i ovpnc1 icmp and host 192.168.10.236
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535
> bytes
> 09:54:58.725486 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
> 20822, seq 14, length 64
> 09:54:58.865643 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id
> 20822, seq 14, length 64
> 09:54:58.865735 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25
> unreachable, length 36
>
> 09:55:03.726189 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
> 20822, seq 15, length 64
> 09:55:03.816001 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id
> 20822, seq 15, length 64
> 09:55:03.816097 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25
> unreachable, length 36
>
> 09:55:08.726661 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
> 20822, seq 16, length 64
> 09:55:08.819202 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id
> 20822, seq 16, length 64
> 09:55:08.819296 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25
> unreachable, length 36
>
> bridge0 interface:
>
> # tcpdump -n -i bridge0 icmp and host 192.168.10.236
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 09:53:53.716169 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
> 20822, seq 1, length 64
>
> 09:53:58.716987 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
> 20822, seq 2, length 64
>
> 09:54:03.717813 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id
> 20822, seq 3, length 64
>
> There is something going wrong inside the bridge with the WLAN interface,
> it seems, but I can't figure out what this might be. The bridge setup is
> super simple, no advances settings, just selected the three interfaces,
> that's all.
>
> BTW: The firewalle rules for the tunnel interface and the bridge are
> completely open.
>
> Can someone here please, please give me a pointer on this? I'm seriously
> losing sleep.
>
> Cheers,
> Ray


_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold














    











					Reply via email to