I hate asking questions like this, because I always worry I missed something simple.
I have, several times, setup a simple pfSense install, and every time something in pfSense steps in and kills the sending of attachments in GMail over a certain size (~400k+). Now, to head off the “pfSense can’t do that” comments, yes it can. I have the same issue on a base install, on an install with or without Suricata/Snort, with or without Squid, etc… However, I have never had this problem (on the exact same box on the same network with the same attachment(s)) with Untangle, OPNSense, ipFire, Sophos, Meraki MX, etc…
There must be a simple switch I am missing somewhere, but it is driving me up the wall. I really want to swing a lot of sites over to pfSense but this is a deal breaker.
Any concrete advice would be greatly appreciated. This issue seems to have been around for awhile, but the fixes seem to be extremely varied (depending on version).
This is a very broad question with too many variables. I would suggest to first look through all your logs. If no luck there, I would then provide details on your specific setup including what packages you have installed. I know for a fact that Squid, pfblocker, and Suricata or Snort can all play a role in this problem you are having.
For basic troubleshooting, uninstall all packages (ensure you have deselected “remember package settings” during the uninstall) and with a clean pfSense install try to upload your attachment. If it fails, its likely a setting with pfSense itself (DNS, Gateway, NAT, etc). If its successful then move to the next step. One by one enable and configure a package you want installed and resend the attachment. If it fails after you’ve configured a package then at least you have narrowed down your issue. Then come back and ask a more specific question for help on.
Thanks for the replies. It doesn’t matter which client on the network that I use, same result.
For instance, on the phone, I can try sending, it fails; then, turn off WiFi, re-send, no problems.
This is with a base install, after the first install I added all the usual packages, discovered this problem, then assumed I caused it with a bad configuration. So I re-installed with no extra packages at all. Same result. It is baffling.
Seriously though, your set up is quite vague and several things could be the cause. What’s your WAN set up? Have you tried this scenario with another provider? (Live, Hotmail, Yahoo, etc) Do you have any firewall rules?
Clean installs still don’t say much as they can vary a bit.
I understand you all are assuming end user. Fair enough. I shall break it down further…
This issue is repeatable, it is based on a stock install. Stock as in, nothing added or removed except for the information needed to employ a very basic network schema. No firewall rules added, no packages added, no defaults changed, no VLANs setup.
Internal network is as simple as it gets. Basic 192.168.1.0/24, internal DNS already running and used every minute of every day. WAN port is simple DHCP setup. No port forwards, no DMZ.
Have I tried it with other webmail providers? No. The other providers are of no consequence. By logging into any GMail account (public or GSuite) and composing an email (addressee doesn’t matter, nor does the service which that person is using) that includes an attachment of size larger than roughly 100k (format of file also does not matter). Upon hitting send, it reacts as normal and appears to be uploading the attachment. The progress bar gets to approx 50% and just sits there, then you get the try again type error. The only variation, which I assume is associated with this problem, is that sometimes it would appear the entire connection gets cut (the SSL to GMail) and the session expires and on those instances you get the banner error which is like “oops, something happened… try again later.”
The network running this setup is Meraki all the way through. The pfSense install is plugged into a Meraki switch and the cable modem. As simple as it gets.
Well, honestly I wasn’t Assuming anything. It seems you are however.
If you have No firewall rules, than you shouldn’t get internet at all, as by default, pfSense denies everything. So, you must have ‘some’ rules. As long as there’s a Pass All on the LAN than it’s fine.
Saying that trying other providers is of no consequence is quite presumptuous imho. It would rule out several things, but I’m not presuming anything, remember.
It seems you already have insight as to your problem, the connection timing out, which was my assertion initially, however this is troubleshooting, so we step through things.
If all you’re after is checkboxes to try, than I’d try the following. If you’re after more, than by all mean, please ask, however we’re not all knuckleheads here.
System > Advanced > Firewall & Nat > IP Do-Not-Fragment compatibility : Checked System > Advanced > Firewall & Nat > Firewall Optimization Options : Conservative
When I stated “no firewall rules added” it meant that nothing other than the default install, which, by default allows a normal connection.
My exasperation is not intended as a shotgun blast towards everyone. It is only shear stubbornness that has kept me looking into this, as the loudest people on many of the main forums which discuss pfSense are colossal asshats who exist solely to pick a fight.
I will check your checkboxes in just a moment, I appreciate the suggestion. It is the only concrete tip I have come across.
I think many of us have been to the point of sheer exasperation, it’s part of tech life, it’s one reason I quit windows app programming in the 90’s. I do understand there are many forums out there that serve only to irritate people, however I find giving anywhere new I try a chance at first. I always find the adage, you kill more flies with honey than vinegar, fairly apt with things in life, and on occasion you’ll find a few good people even on the irritating forums.
Hopefully one or both of my suggestions from before works for you; and don’t feel special, as years back I asked a question ‘over there’ and received no help, when I posted the answer I was met with an arrogant response.
