Ok so my remote site with the PfSense 6100 went offline about 2 days ago. The system has been onl ine with this new Pfsense and network really for approx. 7 months. The last few weeks we have momentary drops, we use Spectrum for our ISP and they are notorious for being unreliable. Anyway so since my VPN was not an option, I had a staff person, power cycle the modem and no luck, then asked them to plug their laptop into the modem and they pulled an IP and had Internet access, funny thing was I was unable to remote connect to their PC while connected directly to the modem. I then had them hotspot their phone to the laptop and connect to the LAN thru a network cable. I remoted into their PC and gained access to the 6100. There was no WAN IP address and in the logs I was seeing a sendto error 64 under the service pinger I tihnk it was called and under gateways it had the external DHCP IP then under RTT it says Pending, RTTsd - Pending and Status Pending. Management is convinced its our hardware, but I’m convinced its Spectrum and their modem and blocking us thru the Mac address possibly.
When I called for support at Spectrum the first time they said they are on issues in your area and they would reboot the modem, obviously nothing worked. So after some time I called again and this time, it said based on your account info, they are outages in the area that are affecting services. So here we are today , still down and sorry this is so long winded but I really need some troubleshooting guidance cause I can’t rule out a possible issue with Pfsesne but I have to prove its on their end because I am not a believer on client issues when it comes to Internet outages, things normally just don’t break on the client side but have to be optimistic too. What logs should I be focusing on? Should I mask the MAC address and put anything in there? Thank you.
A wild guess is that they have blocked the MAC address of your pfsense. You can change that and here is a reddit post that sounds similar
Thank you Tom, I actually have one of the staff going to get me hotspotted and I’ve recorded one of my no longer used Sophos firewall MAC addresses that I am going to try. I am also waiting on their response as I have asked what the LEDs look like on the Pfsense. Appreciate your response.
So the staff person has stated that regarding the LEDS, the diamond is blinking blue and no other LEDS are on. Hmm that can’t be good, unless having no WAN IP creates this condition, but I would have thought the circle should be solid blue.
Ok so the MAC mask didnt work, still showing “No Carrier” on WAN interface.
Just a guess, but it’s the cable modem or the cable service. 75% cable service.
Do they have any ports open for services to be used from the outside world? If they don’t need to have anything connecting in from the outside, I’d look at a 5g cellular business plan, both T Mobile and Verizon have a $50 per month plan that you could use as a back up. T Mobile has smaller plans for less money if you really only need it for backup remote connections. Just be aware that T Mobile is CGNAT except for some business plans, I assume Verizon will be the same. The only problem with cellular might be VoIP and that would depend on your connection. I’d talk to their business divisions and see what they might offer.
Then you could set up pfsense for a failover or load share with both connections, at least until you get tired of dealing with Spectrum, and if the cellular is doing what they need.
My home internet was constantly doing the same with Spectrum. And since you need to jump through hoops on their webpage before you can even call anyone, it just got to be too much of a hassle. Got in a fight with the CSR on the phone when we cancelled, they kept trying to string us along and keep their service when I had already been running T Mobile for a month and decided it would do what we need at home. I could go on with our Spectrum issues, we fought it for over a year because nothing else was in our area.
Yes we are in the same boat with Spectrum, kind of limited but we are looking into a secondary connection. Luckily no real servcies outgoing so thats a plus but we did a few tests with a laptop and did get internet however unable to remote into that PC although it had internet and Spectrum has now said they couldn’t see the laptop connected nor can they see our 6100 so something seems wrong with that modem ethernet port. I guess they had some guy stop by and he was like oh its your firewall, and I’m thinking how do you determine its the firewall looking at the cabling, especially since its ran for 7 months with no outages that were for any amount of time. PS yes its a cable modem.
Ok so I had them plug the network into WAN2 and enabled DHCP and this interface came up but I can’t assign ix2 to WAN and ix3 to WAN2, keeps adding ix3 to both. must be a faulty piece of hardware. And to add to the list Spectrum installed a new modem and installed a router because we now have a static IP so not only am I dealing with an interface that no longer works but now I have to figure out how I get a static ip to work behind a router. Spectrum provided me with the static info but its completely different from the information the techscreen shot for me. WTF. And trying to make changes thru a hotspot phone is brutal, 20 minutes of work has taken almost 3 hours due to lag.
Basically a small diagram of what the setup currently now looks like.
Looks like you may need to make a trip. If you do, I’d bring a pre-configured firewall with me for testing. Do the 6100’s use a card based NIC or soldered to the board?
That Spectrum router is no needed, pfsense should be able to do everything that router is doing. Else you need to put it in bridge mode and pass the IP through to pfsense.
I ended up just bringing up WAN2 on ix2, configured our static IP information and have all their services back and running. I did however put in a support ticket to Netgate because it may very well be a hardware issue going on. I tried simply to assign ix2 to WAN but it kept failing to apply, gave up and just added my WAN rules and off to the races, hopefully I didnt miss anything in change.
So far I have run into one problem and that is staff are having frequesnt VPN issues now when connecting back and I know its because of this Spectrum router that was put in place, pretty surte we are now double natting, any suggestions?
Investigate that modem and see if you can remove the Spectrum router, I’m guessing that you can make all the settings needed in your pfsense to replace that router.
sorry I am new to this FORUM! I love the Videos. But my question is I am having an issue with my ISP router/firewall both in one and they have me using a dynamic IP how would I setup pfsense to use my ISP dynamic IP? or do I have to get a static from my ISP so that pfsense get online?
You first need to set the isp router into bridge mode. Pfsense will then pick up the dhcp wan address.
I did this but it sits at 0.0.0.0 idk why would have anything to do with the switch that is not really setup its just in default???
Once again I am in the same boat, so yesterday around 3pm their internet dropped. I did see that Spectrum was down in parts of Texas so chaulked it up to once again their system. Here we are the next day, their system has not recovered so just waiting for the staff to get into the office to help me troubleshoot, with me in Canada and their office in Texas its going to be another stressful day trying to figure out whats wrong now with either pfsense or the ISP hardware on site. 4 months ago, similar issues.