Join Log in
Score:0
maar avatar Server

PfSense FreeBSD on OVH Public Instance - no internet connection

gb flag
maar

I have no internet connectivity in freshly installed PfSense system.
Steps:

  1. I've created OVH instance with Ubuntu and I mounted mfsbsd image.
  2. After booting to mfsbsd there was also internet problem. Couldn't download anything or ping at all.
  3. I copied PfSense image through SSH using local network.
  4. I installed PfSense with UFS BIOS option.
  5. Using OVH console I can see that PfSense booted properly after restart. I configured also reverse proxy on nginx using other server in the same local network (http://192.168.10.22/ --> https://pfsense.domain.com/). After that I can reach GUI through pfsense.domain.com URL, but there's an error after logging in and I can't do anything in UI:

An HTTP_REFERER was detected other than what is defined in System > Advanced (https://pfsense.domain.com/). If not needed, this check can be disabled in System > Advanced > Admin Access.

  1. After logging in to PfSense server using console I noticed that there's also network connectivity problem.
  2. Some outputs:
[2.5.2-RELEASE][[email protected]]/root: ifconfig
    vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
            ether xx:xx:xx:xx:xx:xx
            inet6 xxxx::xxxx:xxxx:xxxx:xxxx%vtnet0 prefixlen 64 scopeid 0x1
            inet 123.123.123.123 netmask 0xffffffff broadcast 123.123.123.123
            media: Ethernet 10Gbase-T <full-duplex>
            status: active
            nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
    vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
            ether xx:xx:xx:xx:xx:xx
            inet6 xxxx::xxxx:xxxx:xxxx:xxxx%vtnet1 prefixlen 64 scopeid 0x2
            inet 192.168.10.22 netmask 0xffffff00 broadcast 192.168.10.255
            media: Ethernet 10Gbase-T <full-duplex>
            status: active
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    enc0: flags=0<> metric 0 mtu 1536
            groups: enc
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
            options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
            inet 127.0.0.1 netmask 0xff000000
            groups: lo
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    pflog0: flags=100<PROMISC> metric 0 mtu 33160
            groups: pflog
    pfsync0: flags=0<> metric 0 mtu 1500
            groups: pfsync

[2.5.2-RELEASE][[email protected]]/root: netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
123.123.123.123    link#1             UHS         lo0
123.123.123.123/32 link#1             U        vtnet0
127.0.0.1          link#4             UH          lo0
192.168.10.0/24    link#2             U        vtnet1
192.168.10.22      link#2             UHS         lo0
213.186.33.99      xx:xx:xx:xx:xx:xx  UHS      vtnet0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::1                               link#4                        UH          lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::xxxx:xxxx:xxxx:xxxx%vtnet0  link#1                        UHS         lo0
fe80::%vtnet1/64                  link#2                        U        vtnet1
fe80::xxxx:xxxx:xxxx:xxxx%vtnet1  link#2                        UHS         lo0
fe80::%lo0/64                     link#4                        U           lo0
fe80::1%lo0                       link#4                        UHS         lo0

[2.5.2-RELEASE][[email protected]]/root: ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host

[2.5.2-RELEASE][[email protected]]/root: ping serverfault.com
ping: cannot resolve serverfault.com: Host name lookup failure
  1. I checked /etc/defaults/rc.conf and options defaultrouter and gateway_enable were set to NO. I changed them to YES, but It didn't help after rebooting.
292
1 + 0
Score:0
maar avatar Server
gb flag
maar

Problem is resolved:

  • I created OpenVPN tunnel in OVH server,
  • After connecting to the OpenVPN network I opened the PFSense GUI using private IP address and I was able to disable HTTP_REFERER.
    I couldn't figure it out how to disable it from cli.
  • From GUI I added OVH Gateway IP address to WAN interface and the connectivity has started working. It's under Interface -> WAN-> IPv4 Upstream gateway.
    I was trying to do the same by changing default routing in FreeBSD OS using cli, but it didn't want to work.
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.