Wiki

User Tools

Site Tools

Trace:
pfsense:troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:troubleshooting [2020/04/22 10:43] peterpfsense:troubleshooting [2021/02/19 09:59] (current) peter
Line 1: Line 1:
 ====== PFSense - Troubleshooting ====== ====== PFSense - Troubleshooting ======
  
-[[PFSense:Troubleshooting:Firewall Blocking an Internal Address|Firewall Blocking an Internal Address]]+[[PFSense:Troubleshooting:Amazon app reports "Ooops, an error has occurred"|Amazon app reports "Ooops, an error has occurred"]]
  
-[[PFSense:Troubleshooting:SSL_ERROR_RX_RECORD_TOO_LONG|SSL_ERROR_RX_RECORD_TOO_LONG]]+[[PFSense:Troubleshooting:Crash Report|Crash Report]]
  
-----+[[PFSense:Troubleshooting:Disk usage increasing|Disk usage increasing]]
  
-===== PFSENSE BEHIND A ROUTER =====+[[PFSense:Troubleshooting:Firewall Blocking an Internal Address|Firewall Blocking an Internal Address]]
  
-Fromhttp://hakology.co.uk/2014/02/pfsense-behind-a-router/ +[[PFSense:Troubleshooting:mbuf full|mbuf full]]
  
-<code> +[[PFSense:Troubleshooting:PfSense is restoring the configuration|PfSense is restoring the configuration]]
-Can pfsense ping router – NO WAN config error +
-Can pfsense ping pfsense client – NO – LAN config error / Client firewall +
-Can pfsense client ping pfsense – NO – LAN config error / Client firewall +
-Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error +
-Can pfsense client ping router – NO – NAT error +
-Can pfsense client ping 8.8.8.8 – NO – NAT error / ADSL / CABLE config error +
-Can pfsense client ping 8.8.8.8 – YES – All good +
-Can pfsense client load a website – NO – DNS Error – Check everything above is OK +
-Can pfsense client load a website – YES – Everything is working +
-</code>+
  
 +[[PFSense:Troubleshooting:SSL_ERROR_RX_RECORD_TOO_LONG|SSL_ERROR_RX_RECORD_TOO_LONG]]
  
-----+[[PFSense:Troubleshooting:Tuning and Troubleshooting Network Cards|Tuning and Troubleshooting Network Cards]]
  
-----+[[PFSense:Troubleshooting:OpenVPN Client Common Name shows as UNDEF|OpenVPN Client Common Name shows as UNDEF]]
  
-===== SSL_ERROR_RX_RECORD_TOO_LONG =====+[[PFSense:Troubleshooting:Out of disk space on /var/run|Out of disk space on /var/run]]
  
-Getting the error **SSL_ERROR_RX_RECORD_TOO_LONG** when attempting to access multiple different sites, sometimes goes away with refresh but sometimes persists. 
  
-{{:pfsense:pfsense_ssl_error_rx_record_too_long.png?800|}} 
  
-Usually when using Squid option of **Splice All** for SSL/MITM Mode. 
  
-Can't connect to 192.168.1.1:443 (certificate verify failed) 
  
-<code> +----
-SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 50. +
-</code>+
  
-Check:+===== PFSENSE BEHIND A ROUTER =====
  
-<code bash> +From: http://hakology.co.uk/2014/02/pfsense-behind-a-router
-openssl s_client -connect 192.168.1.1:443 +
-</code>+
  
-returns: +<code> 
- +Can pfsense ping router – NO - WAN config error. 
-<code bash+Can pfsense ping pfsense client – NO – LAN config error / Client firewall. 
-... +Can pfsense client ping pfsense – NO – LAN config error / Client firewall
-Verify return code: 21 (unable to verify the first certificate) +Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error. 
-...+Can pfsense client ping router – NO – NAT error. 
 +Can pfsense client ping 8.8.8.8 – NO – NAT error / ADSL / CABLE config error. 
 +Can pfsense client ping 8.8.8.8 – YES – All good. 
 +Can pfsense client load a website – NO – DNS Error – Check everything above is OK. 
 +Can pfsense client load a website – YES – Everything is working.
 </code> </code>
  
 +If you are having issue make sure you disable any firewalls you have running on the pfsense client boxes … once you have your network configured you can enable them later.
  
 +----
  
-==== Solution ==== 
- 
- 
-  * **Servicess -> SquidGuard Proxy Filter -> Common ACL -> ALL to allow** 
- 
-  * May need to refresh the browser cache: 
-    * CTRL F5 
-    * CTRL+SHIFT+r 
-    * SHIFT+reload button  
- 
-  * Might need to turn off support for the newest and most secure connection protocol, TLS 1.3. 
-    * In Firefox 
-      * Type **about:config** in the address bar and press Enter/Return. 
-      * In the search box above the list, type **TLS**. 
-      * Double-click the **security.tls.version.max** preference to display a dialog where you can edit the value from 4 to 3 (or in other words, from TLS 1.3 to TLS 1.2). 
-      * Then click **OK**. 
- 
----- 
  
pfsense/troubleshooting.1587552230.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki