iOT Devices not reconnecting properly
IOT Devices of different manufacturers all seem to have this problem and while the problem is being experienced I would eliminate variables to pinpoint the cause and it all points to PfSense for some reason. I've listed the Variables eliminated and things tried to prove it was PFSense causing the issue.
(Checked logs for obvious)
WiFi Access point changed to different brand. (Unifi to TP-Link Omada)
IOT Device state is fresh to eliminate device is the problem
IOT Device firmware up to date
IOT Device server is not down at the time of issue
IOT Device reboot does not correct the issue
IOT Device CAN be contacted on local LAN and across Subnets by client-PC. (Phone app can control locally when on same Subnet)
IOT While this device is failing to connect to its home server on the internet, an identical device can connect no problem to the same home servers (IP's compared and are the same).
IOT Device has a long history of working reliablly without PFSense, (Just off the shelf TP-Link style for testing purposes)
We tried a standard PfSense box without any sort of PfBlocker / Snort rules applied.
The only thing that resolves it, is to use an "off the shelf router" and it will connect flawlessly all the time. (Tested over 3 months)
(Probably because these are notoriously insecure and full of bugs)
Traffic sniffed from this router and from PfSense is the same when it's working.
If I have the traffic from the "Off the shelf" router going through PfSense and allow that secondary router to have no restrictions in a double-NAT situation, the traffic still won't pass on the one or two devices failing to connect. If I use that "off the shelf" router as the sole router without PfSense it will not fail at all in the 3 months.
The only devices that don't seem to ever have an issue are Google Home assistants and Google Nest Products. These ALWAYS can connect even when other IOT devices fail.
An easy way I figured out to test this is when the device fails, shut down the WiFi and use Mobile Hotspot on your phone to emulate the same WiFi SSID and have it connect through your phone. Works instantly. Fails instantly when PfSense routed WiFi returns.
Another odd thing is it can be any device, and that same device being untouched can reconnect days later on its own with nothing changed.
I've tried more Conservative States in the state table and I tried forcing traffic with rules based on where the device is trying to connect to and that doesn't work either. I also tried a different ISP with the same setup as where it fails normally. Same problem. And I tried a fresh PfSense box with just basic rules and it will fail again.
Hope all this information helps pin down this pesky bug.
Why this is important to fix:
I use Netgate appliances or at the very least client-provided community version at large homes FULL of home automation in their homes, so having them on a properly segregated subnet is SUPER important. PfSense makes this a joy to setup so I'd like to get it fixed if we can figure it out.
Updated by Steven Cedrone 2 months ago
I forgot to mention we also tested this with a Sony TV (1 year old and up to date Firmware) on an ethernet connection and this device will be able to be controlled most of the time but will encounter behaviour above as well and it doesn't rely on WiFi.
Google will tell me the device is not available to be controlled.
Can contact it on local network and TV has internet access as verified with Netflix app.
2 Days later, TV can now be controlled. No changes made, still on Ethernet and Sony Server / Google Servers were not down at time of testing.
Problem will not happen if plugged into standard "off the shelf" router.
Just wanted to mention this to also point to Ethernet connected devices also suffer same issues. (Tried this last to be sure it wasn't low cost WiFi devices causing it.)
Updated by Jim Pingle 2 months ago
- Status changed from New to Rejected
There isn't any evidence here of a bug in pfSense. Myself and many others use various IOT devices in many different ways without issues, and it sounds like it's something in your network design or configuration here, not a bug.
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum .
See Reporting Issues with pfSense Software for more information.