Hi everyone, today’s post is about solving an issue that took me quite a lot of time. The fix turned out to be easy, but it wasn’t obvious, and I still need to find the root cause.

I was working with pfSense (Netgate) in a VMC (AWS) environment. pfSense is a BSD-based firewall with numerous possibilities, including BGP implementation. It can be downloaded in ISO format and installed inside a virtual machine, making it extremely valuable for every lab and usable with support in production environments.

In my environment, pfSense has two Ethernet adapters, each connected to separate segments. One of these segments requires access to the Internet. To accomplish this, I created a tag for that segment and configured the appropriate rule in the gateway firewall, along with a compute group based on that segment.

Unfortunately, pfSense still didn’t have Internet access. Traceroute revealed that the communication ended at T0. Surprisingly, Debian installed in the same network was working fine without any issues—perhaps thanks to the magic of vmtools?

The solution to this configuration problem was to reconfigure the group to use an IP address instead of tags. After making this change, Internet access became available almost immediately.

Now, I will continue to search for the root cause, as I have a feeling that it might be related to the absence of vmtools in pfSense. Does anyone have an idea of what the issue could be?