weird internet access issue
-
Hi, I noticed that my internet access goes down once every 1 - 2 days.
Under gateways, it shows offline - packetloss for my WAN
When I restart my modem which my ISP provides, everything starts working again.
It happened again and this time I directly plugged my modem into a laptop using the same ethernet cable that I use to plug into my pfsense router. My laptop had internet access and seemed to work fine.
I then unplugged my laptop and plugged the same ethernet cable into the pfsense router, and everything started working again.
Any idea what this could be?
-
@pp-ng Read through https://forum.netgate.com/topic/167206/gateway-drops-and-never-comes-back. Also what is your gateway monitoring IP? You might try changing that to something online such as 8.8.4.4 just to see if whatever pfSense is using isn't responding to pings all the time.
-
@steveits It currently monitors its own IP. I never thought of changing it, I suppose it makes sense to monitor something else?
-
@pp-ng Usually it should be pfSense's upstream gateway, but if that doesn't respond to pings it can be anything on the Internet that does. (unique for each WAN interface)
-
@steveits So is the fix to manually apply the patch (ec73bb89489d830ec21c4e04ffa3ec401791b55d) via System > Patches if not waiting for 2.7?
-
@pp-ng I don't have the issue but it sounds like the patch fixed it for others. At least could be worth trying.
-
@steveits yea so I updated the gateway monitoring to use Google's DNS and applied that patch. Guess we'll see.
Really appreciate the quick response. Will update if I make it a week without issue or if it happens again.
-
@steveits it is a little funny how this is hit or miss with some people. sounds like an issue like this would be global, but maybe it's specific to the isp or something. not sure.
-
@pp-ng If you have only one WAN then another option might be to check "Disable Gateway Monitoring" on System/Routing/Gateways for that gateway. Then pfSense just assumes it's always up.
-
@pp-ng said in weird internet access issue:
Under gateways, it shows offline - packetloss for my WAN
If the WAN shows packet loss but not 100% loss then it's not dpinger stopping.
The first thing to do though is make sure it's monitoring something useful so you have an idea about what's actually happening.
Steve
-
@stephenw10 And do you recommend google DNS for monitoring IP or something else?
-
That's what I use. They are under no obligation to respond to pings of course but I've never seen it stop responding.
-
@stephenw10 from what I remember it was 100% packet loss.
I am monitoring use 8.8.8.8 now and I also applied that patch for redmine Issue 11570 - ec73bb89489d830ec21c4e04ffa3ec401791b55d
So we'll see how it behaves now.
-
@stephenw10 @SteveITS it happened twice again. The first time was after ~39hrs and the second time was after ~48hrs
this is what's in the system logs for gateway
Oct 8 05:47:42 dpinger 27198 WAN_DHCP 1.1.1.1: duplicate echo reply received
Oct 8 06:32:09 dpinger 27198 WAN_DHCP 1.1.1.1: Alarm latency 4938us stddev 718us loss 21%
Oct 8 08:09:50 dpinger 27198 WAN_DHCP 1.1.1.1: sendto error: 65
Oct 8 08:09:50 dpinger 27198 WAN_DHCP 1.1.1.1: sendto error: 65
Oct 8 08:09:51 dpinger 27198 WAN_DHCP 1.1.1.1: sendto error: 65
Oct 8 08:10:01 dpinger 70782 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 1.1.1.1 bind_addr xxx.xxx.xxx.xxx identifier "WAN_DHCP "
Oct 8 08:10:05 dpinger 41719 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 1.1.1.1 bind_addr xxx.xxx.xxx.xxx identifier "WAN_DHCP "After it happened the first time I switched gateway monitoring from google to cloudflare, but still same issue. Even after applying that patch.
Couple questions, does the patch require a reboot of the box?
Also, I think you guys mentioned you are not having this issue. I am using the CE 2.6 - are you by chance using PFsense Plus? Not sure if that would make a big difference but thought I'd ask and maybe I can switch to PFsense Plus to try if you are using it and not seeing this issue.
-
That patch would not require a reboot. But that only helps if what you're seeing is dpinger failing to start. Are you seeing it stopped in Status > Services?
-
@stephenw10 It was green. I have the service status widget on the dashboard and showed green.
Does it matter between CE and Plus version?
-
The current Plus version (22.05) is newer so has some updated that are not yet in CE, But I'm not aware of anything that would present like this.
This looks more like your gateway actually stopped responding.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/gateway-errors.html#sendto-error-65It implies the gateway is no longer a route to 1.1.1.1 which would usually be the default route. So first thing would be check Diag > Routes to be sure you still have a default route. And if not then something removed it, check the routing log.
What do you do to restore access here? Resave the WAN? Resave the default gateway?
-
@stephenw10 All I do to restore access is literally unplug the ethernet cable from the pfsense box and plug it back in, I dont even wait. Just unplug and plug back in.
I unplug the ethernet cable that goes from the isp provided modem to the wan port of my pfsense box. it's a protectli vault if that means anything.
-
Ok, so doing that triggers a bunch of scripts that would, among many other things, re-apply the default route. So try to see if it has actually lost the route. Then try resaving the default gateway or resaving the WAN and see if that brings it back.
-
At the moment there are 9 IPv4 routes and one of them is set to default under the destination column
So when this happens again go into Diag > Routes and see what has changed from a working state?
What do you mean by "re-apply the default route" and "resaving the default gateway or resaving the WAN" ?
