Gateway Monitor 100% Traffic Loss for Monitor IP
-
Hi,
I have a second Home in India, where I have setup Wireguard tunnel to my pfSense to access security cameras etc..
I would like to set the monitor ip to the router internal ip so I can accurately monitor the status, instead of the interface ip itself.
The IP of my router in India is 192.168.44.1 when I set in monitor IP it shows 100% packet loss, when I tried putting the IP for 1.1.1.1 it also shows 100% loss.
Not sure what the issue is. All the other Gateway's I have I tried 1.1.1.1 it works fine, no issues.
I am able to ping 192.168.44.1 from pfsense under Diagnostics / Ping
Apr 30 21:58:26 dpinger66512 Home_India 1.1.1.1: Alarm latency 0us stddev 0us loss 100% Apr 30 21:58:24 dpinger 66512 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 1.1.1.1 bind_addr 10.6.44.2 identifier "Home_India "
Thanks in advance -
@manjotsc ok not exactly sure if understand what your wanting to do.. But you have a tunnel setup to your house in india. And you want to ping the india side vs the gateway itself right?
So for example I have a vpn setup to vps of mine ns1vpn here
Yeah out of the box when you setup a new gateway, it would monitor the gateway IP, and since its a tunnel it would be your own address as the gateway not the far end. This could still work for monitoring since if the tunnel is down it shouldn't answer pings? Have not played with that because I like to see what the response time is, vs the local zero rtt for pinging yourself.
Notice my wan and he gateway ping the actual gateway address. But my ns1vpn while the gateway is .2, the monitor address is .1 (the far end)
So I take it this is what you want to do? The far end of the tunnel your pinging would need to answer, firewall rule maybe on the far end. Setting the monitor to something on the far end would require that you can get there, can you get to 1.1.1.1 via this tunnel to your house in india? Maybe you do not allow that?
And your saying gateway monitor isn't working to the far end IP, but you can actually ping the far end of the tunnel from pfsense.
Looks like your one above the home_india is working, that looks like a tunnel were your gateway is 10.6.14.2 and your pinging 192.168.14.1
-
@johnpoz Thanks, I figured it out.
It was a misconfig on the wireguard tunnel,
I had allowed the my local subnets but I mis typed the gateway ip to 10.6.14.2/32 instead.
Also the 1.1.1.1 for sure it was not going to work, since I had retricted the dns to 9.9.9.9 in the router config.
Thanks,
Manjot -
@manjotsc glad you got it sorted, and thanks for explaining what the actual problem was - this for sure helps the next guy!
