Internet lost in PfSense but VPN or everythingelse work well?
-
It seems unlikely the issue is actually cert related. Somehow running that is re-loading something that allows traffic to restart. So I would be trying to determine exactly what fails when traffic stops.
-
Dear @stephenw10,
But how? What shoul I check if the internet stops again?Or I need to write script to check internet connetion in pfsense. When the internet lost than I need to run "certctl rehash" command again? I don't know?
Regards,
Mucip:) -
You are able to reach the pfSense gui from LAN when it fails yes?
So I would first test what pfSense itself can do in that situation. Can it ping 8.8.8.8? Can it ping google.com?
If it can then can LAN side clients do either of those?
-
Hi @stephenw10,
I made php scipt to check internet connection in LAN Debian server.
If not than it will send me an email. Than I will check what's going on in the PfSense.
I put this php code in the cron now.Let's see...
P.S: But I am wrong! If internet lost how can Debian send me an email?!
I need to create script in pfsense and check internet from LAN because I checked before
How can check internet connectivity in LAN with bash or php command in Pfsense?Regards,
Mucip:) -
Dear @stephenw10,
I may add this php file to cron but it must check internet connectivity from LAN not WAN.
Because normally there is internet on WAN but there isn't on LAN unfortunatelly.
Regards,
Mucip:)<?php $internetVar=false; switch (connection_status()){ case CONNECTION_NORMAL: $txt = 'Connection is in a normal state'; $internetVar=true; break; case CONNECTION_ABORTED: $txt = 'Connection aborted'; break; case CONNECTION_TIMEOUT: $txt = 'Connection timed out'; break; case (CONNECTION_ABORTED & CONNECTION_TIMEOUT): $txt = 'Connection aborted and timed out'; break; default: $txt = 'Unknown'; break; } echo "$txt\n"; ?>
-
You can source your test from the LAN IP and that will confirm NAT is working.
However reviewing the symptoms you have here I'd be willing to bet it's a gateway/routing issue.
What gateways do you have defined in System > Routing?
If you have more than one and the default gateway is still set to automatic try setting it to the WAN gateway specifically. It may be switching to one of the others if the WAN ever has an issue.
-
Dear @stephenw10,
Well, What is the CLI command equavelent of below screen?Our Geteway config is:
Regards,
Mucip:) -
The command would be:
[2.7.2-RELEASE][admin@t70.stevew.lan]/root: ping -c 3 -S 192.168.226.1 8.8.8.8 PING 8.8.8.8 (8.8.8.8) from 192.168.226.1: 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=116 time=6.036 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=12.178 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=6.225 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 6.036/8.146/12.178/2.852 ms
Where 192.168.226.1 is the LAN IP address.
However what are you using that gateway on LAN for? You have other subnets behind a router at 192.168.0.1?
If that's the LAN IP address it should not be there. -
Dear @stephenw10,
I have modem in the office. PfSense gets internet from modem.
Modem IP block is 192.168.1.X
PfSense WAN 192.168.1.99
PfSense LAN is 192.168.0.1Untill recent 3-5 days everything was OK. But nowadays I have problem I don't know why?
Regards,
Mucip:) -
Ah, OK then that LAN gateway you have set as the LAN interface IP is wrong. You should remove it, it can only cause conflicts.
-
Dear @stephenw10,
Are you teeling that I need to delete below "LanKapi" ?Regards,
Mucip:) -
Yes, you should only ever have a gateway on LAN if you have some other router in the LAN subnet. And even then it would never be the LAN IP address.
-
Dear @stephenw10,
I deleted. Let's see what is happening afterwards... :)Regards,
Mucip:) -
@stephenw10 ,
Now I have below error :( -
Looks like you have monitoring disabled on the WAN gateway so it's not running. Re-enable moniroring on WAN.
-
@stephenw10,
Now it's OK. But what is the monitoring and what is used for? -
The dpinger service monitors the state of the WAN by pinging something upstream. By default it pings the gateway address directly but you can change that to some external IP like 8.8.8.8 which usually gives better data on the connection quality. If you have multiple WANs that is what is sued to failover between them. You can see the dpinger data in Status > Monitoring Graphs in the Quality trace.
-
@mucip said in Internet lost in PfSense but VPN or everythingelse work well?:
the monitoring and what is used for?
And nice stats :
Monitoring the device in front of your pfSense, the ISP router, only tells you something about the cable between them and nothing much about your entire WAN connection.
Monitoring for example 8.8.8.8 tells you something about the 'quality' of the connection up until 8.8.8.8.
This will includes your entire 'ISP' WAN connection.