QNAP pfSense dropout
-
I had an issue with a printer when it would go to sleep it would not let me print or find the printer. I created a dhcp record for it set it to static, added a dns host override for it and never had an issue again. I assume your QNAP goes to sleep when it’s not in use like my Buffalo NAS and that might be the issue… it’s sleeping on the job and needs to have the ability to be woke up, the static arp record might help it did for me.
-
@stephenw10 Hi only loss of internet. LAN is still accessible. I think that it is specific Bigpond (Australian ISP DHCP Login ) issue. I moved the QNAP to another ISP (TPG with PPPoE) which does not have disconnection issues. pfSense not playing nicely with Bigpond . Now trying with OPNSense to see if similar. (Connection is via the same NTD which has 4 ports for Fibre service - I have two activated.
-
@JonathanLee possibly a going to sleep issue but I have no hibernation turned on. Will see if I can implement your approach.
-
@ppal said in QNAP pfSense dropout:
pfSense not playing nicely with Bigpond
Hmm, waaay back in the day there were some special options for bigpond. Anything logged in dhcp?
Does a pcap show it requesting leases? ARPing for stuff?
-
@stephenw10
Hi Stephen,Thank you for your suggestions earlier. I’ll revisit pfSense after completing my testing with OPNSense. I noticed that another user had a similar issue (https://forum.netgate.com/topic/169400/pfsense-ipv6-with-telstra-nbn), but it seems they didn’t receive much assistance on the forum.
Apparently, there’s a detailed 32-step guide to get IPv6 working: https://whirlpool.net.au/wiki/pfsense_ipv6_telstra.
For now, even having IPv4 running reliably would be a great starting point!
Thanks again for your insights.
Best regards,
-
Hmm, I'm never sure how similar services are between providers on NBN. That seems to be IPv6 specific though and you stopped seeing all connectivity.
-
@stephenw10 Hi
I have swapped the LAN and WAN ports. What would be the best package to monitor the connections.
-
It should be detected and logged by the gateway monitoring anyway without a package.
However you can run something like mytraceroute on the firewall to see where it fails. Or something smokeping on a client behind the firewall.
-
@stephenw10 I found this https://www.telstra.com.au/content/dam/tcom/small-business/support/pdf/nbn-byo-%20router-guide.pdf - Looks like requires traffic shaping and requires. MTU 1500 or lower . Probably go for MTU 1492 and MSS 1452 and shape the traffic to my tier.
-
Hmm, well I guess that could do it if they cut you off when you overrun your tier bandwidth.
-
@stephenw10, I swapped the LAN and WAN ports, and it worked for about 7 hours. During that time, I believed the issue was resolved, but unfortunately, it locked up again with packet failures. I'll give it another try, but one would expect the shaping to be handled on their end. It's worth testing, though. Thanks for engaging.
-
Mmm, it's been a while but I have seen providers that police bandwidth by just cutting connections. I don't recall seeing that for anything end user facing though.
-
@stephenw10 Here’s a professional rewrite:
Subject: MTU Configuration Issue with ISP-Supplied Router
Hello @stephenw10,
I configured the MTU to 1492 (with MSS at 1452) on my ISP-supplied router. This setting was based on recommendations for my connection type.
However, after sitting idle for some time, the router locked up overnight. The attached screenshot provides additional details.
Could you advise on any potential causes for the issue or whether further adjustments are recommended to stabilize the setup?
Thank you for your insights.
-
By 'locked up' I assume you mean just stopped passing traffic because it looks like you were still able to login to it?
-
@stephenw10 The issue is with the WAN—packet loss and loss of internet—but I can still access the system via LAN. Rebooting sometimes resolves it, but only for hours or minutes.
I suspect it’s a settings issue. I’ve had similar issues with this ISP when running pfSense on an old PC. However, the ISP-supplied router runs without issues for months, so the service itself seems fine.
I’m considering a Netgate appliance to remove uncertainties, but I believe the problem lies with the QNAP VM. I’ve experienced the same issue with OPNSense and SOPHOS Home on the VM: internet loss while LAN stays functional.
Swapping the LAN/WAN ports yields the same result, so it doesn’t seem to be a port-specific problem.
-
Hmm, well those tests seem to imply the VM setup is an issue I agree. However if it does the same thing using pfSense baremetal on an old PC that implies it isn't. So hard to say at this stage.
Probably need a new baremetal test to confirm if you can.
-
@stephenw10 some digging - Upstream Traffic: Set DSCP to 0. - how do I get to this setting. Somewhere in the firewall ?
To use a non-Telstra-provided Gateway, the device must:
• Support WAN on an Ethernet port. If not, please consider purchasing a business gateway from us.
• Support xDSL port for VDSL with Vectoring (FTTN & FTTB deployments only).
• Use Ethernet full duplex with auto-negotiation on so that the gateway signals to UNI-D (nbn network
termination device port) that it’s full duplex capable, avoiding duplex mismatch (excluding FTTN &
FTTB deployments).
• Operate as a gateway with a single MAC address assigned to the port.
• Not configured as a bridge or hub.
• Support NAT.
• Use DHCPv4 to ‘request’ the IP address (this is essential to create the IP session on our service
edge. The DHCP response will contain DNS information, as well as the allocated static address). The
network will return both IPv4 and IPv6 assigned address information.
• Be configured to transmit all upstream data untagged.
• Not use 802.1p priority or VLAN tagging as this will be ignored (subject to change).
TELSTRA CORPORATION LIMITED (ABN 33 051 775 556) | PRINTED 24/10/2016 BYO GATEWAY GUIDE WITH TELSTRA BUSINESS BROADBAND ON THE NBN
PAGE 2/4
• Be configured to mark all upstream traffic to ‘DSCP 0’ (zero).
• Ensure the L2 maximum frame size (also known as Maximum Transfer Unit - MTU) of no larger than
1500 octets.
• Shape upstream traffic to the Speed Level of the service purchased (e.g. shape upstream to 5Mbps
on a Speed Level 2 service i.e. 25Mbps downstream, 5 Mbps upstream).
https://www.telstra.com.au/content/dam/tcom/business-enterprise/support/pdf/byo-gateway-guide-telstra-business-broadband-on-nbn.pdf -
pfSense can match on DSCP but does not set it:
https://docs.netgate.com/pfsense/en/latest/firewall/configure.html#diffserv-code-point@ppal said in QNAP pfSense dropout:
Shape upstream traffic to the Speed Level of the service purchased (e.g. shape upstream to 5Mbps
on a Speed Level 2 service i.e. 25Mbps downstream, 5 Mbps upstream).This looks like a more likely potential problem if they enforce that by blocking traffic when it's not shaped.
-
@stephenw10 I added a 4 NIC Card into the NAS. Default Install and then set MTU to 1462. Now getting
Jan 22 08:27:00 php-cgi 21877 servicewatchdog_cron.php: Service Watchdog detected service kea-dhcp4 stopped. Restarting kea-dhcp4 (Kea DHCP Server)
Jan 22 08:27:15 php-cgi 95738 notify_monitor.php: Message sent to pranesh@pal.id.au OK
Jan 22 08:28:00 php-cgi 64510 servicewatchdog_cron.php: Service Watchdog detected service unbound stopped. Restarting unbound (DNS Resolver)
Jan 22 08:28:00 php-cgi 64510 servicewatchdog_cron.php: Service Watchdog detected service kea-dhcp4 stopped. Restarting kea-dhcp4 (Kea DHCP Server)
Jan 22 08:28:20 php-cgi 95738 notify_monitor.php: Message sent to pranesh@pal.id.au OK
Jan 22 08:29:00 php-cgi 42905 servicewatchdog_cron.php: Service Watchdog detected service unbound stopped. Restarting unbound (DNS Resolver)
Jan 22 08:29:00 php-cgi 42905 servicewatchdog_cron.php: Service Watchdog detected service kea-dhcp4 stopped. Restarting kea-dhcp4 (Kea DHCP Server)
every minute filling my Inbox. Any thoughts? -
Don't run the service watchog like that? Really it should only be used for troubleshooting.
If it's not enabled do those services just stop?
What NIC was it? Are you passing through the NICs to the VM?
