Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    QNAP pfSense dropout

    Scheduled Pinned Locked Moved General pfSense Questions
    37 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee
      last edited by

      I had an issue with a printer when it would go to sleep it would not let me print or find the printer. I created a dhcp record for it set it to static, added a dns host override for it and never had an issue again. I assume your QNAP goes to sleep when it’s not in use like my Buffalo NAS and that might be the issue… it’s sleeping on the job and needs to have the ability to be woke up, the static arp record might help it did for me.

      Make sure to upvote

      P 1 Reply Last reply Reply Quote 0
      • P
        ppal @stephenw10
        last edited by

        @stephenw10 Hi only loss of internet. LAN is still accessible. I think that it is specific Bigpond (Australian ISP DHCP Login ) issue. I moved the QNAP to another ISP (TPG with PPPoE) which does not have disconnection issues. pfSense not playing nicely with Bigpond . Now trying with OPNSense to see if similar. (Connection is via the same NTD which has 4 ports for Fibre service - I have two activated.

        stephenw10S 1 Reply Last reply Reply Quote 0
        • P
          ppal @JonathanLee
          last edited by

          @JonathanLee possibly a going to sleep issue but I have no hibernation turned on. Will see if I can implement your approach.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @ppal
            last edited by

            @ppal said in QNAP pfSense dropout:

            pfSense not playing nicely with Bigpond

            Hmm, waaay back in the day there were some special options for bigpond. Anything logged in dhcp?

            Does a pcap show it requesting leases? ARPing for stuff?

            P 1 Reply Last reply Reply Quote 0
            • P
              ppal @stephenw10
              last edited by ppal

              @stephenw10
              Hi Stephen,

              Thank you for your suggestions earlier. I’ll revisit pfSense after completing my testing with OPNSense. I noticed that another user had a similar issue (https://forum.netgate.com/topic/169400/pfsense-ipv6-with-telstra-nbn), but it seems they didn’t receive much assistance on the forum.

              Apparently, there’s a detailed 32-step guide to get IPv6 working: https://whirlpool.net.au/wiki/pfsense_ipv6_telstra.

              For now, even having IPv4 running reliably would be a great starting point!

              Thanks again for your insights.

              Best regards,

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Hmm, I'm never sure how similar services are between providers on NBN. That seems to be IPv6 specific though and you stopped seeing all connectivity.

                P 1 Reply Last reply Reply Quote 0
                • P
                  ppal @stephenw10
                  last edited by

                  @stephenw10 Hi

                  I have swapped the LAN and WAN ports. What would be the best package to monitor the connections.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    It should be detected and logged by the gateway monitoring anyway without a package.

                    However you can run something like mytraceroute on the firewall to see where it fails. Or something smokeping on a client behind the firewall.

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      ppal @stephenw10
                      last edited by

                      @stephenw10 I found this https://www.telstra.com.au/content/dam/tcom/small-business/support/pdf/nbn-byo-%20router-guide.pdf - Looks like requires traffic shaping and requires. MTU 1500 or lower . Probably go for MTU 1492 and MSS 1452 and shape the traffic to my tier.

                      1 Reply Last reply Reply Quote 1
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Hmm, well I guess that could do it if they cut you off when you overrun your tier bandwidth.

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          ppal @stephenw10
                          last edited by

                          @stephenw10, I swapped the LAN and WAN ports, and it worked for about 7 hours. During that time, I believed the issue was resolved, but unfortunately, it locked up again with packet failures. I'll give it another try, but one would expect the shaping to be handled on their end. It's worth testing, though. Thanks for engaging.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Mmm, it's been a while but I have seen providers that police bandwidth by just cutting connections. I don't recall seeing that for anything end user facing though.

                            P 1 Reply Last reply Reply Quote 0
                            • P
                              ppal @stephenw10
                              last edited by

                              @stephenw10 Here’s a professional rewrite:


                              Subject: MTU Configuration Issue with ISP-Supplied Router

                              Hello @stephenw10,

                              I configured the MTU to 1492 (with MSS at 1452) on my ISP-supplied router. This setting was based on recommendations for my connection type.

                              However, after sitting idle for some time, the router locked up overnight. The attached screenshot provides additional details.
                              c53e91c8-8b27-41bc-976d-e3cfe26605c8-image.png

                              Could you advise on any potential causes for the issue or whether further adjustments are recommended to stabilize the setup?

                              Thank you for your insights.

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                By 'locked up' I assume you mean just stopped passing traffic because it looks like you were still able to login to it?

                                P 1 Reply Last reply Reply Quote 0
                                • P
                                  ppal @stephenw10
                                  last edited by ppal

                                  @stephenw10 The issue is with the WAN—packet loss and loss of internet—but I can still access the system via LAN. Rebooting sometimes resolves it, but only for hours or minutes.

                                  I suspect it’s a settings issue. I’ve had similar issues with this ISP when running pfSense on an old PC. However, the ISP-supplied router runs without issues for months, so the service itself seems fine.

                                  I’m considering a Netgate appliance to remove uncertainties, but I believe the problem lies with the QNAP VM. I’ve experienced the same issue with OPNSense and SOPHOS Home on the VM: internet loss while LAN stays functional.

                                  Swapping the LAN/WAN ports yields the same result, so it doesn’t seem to be a port-specific problem.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Hmm, well those tests seem to imply the VM setup is an issue I agree. However if it does the same thing using pfSense baremetal on an old PC that implies it isn't. So hard to say at this stage. 😕

                                    Probably need a new baremetal test to confirm if you can.

                                    P 1 Reply Last reply Reply Quote 0
                                    • P
                                      ppal @stephenw10
                                      last edited by ppal

                                      @stephenw10 some digging - Upstream Traffic: Set DSCP to 0. - how do I get to this setting. Somewhere in the firewall ?
                                      To use a non-Telstra-provided Gateway, the device must:
                                      • Support WAN on an Ethernet port. If not, please consider purchasing a business gateway from us.
                                      • Support xDSL port for VDSL with Vectoring (FTTN & FTTB deployments only).
                                      • Use Ethernet full duplex with auto-negotiation on so that the gateway signals to UNI-D (nbn network
                                      termination device port) that it’s full duplex capable, avoiding duplex mismatch (excluding FTTN &
                                      FTTB deployments).
                                      • Operate as a gateway with a single MAC address assigned to the port.
                                      • Not configured as a bridge or hub.
                                      • Support NAT.
                                      • Use DHCPv4 to ‘request’ the IP address (this is essential to create the IP session on our service
                                      edge. The DHCP response will contain DNS information, as well as the allocated static address). The
                                      network will return both IPv4 and IPv6 assigned address information.
                                      • Be configured to transmit all upstream data untagged.
                                      • Not use 802.1p priority or VLAN tagging as this will be ignored (subject to change).
                                      TELSTRA CORPORATION LIMITED (ABN 33 051 775 556) | PRINTED 24/10/2016 BYO GATEWAY GUIDE WITH TELSTRA BUSINESS BROADBAND ON THE NBN
                                      PAGE 2/4
                                      • Be configured to mark all upstream traffic to ‘DSCP 0’ (zero).
                                      • Ensure the L2 maximum frame size (also known as Maximum Transfer Unit - MTU) of no larger than
                                      1500 octets.
                                      • Shape upstream traffic to the Speed Level of the service purchased (e.g. shape upstream to 5Mbps
                                      on a Speed Level 2 service i.e. 25Mbps downstream, 5 Mbps upstream).
                                      https://www.telstra.com.au/content/dam/tcom/business-enterprise/support/pdf/byo-gateway-guide-telstra-business-broadband-on-nbn.pdf

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        pfSense can match on DSCP but does not set it:
                                        https://docs.netgate.com/pfsense/en/latest/firewall/configure.html#diffserv-code-point

                                        @ppal said in QNAP pfSense dropout:

                                        Shape upstream traffic to the Speed Level of the service purchased (e.g. shape upstream to 5Mbps
                                        on a Speed Level 2 service i.e. 25Mbps downstream, 5 Mbps upstream).

                                        This looks like a more likely potential problem if they enforce that by blocking traffic when it's not shaped.

                                        P 1 Reply Last reply Reply Quote 0
                                        • P
                                          ppal @stephenw10
                                          last edited by

                                          @stephenw10 I added a 4 NIC Card into the NAS. Default Install and then set MTU to 1462. Now getting
                                          Jan 22 08:27:00 php-cgi 21877 servicewatchdog_cron.php: Service Watchdog detected service kea-dhcp4 stopped. Restarting kea-dhcp4 (Kea DHCP Server)
                                          Jan 22 08:27:15 php-cgi 95738 notify_monitor.php: Message sent to pranesh@pal.id.au OK
                                          Jan 22 08:28:00 php-cgi 64510 servicewatchdog_cron.php: Service Watchdog detected service unbound stopped. Restarting unbound (DNS Resolver)
                                          Jan 22 08:28:00 php-cgi 64510 servicewatchdog_cron.php: Service Watchdog detected service kea-dhcp4 stopped. Restarting kea-dhcp4 (Kea DHCP Server)
                                          Jan 22 08:28:20 php-cgi 95738 notify_monitor.php: Message sent to pranesh@pal.id.au OK
                                          Jan 22 08:29:00 php-cgi 42905 servicewatchdog_cron.php: Service Watchdog detected service unbound stopped. Restarting unbound (DNS Resolver)
                                          Jan 22 08:29:00 php-cgi 42905 servicewatchdog_cron.php: Service Watchdog detected service kea-dhcp4 stopped. Restarting kea-dhcp4 (Kea DHCP Server)
                                          every minute filling my Inbox. Any thoughts?

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Don't run the service watchog like that? Really it should only be used for troubleshooting.

                                            If it's not enabled do those services just stop?

                                            What NIC was it? Are you passing through the NICs to the VM?

                                            P 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.