Constant WAN Drop

KenCapital

New install of Pfsense a few days ago, worked great for about two days, now I am constantly getting disconnects. Tried a couple workarounds on the forum, but no joy.

WAN is DHCP, and shows the interface is up, I can capture packets, but can't ping anything, including the gateway. Release/renew the WAN (nothing changes) and everything works fine until it randomly does it again. Could be a few minutes or a few hours.

Upgraded to 2.8 and literally 10 minutes after lost WAN connection. New (made in China) hardware box, and cables etc.

I am savvy enough to diagnose, but do not know where to even start narrowing this down. Really hoping for some suggestions, thanks!

stephenw10

Does the gateway IP/MAC disappear from the ARP table? Check in Diag > ARP.

KenCapital

@stephenw10 I can't say for sure, so now I have to wait until it quits again, thanks!

Hard part is knowing what to check while it is not working.

Gertjan

@KenCapital said in Constant WAN Drop:

I can capture packets,

Going from where to where ?
Outgoing traffic, and nothing comes back ?
Traffic comes back ?
Something else ?

@KenCapital said in Constant WAN Drop:

WAN is DHCP, and shows the interface is up

Which means the connection between the pfSense WAN interface and the upstream device (your ISP router / modem / ?) is ok. But more is needed to have a working connection : This upstream device should also have a connection to the equipment at the ISP side.

@KenCapital said in Constant WAN Drop:

literally 10 minutes after lost WAN connection

There must be 'some' info in the Status > System Logs > System General and Status > System Logs > DHCP.
For example, for the WAN interface, a ping process sends a "ping" every xxxx ms and wants a reply bad. If nothing comes back, this ping process will 'toggle" or reset the WAN interface. This might re establish the connect, but most often, because a phone line (fibre, radio waves, a satellite etc) xx miles away from your house doesn't work well, this wont' re establish the connect.

After all, like the pfSense LAN interface and your wired (using cable) to a switch (!) to your PC : as long as pfSense, switch and PC are powered correctly, the connection stays up, and this could last for 'decades' (serious).

You could de activate the ping process for a while, just presuming your WAN upstream conenction is ok.
Doing so will guarantee you that it will pfSense that took the WAN down for a moment.
Check this option and save :

If you see in the system log that the WAN still goes down : have a chat with your upstream ISP router / modem / whatever you use.

KenCapital

@Gertjan I can see advertisements, including my gateway (that I cannot connect to)

Alco ICMP request and replies from my IP to my gateway.

I dont see a lot in the logs-

>>> Gateway alarm: WAN_DHCP
/rc.openvpn: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP' 
/rc.openvpn: Gateway, NONE AVAILABLE 
/status_interfaces.php: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP' 
/status_interfaces.php: Gateway, NONE AVAILABLE

I thought it was possibly kea so I switched no normal DHCP. Lost connection five minutes after reboot.

I honestly think this is an ISP issue, but not able to track it down, or why pfsense does it and a simple wireless router did not.

Going to swap wan and lan interface and see if it follows or starts dropping on lan indicating a bad card.

Gertjan

@KenCapital said in Constant WAN Drop:

I honestly think this is an ISP issue,

Why would that be a mystery ?

Look at pfSense, the device, LAN and WAN are identical : I presume both use RJ45 interfaces.
This means that you can take pfSense (the pfSense device) out your network, and hook up a PC directly, and make the connection - if needed as per ISP instructions - work.

Moments later you'll know if the ISP is any good.
Actually, they must be good, or please explain on what basis you've selected them ?

KenCapital

@Gertjan Actually I am in a rural location and I have very few options. Honestly my connection has been pretty good, but was getting packet loss on my router and decided to use pfsense, which I have used some years ago and was quite pleased.

Honestly have considered Starlink, as this seems to be what my ISP is using anyway?

unknown dhcp option value 0x52

stephenw10

Ah, if it's still pinging the gateway then it's not an ARP issue. If it's still seeing replies to those pings it's probably not a problem with that gateway at all.

Do you have openvpn setup? Is there a gateway configured for it? If so make sure the default gateway is set to the WAN in System > Routing > Gateways. It may just be selecting he VPN gateway by default.

KenCapital

@stephenw10 I do not, but thought it was strange that I seen OpenVPN in the logs.

Gertjan

@KenCapital said in Constant WAN Drop:

but was getting packet loss on my router

The very first low bud 25 $ (?) router (ok : give it a name : TP-Link or comparable) you can find in "wallmart" (example of a well know store in the US, others, with other names, exist elsewhere) will handle a gentle 1 Gbit/sec just fine.
Install pfSense on very mediocre hardware, and it won't do any better.

You have a "Starlink" as a possible and only uplink ? Don't stay ignorant, it's s easy to find out. Do a tracert to microsoft.com, note down all the IPs you've linked trough, and then discover who manages these routers. If Starlink used, you'll find them.
Your first mission : determine what can Starlink really offer.
Then : same question again and this time : go Youtube, and look at one or more of these many thousands of hands on honest comparisons video's to discover the hidden advantages and real day to day usage story.

Imho : A Starlink connection , if nothing else is possible, it will do just fine, even with package loss and all that.
It's after all : that - or nothing else.
But sharing a starlink over several (many) homes... serious ?

bigbig

Did you solve the problem? I had the same, it's connected with dhcp renew, if network stops "dhclient vtnet1" recovers communication. I was trying to add to cron dhclient vtnet1 every 1 min, (starlink lease time is 300 sec, so renew is after 150 sec), it help a little, but not solve problem. Finally I returned to pfsense 2.7 and problem was gone.

Gertjan

@bigbig

You shouldn't need to 'cron' dhclient.
See for yourself : Get the driver name of the dhclient interface used (not WAN but the NIC driver name), for example 'igc0'.
You'll find a file called /var/db/dhclient.leases.igc0 - have a look at it.
dhclient knows when to renew, normally half way the lease duration.
So if the total lease time is 300 seconds, dhclient will renew after 150 seconds.
Totally insane of course, but maybe normal knowing what transport medium is used

The dhclient process stays active during the wait, check :

ps aux | grep 'dhclient'

and it 'sleeps' until the delay is over, and it renews.
Normally, dhclient doesn't fail or abort, something that can only happen, I guess, when the interface itself is 'gone'.

Check the Status >System Logs > DHCP for 'dhclient' messages (issues).