Apinger driving me nuts
-
There are two potential flaws with your reasoning, both stemming from the fact that you seem to be mixing up the symptom with the disease:
-
apinger will not disable a single gateway. If all gateways are down, they are assumed to all be up. It will not drop connectivity in your case.
-
If your syslog server is on the LAN, then apinger can't be preventing the communication.
Something is preventing all traffic in and out of the router (LAN, WAN, or both at once depending on the timing of the logs).
As for the usefulness of apinger with one WAN, apinger is what is used for drawing the WAN quality graphs, so it's still needed. I'd like it to log when my ISP or WAN-side connection went down even if I had only one WAN.
-
-
As for clearing states when it goes down, I think that is done in filter_delete_states_for_down_gateways in filter.inc, which is called from filter_configure_sync.
-
I wasn't asking for support, I'm not a novice, I was reporting an issue that I have encountered with beta software.
Where did I state that apinger disabled the gateway? where did I state that I like quality graphs? and if pfsense can't talk to my syslog server I can assure you the issue is a pfsense or loaded service/package/pfsense interaction problem, I never said that apinger was the cause it merely does the reporting (false reporting in my opinion), it has no connectivity to the syslog host and yet the syslog server still manages to send the damned error E-Mails ?? no they aren't queued or buffered the timestamps and header details versus receipt details show that, not withstanding that I host the mail server so I have those logs too so I know when the email server received the mail for delivery.
I know the difference between a disease and a symptom. I have attacked the presumed 'symptoms' with an alternative 'router' (Draytek 2800) but it shows no disease and no symptoms, I use three network analysis products, one free, two commercial - The Dude, Observer, Commview, I also have a firebox firewall (not up to date - subscription a rip off) and a Netgear, none of which show any connectivity issue while pfsense is not in the loop, the conclusion is very easy after that.
I understand that some may feel that apinger is indispensible but equally some won't give a damn, I use pfsense in a private capacity and really couldn't care less about pretty graphs, I don't use routing or load balancing, there are a lot of similarly minded or oriented people I am sure. I don't WANT a damn gateway test, I don't NEED a damn gateway test, I couldn't care less about filters, simply put I would like the ability to turn it off !! - is that so difficult ???. I don't want to spend the next millenia buried in dos level or linux type commands editing this or that file to accomplish a simple task, Linux/Unix type OS's will never beat Microsoft or Apple until the eggheads realise that most people don't want to understand the OS core - actually I don't either these days.
Sorry if I offend anyone or seem overly 'arsy' but I do NOT have WAN or LAN connectivity issues, I have been in this business 25 years, I learned this business before the internet or even LAN's existed, I make a living doing this stuff with the likes of IBM, Microsoft and Intel to name three, I know how to test networks and systems, I don't have time to get involved in the source or code debugging (frankly I don't understand it, haven't coded in years) but something has changed recently with V2 that has started causing an issue in my configuration.
Simply responding in a manner making out that what I regard as an issue is simply my lack of understanding or ability is not what I thought beta testing was all about.
-
Just wanted to note that my previous post was intended as a note for any pfSense developers watching this thread, including myself, in case they would want to implement a checkbox to disable/enable the behavior I mentioned. Also for anyone who does want to try changing it on their own box in the mean time.
-
@BenKenobe: Try add Latency thresholds.
minimum and maximum latency for congested or pick WAN load.
-
I'm currently having roughly the same issues with my PPPOE Zen ADSL connections dropping. My setup is the following:
2.0-BETA4 built on Tue Oct 5 22:38:40 EDT 2010 FreeBSD 8.1-RELEASE-p1
2x ADSL PPPOE Connections via Zen Internet (WAN, OPT1)
1x LAN Connection (LAN)My PFSense box is very happy through the day and night when there is just usual user activity on the nextwork. Web Browsing, Downloading, Email, Web Hosting, MS RDP use by external users, FTP etc….
The issues comes when i send an Email Shot to 4000 of our customers on a night which maxes out the WAN Upload bandwidth and after about 30mins the WAN connection drops which also messes up the OPT1 ADSL connection even though it still shows as online on the home page. When the WAN connection drops the IP address dissapears on the home page but the OPT1 IT Address is still showing but no one can connect in remotely and all the websites we host are inaccessable.
This issue only seems to happen when the PFSense box is maxed out from the Email Shot. The only way to get the 2x ADSL connections back online and open again is to restart the router.
Does anyone have any ideas on what the cause and fix might be?
Cheers,
Andy
andy.hughes@info-trader.co.uk
07944988702 -
Since I am also using Zen this is of interest to me but I do not have the kind of traffic 'bursts' that you seem to have senate014.
My connection is strictly personal browsing / e-mail, I do host a webserver bought traffic isn't that high and well within my DSL connections limits. THere is no pattern I can identify that causes the error it is totally random in nature.
I will try the latency settngs again when I return home on Tuesday although even with a ludicrous low latency setting of 60000ms I am still seeing the issue, anyone care to offer plausible settings for a DSL connection (1meg up 8 meg down - nearer to 350k up and 4meg down in reality) do these settings boxes have unposted limits ?
-
Well I have had no luck regardless of settings high low or otherwise.
I have confirmed via my ISP that there is no issue, my ISP has confirmed with the 'wholesaler' (also my telecoms provider) that there is no issue.
I have identified that my gateway seems to change, it seems to happen shortly after an apinger error report, it doesn't always change but sometimes it does. My ISP have several gateway IP addresses that they allocate dynamically based on load etc.
I have also been advised by my ISP that they are not happy about continual once a second pings choking their systems - this can only be apinger because I am not consciously doing it, I am not running any latency tests at the moment so if this can be proven to be apinger then the frequency at which apinger polls needs to be configurable in addition to having the ability to turn it off for single WAN installations.
The reasoning used by my ISP is that 1 ping per second is OK when only a small number are doing it but when 100,000+ users doing it then it becomes a major issue and is one of the reasons why some ISP's turn gateway ICMP off, this kind of diagnostic on a private or commercial WAN may be OK but it is NOT OK on a public WAN, a ping once per minute would be more acceptable but really if your connectivity is this important to you then you should not be using 'public' DSL and instead should subscribe to a commercial product that is designed with the latency and contention ratios to deal with it.
-
And that's why you can just plug in an alternate monitor IP so it doesn't ping your gateway. :-)
-
I could if that part of the code worked in 2 ;-) … see bug#919 http://redmine.pfsense.org/issues/919
Then I need a target IP but then this won't be verifying that the WAN is actually up only that the target IP isn't.
-
It works for me, or did last I looked, I'm using 8.8.8.8 on one of my dynamic WANs.
And yes, it is testing that IP and not your ISP, but in the case of my ISP on that side, their uplink is more likely to fail than their local gear, so testing anything on their network would be of zero benefit for most of their outages.
-
I do now have some confirmation that the gateway is changing frequently, it has gone from ..82.20 to ..82.5, it is now ..82.17 in one evening, given that pfsense is supposed to handle a dynamic gateway it seems clear that apinger does not, at least not without reporting a fault, question is since the connection does not fail, it does not drop so is this really a fault - I think that this could be normal operation but will check with my ISP again since it does not correlate with what they have already said.
Dynamic WAN ?? is this some sort of loopback?
-
Are you using a recent snapshot? I think some changes went in recently to fix restarting apinger.
-
You might try to upgrade to the next new snapshot that comes out today, or it might be up now, I haven't looked. Apinger wasn't being restarted when a change was detected, but it should be now.
