An earnest appeal - please do fix APINGER in 2.2
-
Thanks for your update jimp - we at least now know the difficulty in fixing it.
If you want, I can help you with access to an otherwise good multi-WAN test environment that has this issue, which is an exact replication of our production environment. You can let me know in PM if this will help.
We have been using pfSense for last 7 years I guess, and really need this to be resolved.
-
Getting access wouldn't help as much as definitively identifying the specific condition leading to the problem if possible (e.g. a latency over X for Y amount of time, or Z gateways with Q latency, etc)
Depending on how long it takes for the problem to repeat it could still be difficult for us to find time to watch it closely enough to find when the problem starts specifically.
-
Got it Jim. In our case though the problem starts within 5 to 10 minutes.
-
Seeing the quality graph for your gateways may help as well, with notes about where apinger was restarted and where the problem was first noticed.
I tried to artificially induce latency using one firewall in front of another and increasing the delay on a limiter for ICMP traffic. Each time I let it run for 15+ minutes at various latencies and then lifted the limiter. Each time it always bounced back to close to 0 for me, I never saw it get stuck, so there must be a few different factors at work making it get stuck over time for others.
-
Maybe this is something to consider: I never had any problems with my setup running NanoBSD for the last year. I switched to a full install recently (CF died, bought an SSD) and now I am seeing Packetloss steadily increasing for my HENet tunnel. 120% packetloss ATM, uptime of the firewall is 4 days. I am pinging the same IPv6 HostĀ via Smokeping from a Linux host behind the pfSense GW and the graphs look a little different. This is on 2.1.4, not on 2.2.
-
I have this problem too.Ā Apinger reports that my WAN connection keeps going up and down several times every hour.Ā It started a few months ago.Ā I have not switched ISPs or anything.Ā I installed the latest snapshot (built on Mon Jul 28 12:22:20 CDT 2014) and still have the problem.
I do not use multiple WANs.Ā Just one.
-
I had this same issue as well and ended up coding in the local/private cable modems IP address into the config (192.168.100.1) and that was the workaround I used. Doesnt do anything for monitoring the connection but it's not always bouncing the connection up and down.
-
When you say "the config," do you mean the "Monitor IP"?Ā My config was monitoring the default gateway IP, which is on the cable modem and I still had the problem.
-
I don't think this is related to the main issue described here, but I have observed a similar behavior under high network load and while using the traffic shaper, because the ping probes are put on the default queue instead of the one specified by the floating rule on WAN that is supposed to handle the situation. Probably this happens because apinger starts before the firewall itself, since killing the related states makes them go into the correct queue immediately
-
Issue still exsits in recent bulids in my testing enviroments.
-
ā¦and frequently results in tunnels (IPsec or openVPN) going down for no obvious reasons, except for apinger freakin' out.
I increased the times for apinger alarm significantly, that helps at least a little...
-
I dont have these problems at all running 40+ pfsensesā¦.
I use traceroute to monitor the wanted IP upstream to decide if the GW is down.
All are stable currently running 0% packetloss..... No change from 2.0.X
I dont like the idea of monitoring other external hosts not in your upstream environment. That way you dont get a real picture of your GW status.
-
I dont have these problems at all running 40+ pfsensesā¦.
What's your config for WAN interfaces? I see allot of people write that have problems but doesn't put configs to help troubleshoot the problem.
Some times i have the problem in my multi-wan interface (PPPoE only config user and pass and a ppp (LTE) WAN only config default number). Don't see the problem when i disconnect my ppp.
-
More or less the same for all 40+ā¦.
-
I use traceroute to monitor the wanted IP upstream to decide if the GW is down.
All are stable currently running 0% packetlossā¦.. No change from 2.0.X
I dont like the idea of monitoring other external hosts not in your upstream environment. That way you dont get a real picture of your GW status.
Could you please tell us how to use traceroute to monitor the wanted IP upstream to decide if the GW is down?
Multi-wan with static IPs and different gateways within each wan subnets are stable at least in my tests,Ā but I use pppoe connections and we get the same gateway IP allmost all the times, so we have to set at least one monitor IP outside the wan subnet,Ā and this line with outsideĀ monitor ip allways gets offline as the apinger reported, but the connectionĀ functional as normal.
If there is another to monitor the gatwway, that really helps.
-
http://ping.eu/traceroute/
Use the first one thats not in your WAN subnet.
-
http://ping.eu/traceroute/
Use the first one thats not in your WAN subnet.
It's not within pfsense, and not doneĀ automaticly either?
-
I understand why you are confusedā¦
I use traceroute to monitor the wanted IP upstream to decide if the GW is down.
I use traceroute to locate the IP to monitor and then use the built in GW monitor tool in PFSense.
Works fine here.
-
I understand why you are confusedā¦
I use traceroute to monitor the wanted IP upstream to decide if the GW is down.
I use traceroute to locate the IP to monitor and then use the built in GW monitor tool in PFSense.
Works fine here.
OK, I did that several months ago,Ā and with no use.
The next hop routers are always outside my wan subnet:(Thanks anyway.
-
I've been running into quite a few problems with apinger in the 2.1 series with a simple single wan configuration.
https://redmine.pfsense.org/issues/3692
I was thinking that I would try to debug it and went looking for the source code to apinger but wasn't able to find it in the 2.1.5 main or packages. Can someone send me a pointer to it?
Thanks
