Persistent Internet Connection- available in pfSense?
-
This feature is already in pfSense.
The problem you seem to be having is that it doesn't realise when the connection has gone bad. The answer is to set the monitor IP to something else as Heper suggested. Normally it is set to the address supplied as the gateway on the WAN. If the problem is upstream of that then it will continue to respond to pings and pfSense cannot know there is a fault.Steve
-
In the past, I've seen software that will multiplex your data over several connections, recombine the data at their servers, then forward your reassembled data. Kind of a custom VPN tunnel. This way if any of your connections experiences lag spikes or packet-loss, it would very quickly shift data to your other links. You ping was ping was closer to your lowest ping connection and your bandwidth was close to some percentage of the aggregate of your links.
-
OK guys :) Thank you for answers.
So…..I went to the System->Routing->System: Gateways, below is what I get:
Name:
WAN_PPOE(default)Interface:
WANGateway:
192.228.xxx.xxxMonitor IP
192.228.xxx.xxx –--> Change this IP to a public DNS server e.g: 8.8.8.8 (Google free DNS server)
By clicking the "edit button" and key in the IP adddress = 8.8.8.8 into the Alternative monitor IPBelow is the description retrieve from the https://doc.pfsense.org/index.php/Gateway_Settings
Alternative Monitor IP: An address to ping via this gateway instead of the gateway itself. If the gateway is local, such as
one directly on a CPE or modem, then pinging a remote address such as a DNS server is a better measure of how useful or
alive the WAN may beQuestion:
This settting is concering the Apinger Service or aka Gateway Monitoring Daemon…..
And that is all I know but don't really know what is real function besides monitoring.
So, if the Apinger Service ping probing to the DNS address: 8.8.8.8 is lost/disconnected,
pfsense will try to re-establish the WAN connection again, am I right? ::) -
it will mark the gateway as "DOWN' when it can no longer ping the monitor-ip.
this will result in states getting clear among a dozen other stuff going on. when your connection gets back online, and the gateway is marked as "UP' then tons of services will be restarted -
it will mark the gateway as "DOWN' when it can no longer ping the monitor-ip.
this will result in states getting clear among a dozen other stuff going on. when your connection gets back online, and the gateway is marked as "UP' then tons of services will be restartedLet me understand your answer again…... :)
So in other words, the service will monitor the ip address given by me.
and.....if it cannot ping to the ip address, it will not try to reconnect the line(that is redial the ADSL modem)
Except keep monitoring….until it sense the connection is established to
my given IP address that is 8.8.8.8. Am I right? :) -
Reconnection feature is similar to the Linux firewall like Ipcop, see the picture below:
No it's not. That only determines whether it keeps the PPPoE session active all the time. The "persistent" option you show in IPcop is what we do by default, connect PPPoE immediately and leave it connected regardless of whether there is any activity. If your Internet drops without dropping your PPPoE session, that won't do anything. The PPPoE won't try to reconnect unless it's actually not connected. That's true on Linux too. If your PPPoE is up, but you have no Internet, you have an ISP problem.
Gateway monitoring won't reconnect your WAN. PPPoE does that on its own. If the ISP wants/needs you to reconnect, they should terminate the session and it'll automatically reconnect. Even if they just drop the session, it'll reconnect on its own. An active PPPoE session should never lose connectivity. Where it does, it's an ISP issue.
That said, that's assuming your problem is completely losing connectivity, which isn't entirely clear is the case from the description. You mentioned losing DNS. Can you still ping out by IP when that happens? Like try pinging 8.8.8.8 or 8.8.4.4.
-
@cmb:
Reconnection feature is similar to the Linux firewall like Ipcop, see the picture below:
No it's not. That only determines whether it keeps the PPPoE session active all the time. The "persistent" option you show in IPcop is what we do by default, connect PPPoE immediately and leave it connected regardless of whether there is any activity. If your Internet drops without dropping your PPPoE session, that won't do anything. The PPPoE won't try to reconnect unless it's actually not connected. That's true on Linux too. If your PPPoE is up, but you have no Internet, you have an ISP problem.
Gateway monitoring won't reconnect your WAN. PPPoE does that on its own. If the ISP wants/needs you to reconnect, they should terminate the session and it'll automatically reconnect. Even if they just drop the session, it'll reconnect on its own. An active PPPoE session should never lose connectivity. Where it does, it's an ISP issue.
That said, that's assuming your problem is completely losing connectivity, which isn't entirely clear is the case from the description. You mentioned losing DNS. Can you still ping out by IP when that happens? Like try pinging 8.8.8.8 or 8.8.4.4.
Hi Chris,
Thank you for answering my question. :)
As you probably know by now, I was using a linux firewall before and switched to pfSense.Ok, now I know what is going on…..
-
pfSense by default is using persistent connection method, it means if the ISP cut the PPOE session,
pfSense will try to reestablish the link. -
However, if the PPOE session is still on, pfsense won't know whether the internet traffic is passing through or not.
-
Gateway monitoring- having it configuring properly, it won't make pfSense to reconnect when in
the case if PPOE session is still on, but internet traffic is not flowing from 1 end to the other end.
-
-
That said, that's assuming your problem is completely losing connectivity, which isn't entirely clear is the case from the description. You mentioned losing DNS. Can you still ping out by IP when that happens? Like try pinging 8.8.8.8 or 8.8.4.4.
Yes, if I can remember correctly, I can ping to 8.8.8.8.
But not my ISP dns server adddress.The funny thing is if I reboot the pfSense or if I do a quick disconnection and reconnection,
everything will go back to normal again. I can surf the internet after doing rebooting or
disable and enble the WAN connection.So, to solve this problem, I have a timer plugged into the power outlet and feed the power from the timer to the ADSL modem.
The timer will turn off and on(for a few seconds) the supply power to the modem every 9 am morning.On top of that, I have pfSense to schedule a reboot at 12.00 am midnight.
But it seems to partially solve the problem, though less frequent but it is still happening nevertheless, during the day occasionally.
-
Setting an external monitor IP that really becomes inaccessible will at least give you a record of when the connection fails. You can use that to compare your logs or as data to complain to your ISP. It won't reconnect though unless the PPP connection actually goes down. Using 8.8.8.8 obviously won't help if you can still ping that even when you no longer have general internet connectivity.
You probably need to establish just what you still do and don't have access to when the connection fails.
There is an option for a periodic reset in the PPPoE setup which is a better solution than an electrical timer. Everytime you reset a DSL modem the equipment at the other end sees that and very often will lower your line speed in an attempt to get a stable connection. If you are continually resetting it you may be significantly throttled! It can take up to a week of continuous connection to re-establish the correct line rate.
Steve
-
I'm thinking that if you can ping 8.8.8.8 when your internet is "down", your internet isn't down…
-
There is an option for a periodic reset in the PPPoE setup which is a better solution than an electrical timer. Everytime you reset a DSL modem the equipment at the other end sees that and very often will lower your line speed in an attempt to get a stable connection. If you are continually resetting it you may be significantly throttled! It can take up to a week of continuous connection to re-establish the correct line rate.
Hmm…...this something new to me, that is throttling down the download speed. :)
But, so far I have never tested it. ??? -
I'm thinking that if you can ping 8.8.8.8 when your internet is "down", your internet isn't down…
Yes, I already know about this.
When symptom, occurs, ISP dns server, is not reachable using Ping command.
Whereas Google free DNS server is reachable.
But internet surf in not available.
pfSense WAN interface still showing the WAN adsl PPOE connection is UP and running. -
Setting an external monitor IP that really becomes inaccessible will at least give you a record of when the connection fails. You can use that to compare your logs or as data to complain to your ISP
I am afraid, that is not much I can do, complaining this issue to the ONLY ISP available in small town.
Complaint may be accepted, but problem will still exist.
That is just bad customer service, that is way it works in my country.Usually, folks in the city won't complain, they just switch to another ISP since there are more choices available.
-
I am thinking may be 1 of the PCs is infected with malware or trojan or botnet or some malicious program,
and it is blasting out SPAM continuously…....And the ISP is blocking my dynamic WAN IP address, to stop the SPAM traffic flowing out the internet. ::)
-
When you think it is down, try to ping some other known IP addresses that should respond, like:
216.146.35.35 - DynDNS
216.146.36.36
8.8.8.8 - Googel DNS
8.8.4.4
208.67.222.222 - OpenDNS
208.67.220.220If those are all reachable, then you seem to still have internet routing.
Then try looking up names:
nslookup pfsense.org.and so on.
If it is just DNS name lookup that is broken, then point your pfSense to some of the above addresses for DNS, in System->General Setup.
-
Ok, thank you all for contributing your answers to my question.
Greatly appreciated! ;DI follow the advice from phil.davis
And see how it goes….. -
Phill is right, but this will only work if ISP provided DNS server is the issue.
-
Phill is right, but this will only work if ISP provided DNS server is the issue.
Yes, the ISP does provides its own DNS servers
See below:DNS server(s)
127.0.0.1
161.142.2.17<–---- This the 1st DNS server prodvided.
161.142.212.17<----This the 2nd DNS server provided.
192.168.1.1I am suspecting the routing (DNS traffic to the ISP DNS servers) is a bit unreliable.
-
I actually doubt this is going to fix your problem but its worth a try.
-
I actually doubt this is going to fix your problem but its worth a try.
Yes, I also doubt it, but what to do? There is only 1 crappy ISP doing business in a small town.
There is no alternative ISP available that I can switch to…..to get a better quality link connection. :)The only thing I can do is try on my end first and see it helps or not. :)
