Persistent Internet Connection- available in pfSense?
-
it will mark the gateway as "DOWN' when it can no longer ping the monitor-ip.
this will result in states getting clear among a dozen other stuff going on. when your connection gets back online, and the gateway is marked as "UP' then tons of services will be restartedLet me understand your answer again…... :)
So in other words, the service will monitor the ip address given by me.
and.....if it cannot ping to the ip address, it will not try to reconnect the line(that is redial the ADSL modem)
Except keep monitoring….until it sense the connection is established to
my given IP address that is 8.8.8.8. Am I right? :) -
Reconnection feature is similar to the Linux firewall like Ipcop, see the picture below:
No it's not. That only determines whether it keeps the PPPoE session active all the time. The "persistent" option you show in IPcop is what we do by default, connect PPPoE immediately and leave it connected regardless of whether there is any activity. If your Internet drops without dropping your PPPoE session, that won't do anything. The PPPoE won't try to reconnect unless it's actually not connected. That's true on Linux too. If your PPPoE is up, but you have no Internet, you have an ISP problem.
Gateway monitoring won't reconnect your WAN. PPPoE does that on its own. If the ISP wants/needs you to reconnect, they should terminate the session and it'll automatically reconnect. Even if they just drop the session, it'll reconnect on its own. An active PPPoE session should never lose connectivity. Where it does, it's an ISP issue.
That said, that's assuming your problem is completely losing connectivity, which isn't entirely clear is the case from the description. You mentioned losing DNS. Can you still ping out by IP when that happens? Like try pinging 8.8.8.8 or 8.8.4.4.
-
@cmb:
Reconnection feature is similar to the Linux firewall like Ipcop, see the picture below:
No it's not. That only determines whether it keeps the PPPoE session active all the time. The "persistent" option you show in IPcop is what we do by default, connect PPPoE immediately and leave it connected regardless of whether there is any activity. If your Internet drops without dropping your PPPoE session, that won't do anything. The PPPoE won't try to reconnect unless it's actually not connected. That's true on Linux too. If your PPPoE is up, but you have no Internet, you have an ISP problem.
Gateway monitoring won't reconnect your WAN. PPPoE does that on its own. If the ISP wants/needs you to reconnect, they should terminate the session and it'll automatically reconnect. Even if they just drop the session, it'll reconnect on its own. An active PPPoE session should never lose connectivity. Where it does, it's an ISP issue.
That said, that's assuming your problem is completely losing connectivity, which isn't entirely clear is the case from the description. You mentioned losing DNS. Can you still ping out by IP when that happens? Like try pinging 8.8.8.8 or 8.8.4.4.
Hi Chris,
Thank you for answering my question. :)
As you probably know by now, I was using a linux firewall before and switched to pfSense.Ok, now I know what is going on…..
-
pfSense by default is using persistent connection method, it means if the ISP cut the PPOE session,
pfSense will try to reestablish the link. -
However, if the PPOE session is still on, pfsense won't know whether the internet traffic is passing through or not.
-
Gateway monitoring- having it configuring properly, it won't make pfSense to reconnect when in
the case if PPOE session is still on, but internet traffic is not flowing from 1 end to the other end.
-
-
That said, that's assuming your problem is completely losing connectivity, which isn't entirely clear is the case from the description. You mentioned losing DNS. Can you still ping out by IP when that happens? Like try pinging 8.8.8.8 or 8.8.4.4.
Yes, if I can remember correctly, I can ping to 8.8.8.8.
But not my ISP dns server adddress.The funny thing is if I reboot the pfSense or if I do a quick disconnection and reconnection,
everything will go back to normal again. I can surf the internet after doing rebooting or
disable and enble the WAN connection.So, to solve this problem, I have a timer plugged into the power outlet and feed the power from the timer to the ADSL modem.
The timer will turn off and on(for a few seconds) the supply power to the modem every 9 am morning.On top of that, I have pfSense to schedule a reboot at 12.00 am midnight.
But it seems to partially solve the problem, though less frequent but it is still happening nevertheless, during the day occasionally.
-
Setting an external monitor IP that really becomes inaccessible will at least give you a record of when the connection fails. You can use that to compare your logs or as data to complain to your ISP. It won't reconnect though unless the PPP connection actually goes down. Using 8.8.8.8 obviously won't help if you can still ping that even when you no longer have general internet connectivity.
You probably need to establish just what you still do and don't have access to when the connection fails.
There is an option for a periodic reset in the PPPoE setup which is a better solution than an electrical timer. Everytime you reset a DSL modem the equipment at the other end sees that and very often will lower your line speed in an attempt to get a stable connection. If you are continually resetting it you may be significantly throttled! It can take up to a week of continuous connection to re-establish the correct line rate.
Steve
-
I'm thinking that if you can ping 8.8.8.8 when your internet is "down", your internet isn't down…
-
There is an option for a periodic reset in the PPPoE setup which is a better solution than an electrical timer. Everytime you reset a DSL modem the equipment at the other end sees that and very often will lower your line speed in an attempt to get a stable connection. If you are continually resetting it you may be significantly throttled! It can take up to a week of continuous connection to re-establish the correct line rate.
Hmm…...this something new to me, that is throttling down the download speed. :)
But, so far I have never tested it. ??? -
I'm thinking that if you can ping 8.8.8.8 when your internet is "down", your internet isn't down…
Yes, I already know about this.
When symptom, occurs, ISP dns server, is not reachable using Ping command.
Whereas Google free DNS server is reachable.
But internet surf in not available.
pfSense WAN interface still showing the WAN adsl PPOE connection is UP and running. -
Setting an external monitor IP that really becomes inaccessible will at least give you a record of when the connection fails. You can use that to compare your logs or as data to complain to your ISP
I am afraid, that is not much I can do, complaining this issue to the ONLY ISP available in small town.
Complaint may be accepted, but problem will still exist.
That is just bad customer service, that is way it works in my country.Usually, folks in the city won't complain, they just switch to another ISP since there are more choices available.
-
I am thinking may be 1 of the PCs is infected with malware or trojan or botnet or some malicious program,
and it is blasting out SPAM continuously…....And the ISP is blocking my dynamic WAN IP address, to stop the SPAM traffic flowing out the internet. ::)
-
When you think it is down, try to ping some other known IP addresses that should respond, like:
216.146.35.35 - DynDNS
216.146.36.36
8.8.8.8 - Googel DNS
8.8.4.4
208.67.222.222 - OpenDNS
208.67.220.220If those are all reachable, then you seem to still have internet routing.
Then try looking up names:
nslookup pfsense.org.and so on.
If it is just DNS name lookup that is broken, then point your pfSense to some of the above addresses for DNS, in System->General Setup.
-
Ok, thank you all for contributing your answers to my question.
Greatly appreciated! ;DI follow the advice from phil.davis
And see how it goes….. -
Phill is right, but this will only work if ISP provided DNS server is the issue.
-
Phill is right, but this will only work if ISP provided DNS server is the issue.
Yes, the ISP does provides its own DNS servers
See below:DNS server(s)
127.0.0.1
161.142.2.17<–---- This the 1st DNS server prodvided.
161.142.212.17<----This the 2nd DNS server provided.
192.168.1.1I am suspecting the routing (DNS traffic to the ISP DNS servers) is a bit unreliable.
-
I actually doubt this is going to fix your problem but its worth a try.
-
I actually doubt this is going to fix your problem but its worth a try.
Yes, I also doubt it, but what to do? There is only 1 crappy ISP doing business in a small town.
There is no alternative ISP available that I can switch to…..to get a better quality link connection. :)The only thing I can do is try on my end first and see it helps or not. :)
-
See - Its strange that a crappy ISP would be fixed with hardware resets and reboots on your end.
Seems more likely something on your end is to fault. -
Your provider may or may not use connection profiling to increase stability. Here in the UK it's a well known issue. For example:
http://www.thinkbroadband.com/faq/sections/radsl.html#229
And
http://en.wikipedia.org/wiki/ADSL_Max#Rate_adaptation_and_BT_Wholesale.27s_.27Dynamic_Line_Management.27_.28DLM.29
If you don't know I would try to avoid it!See - Its strange that a crappy ISP would be fixed with hardware resets and reboots on your end.
Well presumably that results in a new WAN IP address which might well restore the connection if it is being filtered as a result of some upstream malware detection. If that's true then the same thing would happen if you renew your IP by manually disconnecting and reconnecting the PPPoE session.
Steve
-
Yes - Now this I can agree with, but thats a user issue.
I think trying it a couple days with a clean install of whatever OS he likes is probably a good idea.
If malware is the problem, don't need to be bouncing his pfsense box all the time. Needs to get rid of the malware.
