Apinger - possible to monitor/graph extra targets?
-
Problem is if the WAN is a /30 there is no way to assign an additional valid IP (both are already used and it will not allow duplicate GWs) so - ?
-
It can be a GW on LAN subnet. It really does NOT matter.
-
Ah ok good to know - thank you I figured if the interface was set to LAN that that would somehow break the monitoring but I guess not. Trying that out now tyvm
-
Hmm this did not work for me- have you actually done it? Maybe a screenshot would help. I've got a multi-wan setup here and when I add a dummy GW with a LAN IP (I just picked the last IP in our subnet, 172.16.103.254/22 and set the monitor IP to the upstream gateway of our WAN circuit, the result is just lots of RED packet loss in RRD and Diags > Ping says I can no longer ping the default GW (I rolled it back after a few minutes when people started complaining)
-
This obviously should NOT be set as default GW. Yeah, I have tried that, no problem. In fact, configuring GWs on LAN is required for certain purposes, like using services over IPsec tunnel.
-
Right yes of course I did not make this the default gw. I have done that too for doing DNS-over-IPSEC but those instructions also involve adding static routes and disabling the gateway monitoring for the dummy GW. So not really the same thing …
-
Worth mentioning that you don't need the LAN GW hack for DNS anymore. You can specify a source IP in the DNS forwarder settings.
-
Yes that is definitely true & good to know. This is how I am doing it now for the AD remote sites without their own DCs that are connected via IPSEC. Works great…
Back to the original question though- is there any way that anyone knows of to get apinger to generate graphs for extra hosts? The suggestion above by doktor (at least for me) didn't work. I even tried adding a VLAN and assigning a bogus IP to is (1.2.3.4) and then setting a monitor IP on that, but it results in 100% packet loss and the gateway just gets marked down right away. So not sure if or how doktornotor was able to make that work.
-
I just saw this feature request and also noticed in the comments that Jim wrote we're probably going to re-write apinger for 2.3. I realize that is a daunting task but I do hope somehow they manage to achieve it!
-
Back to the original question though- is there any way that anyone knows of to get apinger to generate graphs for extra hosts? The suggestion above by doktor (at least for me) didn't work. I even tried adding a VLAN and assigning a bogus IP to is (1.2.3.4) and then setting a monitor IP on that, but it results in 100% packet loss and the gateway just gets marked down right away. So not sure if or how doktornotor was able to make that work.
I just tried that. My LAN IP is 10.49.208.250, I made a gateway to 10.49.208.251 with a monitor IP like 8.8.8.8 (different from any monitor IP I already use). I does not work, because the code underneath adds a specific route for 8.8.8.8 to 10.49.208.251
Of course, the routing layer tries to deliver the pings for 8.8.8.8 through to 10.49.208.251 - since that IP does not exist, the packet cannot be delivered and the ping fails.Edit add: traceroute from pfSense command line to the monitor IP gives "sendto: No route to host" - I guess that means the next hop is not reachable.
I tried making the gateway IP be the pfSense LAN IP itself - I thought that might at least send the ping packet around in a spin 255 times. But traceroute now gives:
sendto: Host is downI tried making a rule that sends traffic arriving on LAN with "destination = monitor IP" to WAN gateway, hoping the monitor packet from pfSense would arrive to LAN IP and then be policy routed by the rule out WAN. Still no joy.
I also wonder what is the trick to set up a dummy gateway with monitor IP solely for the purpose of collecting the RRD graph data?
-
Interesting topic.
I would expect the monitor ping to always be sent via the interface the gateway is on. Anything else would render an external monitor IP useless. 8.8.8.8 is probably reachable via any WAN interface for example.However I don't expect to be able to reach 8.8.8.8 via a LAN interface yet via Diagnostics > Ping I can. Has that changed I'm sure it wasn't possible last time I checked? :-\
I guess the ping utility in Diagnostics uses the -S option which only changes the source address and not the interface/route. Apinger sets a route to ensure the monitor pings leave the correct interface as Phil says above.
So what's the secret to this hack then? Anyone actually got it working in 2.2?
Steve
-
I believe this could be done without any actual code modification by editing gwlb.inc But I am not smart enough to do it properly. Specifically, if there were a way to store a text file somewhere with a few simple key/value pairs [monitor ip, interface to bind to] and then read through them during the return_gateways_array() function and append them to the $gateways_arr it should work. Maybe someone who has hacked around this a bit more could offer a solution?
-
Or alternatively, I was thinking of posting a bounty for this… what do you all think would be a reasonable amount for adding something like this? I was thinking $500-1000 USD?
