Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem: WAN PPPoE reconnects multiple times every day

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      firewalluser
      last edited by

      Can you try 2.2 RC?

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • N Offline
        Nikolay_Zhelev
        last edited by

        Hi firewalluser,

        Thank you for your reply. Unfortunatelly I would like to avoid 2.2 RC, due to the OpenVPN TAP issue, because I'm actively using OpenVPN in bridged configuration.

        Any ideas regarding 2.1.5?

        Regards,
        Nick

        1 Reply Last reply Reply Quote 0
        • N Offline
          Nikolay_Zhelev
          last edited by

          Hi fellows,

          An update to my case:

          I've updated from pfSense 2.1.5 to 2.2 couple of days ago and today the problem came again.

          Feb 15 11:02:53 system log: check_reload_status: Rewriting resolv.conf
          Feb 15 11:03:02 gateway log: apinger: SIGHUP received, reloading configuration.
          Feb 15 11:02:53 ppp log: ppp: [wan_link0] LCP: state change Opened –> Stopping

          I really need some help. I've contacted my ISP and they confirmed, that other users on my street connected to the same switch didn't have any connection drop, which means the problems is in my box.

          Any ideas?

          I'm looking forward to hearing from you guys.

          Kind Regards,
          Nick

          1 Reply Last reply Reply Quote 0
          • N Offline
            Nikolay_Zhelev
            last edited by

            A quick update:

            I've checked my quality graphs for the time when the reconnection occurred, there are no drops and no packet losses. There are no apinger gateway down event, no alarm is triggered, which makes me think, that internal process is sending sighup to close the pppoe connection.

            Is that possible and how can I identify that?

            Regards,
            Nick

            1 Reply Last reply Reply Quote 0
            • N Offline
              Nikolay_Zhelev
              last edited by

              Hi fellows,

              I started digging in my pppoe configuration files and I came across one unusual thing:

              As seen from the picture below, my wan interface configuration is set to IPv4 -> PPPoE and IPv6 -> None (my ISP offers me only IPv4 static address).

              but when I checked my mpd_wan.conf file, located in /var/etc/ the content was "set bundle enable ipv6cp", as seen from the code below:

              startup:
              	# configure the console
              	set console close
              	# configure the web server
              	set web close
              
              default:
              pppoeclient:
              	create bundle static wan
              	set bundle enable ipv6cp
              	set iface name pppoe0
              	set iface route default
              	set iface disable on-demand
              	set iface idle 0
              	set iface enable tcpmssfix
              	set iface up-script /usr/local/sbin/ppp-linkup
              	set iface down-script /usr/local/sbin/ppp-linkdown
              	set ipcp ranges 0.0.0.0/0 0.0.0.0/0
              	set ipcp enable req-pri-dns
              	set ipcp enable req-sec-dns
              	#log -bund -ccp -chat -iface -ipcp -lcp -link
              
              	create link static wan_link0 pppoe
              	set link action bundle wan
              	set link disable multilink
              	set link keep-alive 10 60
              	set link max-redial 0
              	set link disable chap pap
              	set link accept chap pap eap
              	set link disable incoming
              	set link mtu 1492
              	set auth authname "username@isp.com"
              	set auth password isppassword
              	set pppoe service ""
              	set pppoe iface re1
              	open
              
              

              I found this a bit unusual, therefore I started looking from where the mpd_wan.conf file is generated.

              I traced the source to: etc/inc/interfaces.inc where I noticed, that by default the "set bundle enable" line is set to ipv6cp, ignoring the web interface "None" selection. Also, I noticed, that "keep-alive 10 60" is set by default, without any option to disable it.

              Unfortunately I don't have deep knowledge in scriting and I'm not sure whether I'm correct in my troubleshooting, so I'll appreciate your comments here.

              Shall I change ipv6cp in interfaces.inc to ipcp and also disable keep-alive, by setting "keep-alive 0 60" or not?

              Regards,
              Nick

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Interesting find. Do what you like in /var, it gets rebuilt at boot anyway. Backup the old file first if you mod anything else.

                Some input from a higher source:
                https://forum.pfsense.org/index.php?topic=32653.msg168773#msg168773

                Steve

                1 Reply Last reply Reply Quote 0
                • N Offline
                  Nikolay_Zhelev
                  last edited by

                  Hi Steve,

                  Thank you very much for your reply!

                  I've backed up mpd_wan.conf and interfaces.inc and changed the "set bundle enable ipv6cp" to "set bundle enable ipcp" in the mpd_wan.conf. Also I modified interfaces.inc, because otherwise after reboot it will revert back to ipv6cp.

                  Out of curiosity I've disabled keep-alive and enabled verbosity logging so we'll see how it will go.

                  After couple of days I'll share my results.

                  Regards,
                  Nick

                  1 Reply Last reply Reply Quote 0
                  • N Offline
                    Nikolay_Zhelev
                    last edited by

                    New discoveries:

                    The initial problem still persists, however I’ve discovered something very interesting.

                    Currently I'm located in UK. My pfsense router is in another country.

                    While I was talking with a person located at the same place as my router, using router’s local network, suddenly all traffic initiated from outside of my router’s network was blocked, but I was still able to communicate with the person using the local network. There was an Internet connection from the local network, but I was unable to access my router remotely, not even ping it.

                    I’ve contacted my ISP (router side) and they confirmed, that they are unable to test the channel, because the firewall (pfsense) is blocking everything.

                    Shortly, I was in a situation, where pfsense was blocking every incoming connection, but LAN side Internet access was fine.
                    After couple of minutes, pfsense dropped the PPPoE WAN connection and re-initiated it again. After that I was able to access the router remotely and everything was running as it should be.
                    When I checked the apinger log file there were two identical messages:

                    apinger: SIGHUP received, reloading configuration.

                    Any ideas, why that happened?

                    I’m looking forward to hearing from you.

                    Regards,
                    Nick

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Not really I'm afraid.
                      That output you are seeing 'apinger: SIGHUP received' is apinger being told to reload for whatever reason, usually because the WAN address has changed or potentially changed. It should correspond with something else in the system logs giving a reason for the call.
                      http://en.wikipedia.org/wiki/SIGHUP#Modern_usage

                      So when this incident occurred you were still able to initiate new connections from inside the firewall but rules to allow traffic to the firewall from outside no longer appeared to function? Odd.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • N Offline
                        Nikolay_Zhelev
                        last edited by

                        Hi Steve,

                        Thank you again for your time!

                        The wikipedia article is very nice, now I know what exactly SIGHUP is.

                        I think the situation becomes more clear now. Please correct me if I'm not on the right track, but I think this could be a firewall issue, rather than a PPPoE problem.

                        My ISP indeed closes the connection, by sending me SIGHUP signal, but I think that is the result of all inbound traffic being blocked randomly by my firewall (the issue I've experienced yesterday). If I'm not replying to any of the ISP request, then my ISP thinks that the connection is dead, therefore it closes the channel. Am I on the right track?

                        Regards,
                        Nick

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Nope that's not your ISP sending the SIGHUP signal that's internal signalling between processes in pfSense.
                          Check the ppp logs for what your ISP is sending.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • N Offline
                            Nikolay_Zhelev
                            last edited by

                            Thanks Steve!

                            I'm giving up. I'm trying to sort out this problem for 5 months and I just can't find what is wrong. I'm pretty sure that is some sort of very stupid mistake form my side, but I just can't find it.

                            I'm happy to pay to someone to trouble shoot the problem. Please let me know if someone is interested.

                            Regards,
                            Nick

                            1 Reply Last reply Reply Quote 0
                            • N Offline
                              Nikolay_Zhelev
                              last edited by

                              Dear fellows,

                              Finally the problem is solved!

                              That was quite a tricky problem, due to the fact that I was trouble shooting it from distance.

                              One of the computers behind the pfsense firewall was running uTorrent with enabled DHT. When the computer was ON and uTorrent was in IDLE mode (no active seeding/leeching, just the app running) the WAN interface was constantly dropping my PPPoE connection. However, when uTorrent was running (actively seeding/leeching), there is no problem, but as soon as it goes to IDLE - pfsense restarts all services.

                              As soon as I disabled DHT on uTorrent the problem disappeared. Unfortunately I couldn't identify why with DHT enabled and uTorrent in idle, pfsense was restarting the services, but at least the problem is gone.

                              More on the uTorrent issue: https://forum.pfsense.org/index.php?topic=93812.0

                              Thank for all the help.

                              Regards,
                              Nick

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.