Problem: WAN PPPoE reconnects multiple times every day

Nikolay_Zhelev

Hi fellows,

An update to my case:

I've updated from pfSense 2.1.5 to 2.2 couple of days ago and today the problem came again.

Feb 15 11:02:53 system log: check_reload_status: Rewriting resolv.conf
Feb 15 11:03:02 gateway log: apinger: SIGHUP received, reloading configuration.
Feb 15 11:02:53 ppp log: ppp: [wan_link0] LCP: state change Opened –> Stopping

I really need some help. I've contacted my ISP and they confirmed, that other users on my street connected to the same switch didn't have any connection drop, which means the problems is in my box.

Any ideas?

I'm looking forward to hearing from you guys.

Kind Regards,
Nick

Nikolay_Zhelev

A quick update:

I've checked my quality graphs for the time when the reconnection occurred, there are no drops and no packet losses. There are no apinger gateway down event, no alarm is triggered, which makes me think, that internal process is sending sighup to close the pppoe connection.

Is that possible and how can I identify that?

Regards,
Nick

Nikolay_Zhelev

Hi fellows,

I started digging in my pppoe configuration files and I came across one unusual thing:

As seen from the picture below, my wan interface configuration is set to IPv4 -> PPPoE and IPv6 -> None (my ISP offers me only IPv4 static address).

but when I checked my mpd_wan.conf file, located in /var/etc/ the content was "set bundle enable ipv6cp", as seen from the code below:

startup:
	# configure the console
	set console close
	# configure the web server
	set web close

default:
pppoeclient:
	create bundle static wan
	set bundle enable ipv6cp
	set iface name pppoe0
	set iface route default
	set iface disable on-demand
	set iface idle 0
	set iface enable tcpmssfix
	set iface up-script /usr/local/sbin/ppp-linkup
	set iface down-script /usr/local/sbin/ppp-linkdown
	set ipcp ranges 0.0.0.0/0 0.0.0.0/0
	set ipcp enable req-pri-dns
	set ipcp enable req-sec-dns
	#log -bund -ccp -chat -iface -ipcp -lcp -link

	create link static wan_link0 pppoe
	set link action bundle wan
	set link disable multilink
	set link keep-alive 10 60
	set link max-redial 0
	set link disable chap pap
	set link accept chap pap eap
	set link disable incoming
	set link mtu 1492
	set auth authname "username@isp.com"
	set auth password isppassword
	set pppoe service ""
	set pppoe iface re1
	open

I found this a bit unusual, therefore I started looking from where the mpd_wan.conf file is generated.

I traced the source to: etc/inc/interfaces.inc where I noticed, that by default the "set bundle enable" line is set to ipv6cp, ignoring the web interface "None" selection. Also, I noticed, that "keep-alive 10 60" is set by default, without any option to disable it.

Unfortunately I don't have deep knowledge in scriting and I'm not sure whether I'm correct in my troubleshooting, so I'll appreciate your comments here.

Shall I change ipv6cp in interfaces.inc to ipcp and also disable keep-alive, by setting "keep-alive 0 60" or not?

Regards,
Nick

stephenw10

Interesting find. Do what you like in /var, it gets rebuilt at boot anyway. Backup the old file first if you mod anything else.

Some input from a higher source:
https://forum.pfsense.org/index.php?topic=32653.msg168773#msg168773

Steve

Nikolay_Zhelev

Hi Steve,

Thank you very much for your reply!

I've backed up mpd_wan.conf and interfaces.inc and changed the "set bundle enable ipv6cp" to "set bundle enable ipcp" in the mpd_wan.conf. Also I modified interfaces.inc, because otherwise after reboot it will revert back to ipv6cp.

Out of curiosity I've disabled keep-alive and enabled verbosity logging so we'll see how it will go.

After couple of days I'll share my results.

Regards,
Nick

Nikolay_Zhelev

New discoveries:

The initial problem still persists, however I’ve discovered something very interesting.

Currently I'm located in UK. My pfsense router is in another country.

While I was talking with a person located at the same place as my router, using router’s local network, suddenly all traffic initiated from outside of my router’s network was blocked, but I was still able to communicate with the person using the local network. There was an Internet connection from the local network, but I was unable to access my router remotely, not even ping it.

I’ve contacted my ISP (router side) and they confirmed, that they are unable to test the channel, because the firewall (pfsense) is blocking everything.

Shortly, I was in a situation, where pfsense was blocking every incoming connection, but LAN side Internet access was fine.
After couple of minutes, pfsense dropped the PPPoE WAN connection and re-initiated it again. After that I was able to access the router remotely and everything was running as it should be.
When I checked the apinger log file there were two identical messages:

apinger: SIGHUP received, reloading configuration.

Any ideas, why that happened?

I’m looking forward to hearing from you.

Regards,
Nick

stephenw10

Not really I'm afraid.
That output you are seeing 'apinger: SIGHUP received' is apinger being told to reload for whatever reason, usually because the WAN address has changed or potentially changed. It should correspond with something else in the system logs giving a reason for the call.
http://en.wikipedia.org/wiki/SIGHUP#Modern_usage

So when this incident occurred you were still able to initiate new connections from inside the firewall but rules to allow traffic to the firewall from outside no longer appeared to function? Odd.

Steve

Nikolay_Zhelev

Hi Steve,

Thank you again for your time!

The wikipedia article is very nice, now I know what exactly SIGHUP is.

I think the situation becomes more clear now. Please correct me if I'm not on the right track, but I think this could be a firewall issue, rather than a PPPoE problem.

My ISP indeed closes the connection, by sending me SIGHUP signal, but I think that is the result of all inbound traffic being blocked randomly by my firewall (the issue I've experienced yesterday). If I'm not replying to any of the ISP request, then my ISP thinks that the connection is dead, therefore it closes the channel. Am I on the right track?

Regards,
Nick

stephenw10

Nope that's not your ISP sending the SIGHUP signal that's internal signalling between processes in pfSense.
Check the ppp logs for what your ISP is sending.

Steve

Nikolay_Zhelev

Thanks Steve!

I'm giving up. I'm trying to sort out this problem for 5 months and I just can't find what is wrong. I'm pretty sure that is some sort of very stupid mistake form my side, but I just can't find it.

I'm happy to pay to someone to trouble shoot the problem. Please let me know if someone is interested.

Regards,
Nick

Nikolay_Zhelev

Dear fellows,

Finally the problem is solved!

That was quite a tricky problem, due to the fact that I was trouble shooting it from distance.

One of the computers behind the pfsense firewall was running uTorrent with enabled DHT. When the computer was ON and uTorrent was in IDLE mode (no active seeding/leeching, just the app running) the WAN interface was constantly dropping my PPPoE connection. However, when uTorrent was running (actively seeding/leeching), there is no problem, but as soon as it goes to IDLE - pfsense restarts all services.

As soon as I disabled DHT on uTorrent the problem disappeared. Unfortunately I couldn't identify why with DHT enabled and uTorrent in idle, pfsense was restarting the services, but at least the problem is gone.

More on the uTorrent issue: https://forum.pfsense.org/index.php?topic=93812.0

Thank for all the help.

Regards,
Nick