Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN link going down

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    62 Posts 9 Posters 15.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xtofh
      last edited by

      Is packet capture on the firewall itself ok also? (I don't have a very intelligent switch on that end)

      Kristof

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        I would say, considering what you're asserting, no.  Capturing on the interface is not okay.

        Just because a packet capture on WAN captures something doesn't mean it was actually sent on the wire.

        Eliminate all doubt and capture on the switch.  Then you KNOW.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Though capturing on the WAN interface and comparing with 2.1.5 will tell you something. If they're identical then try and capture upstream to see if they're different at that point. That tells you where the change is occurring.

          Steve

          1 Reply Last reply Reply Quote 0
          • Q
            q54e3w
            last edited by

            so following my latest WAN drop, I did a bit more investigating. I believe I have found a way to force the WAN dropping issue. I don't have a switch to capture on unfortunately, my system is simple , i.e broadband modem -> pfsense 2.2.

            this is what Ive discovered,

            If I power my modem up, let it sync with the Virgin media network and then connect my pfsense WAN interface I get a DHCP address immediately. I can then unplug either coaxial or cat5 WAN cables and pfsense still gets DHCP immediately.

            If I connect my WAN interface before I power up my modem, when it syncs I do not get a DHCP address but see the repeating pattern of DHCP hunting.I believe something like my broadband line dropping or virgin lease expiration forces this type of reset and hence pfSense does not see a DHCP address.

            I'd like to do a packet capture of my WAN interface in both modes, one showing immediate DHCP allocation and one showing the looping error so somebody with greater knowledge could review and and raise a bug if its appropriate.
            Is there a preferred format or command line to capture WAN interface data, I'd like to ensure I get everything thats needed.

            1 Reply Last reply Reply Quote 0
            • X
              xtofh
              last edited by

              I was away for a while but upon returning have updated our 2.2 to 2.2.1-RELEASE.

              This was 4 days ago and since then we've not seen any issues. (doesn't mean anything yet, but I'm hopeful) I've got tcpdump running to make sure I catch anything weird if it occurs. To be sure it's okay I think I need to give it 3-4 weeks.

              @irj972, I'm not sure what the requested tcpdump parameters are but I use these:```
              tcpdump -i em1 -nnvvXSs 1514

              1 Reply Last reply Reply Quote 0
              • T
                TieT
                last edited by

                I recently did a new full install (after /etc/ got corrupted due to bad power off) and I haven't had the WAN link loss issue.

                But as irj972 stated, when pfsense is booted before the modem is booted it fails to get a IP addresss, i've also noticed this.

                1 Reply Last reply Reply Quote 0
                • X
                  xtofh
                  last edited by

                  @TieT:

                  I recently did a new full install (after /etc/ got corrupted due to bad power off) and I haven't had the WAN link loss issue.

                  Thanks for the update. And are you now running 2.2.1 or still 2.2 ?

                  1 Reply Last reply Reply Quote 0
                  • T
                    TieT
                    last edited by

                    @xtofh:

                    @TieT:

                    I recently did a new full install (after /etc/ got corrupted due to bad power off) and I haven't had the WAN link loss issue.

                    Thanks for the update. And are you now running 2.2.1 or still 2.2 ?

                    2.2.1-RELEASE (i386)
                    built on Fri Mar 13 08:16:53 CDT 2015
                    FreeBSD 10.1-RELEASE-p6

                    You're welcome  ;)

                    1 Reply Last reply Reply Quote 0
                    • X
                      xtofh
                      last edited by

                      I keep losing my ip on the WAN interface. (connected to switch, and that connects to the cable modem of business TELENET in Belgium)

                      As soon as this happens I get these (repeating) requests on the WAN interface of the DHCP interface:

                      16:39:41.829043 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
                          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:0d:88:cc:XX:XX, length 300, xid 0x304889c7, Flags [none] (0x0000)
                        Client-Ethernet-Address 00:0d:88:cc:XX:XX
                        Vendor-rfc1048 Extensions
                          Magic Cookie 0x63825363
                          DHCP-Message Option 53, length 1: Discover
                          Requested-IP Option 50, length 4: 81.82.XX.YY
                          Client-ID Option 61, length 7: ether 00:0d:88:cc:XX:XX
                          Hostname Option 12, length 7: "pfsense"
                          Parameter-Request Option 55, length 9:
                            Subnet-Mask, BR, Time-Zone, Classless-Static-Route
                            Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
                            Option 119
                      0x0000:  4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
                      0x0010:  ffff ffff 0044 0043 0134 4260 0101 0600  .....D.C.4B`....
                      0x0020:  3048 89c7 0000 0000 0000 0000 0000 0000  0H..............
                      0x0030:  0000 0000 0000 0000 000d 88cc fa2f 0000  ............./..
                      0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
                      0x0100:  0000 0000 0000 0000 6382 5363 3501 0132  ........c.Sc5..2
                      0x0110:  0451 52d1 2c3d 0701 000d 88cc fa2f 0c07  .QR.,=......./..
                      0x0120:  7066 7365 6e73 6537 0901 1c02 7903 0f06  pfsense7....y...
                      0x0130:  0c77 ff00 0000 0000 0000 0000 0000 0000  .w..............
                      0x0140:  0000 0000 0000 0000                      ........
                      

                      But no reply from upstream. However, this literally never happens with 2.1.5. The firewall with 2.2.1 (before 2.2) was a fresh install.

                      I have now re-enabled IPv6 (but not actively using it) on our pfsense WAN interface, our provider also hands out IPv6 addresses. I don't expect this to change anything but still.

                      Any suggestions on how to get the right stuff to the developers so there might be a fix for this?

                      Regards,
                      Kristof.

                      1 Reply Last reply Reply Quote 0
                      • T
                        TieT
                        last edited by

                        Hi xTofh

                        Telenet is working on their infrastructure, maybe this could explain the loss off connection ?
                        Also I don't use IPv6 and i'm not facing these problems (Telenet Whoppa)

                        Source:
                        http://klantenservice.telenet.be/content/van-welke-internetabonnementen-passen-we-de-naam-en-snelheden-aan-vanaf-29-maart-2015

                        1 Reply Last reply Reply Quote 0
                        • T
                          TieT
                          last edited by

                          Spoke too soon … lost my wan again, after starting a vpn connection, will add more details when i get home

                          :Update:

                          My HDD crashed ... thank god for backups  ;D
                          After swapping the HDD, everything is working fine again

                          1 Reply Last reply Reply Quote 0
                          • C
                            cmb
                            last edited by

                            OP's issue was confirmed resolved, a dead hard drive was the cause.

                            Locking this thread after splitting out the hijacking since adding to 5 pages of unrelated history isn't going to be helpful to find a resolution to unrelated problems.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.