Unstable internet since 2.2.4

doktornotor

Well, clearing the above noise from logs certainly won't harm anything.

firewalluser

Might also be useful.
https://redmine.pfsense.org/issues/3969

Perhaps a useful test can be got from here.
http://kb.paessler.com/en/topic/17133-what-does-could-not-bind-socket-address-and-port-are-already-in-use-mean

xman111

thanks for the links!

really looking forward to testing tonight, I am off tomorrow so I have tonight to play.

Do you guys think i should completely change hardware or work with the system/software i have right now?

doktornotor

I don't think changing HW will get you anywhere, frankly.

xman111

thanks,  you saved me a bunch of time and potentially money.  I will try to iron out issues with what I have.  will post back,  thanks for taking your time to help me.

xman111

after I disable the gateway monitoring, what would be the best way to determine if i have a problem at all?

heper

you could run a batch file on one of your clients and let it run for a while.

something like this:

@echo off

:START

ping -n 4 4.2.2.2 >nul

if %errorlevel% == 1 (
  echo Internet offline >> C:\Internet.txt
  Time /t >> C:\Internet.txt
)

Timeout /t 30
@set errorlevel = 0

GOTO START

xman111

awesome thanks Heper.. at least that gives me a start..  I was starting to think it might be an Intel network card that I have, probably isn't..

xman111

hey guys, stopping apinger seems to have helped with the errors and internet dropping, thanks for that.

I am now having problems with very high pings and slow internet.  sometimes the ping to 8.8.8.8 is 20ms, sometimes it is 800ms.  whenever I ping AirVPN, it is a 2-400ms.    I have been using DNS from UNblock, where is the setting to get the DNS from my ISP automatically?  i couldn't find them under WAN settings.

Any other hints to figure out what is going on with ping swings and generally high pings?  I cannot even use VPN it is so slow now, never had a problem before.

NOYB

Is DNS Forwarder or DNS Resolver enabled (which one)?

DNS Forwarder uses the DNS Servers specified in the System: General Setup.
DNS Resolver uses the DNS root servers.

Client DNS server assignment can be overridden in Services: DHCP server.

xman111

i have DNS forwarder enabled and just LAN and Localhost selected as this is how my VPN is supposed to be setup when i get it working.

I plugged my cable modem directly into my laptop and everything is fast.  I then rebooted and connected PFsense again and it seems better.  I think i am starting to get how DNS is assigned, thanks NOYB.  Does DNS determine my Pings?

I can switch between my ISP dns and Unblock's dns and they both seem fairly fast pinging most websites.  When i ping some of the AIRVPN servers though, I am still getting the high hundreds though, not sure what that is about.  If I can't get good pings to them, i won't be able to get the VPN up and working.

Any way to figure out where it is going off the rail?

I was able to go to pingtest.net and get an A grade on my connection.  The only problem now i guess are the very high pings to the servers at AirVPN.

NOYB

DNS should have nothing to do with ping times (assuming name resolves to same IP address).  Once name is resolved to an IP address DNS is out of the picture.

To see where the slowness may be try a trace route (tracert on a Windows client).

xman111

does this mean anything?  the request timed out on step 2.  it seemed fast until step 7.

1    <1 ms    <1 ms    <1 ms  pfSense.localdomain [192.168.1.1]
  2    *        *        *    Request timed out.
  3    9 ms    9 ms    9 ms  rd3st-tge0-13-0-10-1.vc.shawcable.net [64.59.150.85]
  4    16 ms    10 ms    14 ms  66.163.72.254
  5    14 ms    15 ms    16 ms  rc5wt-be5.wa.shawcable.net [66.163.74.158]
  6    15 ms    15 ms    13 ms  xe-9-1-0.sea22.ip4.gtt.net [77.67.71.73]
  7  160 ms  161 ms  161 ms  xe-1-3-0.fra29.ip4.gtt.net [141.136.108.17]
  8  167 ms  170 ms  168 ms  a100-gw.ip4.gtt.net [77.67.66.206]
  9  168 ms  171 ms  168 ms  54.239.5.110
10  167 ms  169 ms  167 ms  54.239.5.134
11  168 ms  173 ms  172 ms  ec2-54-93-175-114.eu-central-1.compute.amazonaws.com [54.93.175.114]

and one to google

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

1    <1 ms    <1 ms    <1 ms  pfSense.localdomain [192.168.1.1]
  2    *        *        *    Request timed out.
  3    12 ms    9 ms    10 ms  rd3st-tge0-13-0-10-1.vc.shawcable.net [64.59.150.85]
  4    18 ms    17 ms    16 ms  66.163.70.106
  5    18 ms    15 ms    16 ms  rx0wt-google.wa.shawcable.net [66.163.68.50]
  6    14 ms    15 ms    17 ms  74.125.37.95
  7    15 ms    15 ms    15 ms  209.85.250.121
  8    16 ms    16 ms    16 ms  google-public-dns-a.google.com [8.8.8.8]

NOYB

No the hop #2 time out is not significant.  Just means that router does not respond to pings.
Don't see any of the 400 to 800 ms pings you mentioned in the opening post.

That doesn't look too bad really.  Here's what it looks like from here for comparison.

Tracing route to ec2-54-93-175-114.eu-central-1.compute.amazonaws.com [54.93.175.114]
over a maximum of 30 hops:

  1     1 ms    <1 ms     1 ms  pfSense.localdomain [192.168.2.1]
  2     6 ms     5 ms     6 ms  static-50-53-160-1.bvtn.or.frontiernet.net [50.53.160.1]
  3     6 ms     5 ms     5 ms  50.38.7.201
  4    19 ms    37 ms    30 ms  ae2---0.cor02.bvtn.or.frontiernet.net [74.40.1.181]
  5    20 ms    22 ms    20 ms  ae3---0.cor01.plal.ca.frontiernet.net [74.40.1.225]
  6    21 ms    48 ms    22 ms  ae0---0.cbr01.plal.ca.frontiernet.net [74.40.3.150]
  7    21 ms    22 ms    19 ms  xe-0.paix.plalca01.us.bb.gin.ntt.net [198.32.176.14]
  8   231 ms   232 ms   232 ms  ae-15.r01.snjsca04.us.bb.gin.ntt.net [129.250.5.33]
  9    22 ms    23 ms    22 ms  ae-1.r22.snjsca04.us.bb.gin.ntt.net [129.250.3.26]
 10    88 ms    88 ms   112 ms  ae-8.r21.chcgil09.us.bb.gin.ntt.net [129.250.5.16]
 11   132 ms   142 ms   140 ms  ae-0.r20.chcgil09.us.bb.gin.ntt.net [129.250.3.97]
 12    89 ms    95 ms    88 ms  ae-5.r23.nycmny01.us.bb.gin.ntt.net [129.250.2.167]
 13   231 ms   232 ms   235 ms  ae-6.r21.frnkge03.de.bb.gin.ntt.net [129.250.3.181]
 14     *      229 ms   222 ms  ae-1.r02.frnkge03.de.bb.gin.ntt.net [129.250.4.163]
 15   169 ms   174 ms   177 ms  212.119.27.174
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18   170 ms   170 ms   175 ms  54.239.5.134
 19   169 ms   169 ms   169 ms  ec2-54-93-175-114.eu-central-1.compute.amazonaws.com [54.93.175.114]

Trace complete.

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

  1     1 ms     1 ms    <1 ms  pfSense.localdomain [192.168.2.1]
  2     6 ms     5 ms     5 ms  static-50-53-160-1.bvtn.or.frontiernet.net [50.53.160.1]
  3     7 ms     7 ms     8 ms  50.38.7.201
  4    12 ms    10 ms    12 ms  ae2---0.cor02.bvtn.or.frontiernet.net [74.40.1.181]
  5     9 ms    10 ms    10 ms  ae0---0.cor01.bvtn.or.frontiernet.net [74.40.1.185]
  6    10 ms    12 ms    10 ms  ae4---0.cor01.sttl.wa.frontiernet.net [74.40.1.221]
  7    20 ms    18 ms    15 ms  ae0---0.cbr01.sttl.wa.frontiernet.net [74.40.5.122]
  8    10 ms    12 ms    11 ms  74.40.26.131
  9    10 ms    10 ms    10 ms  72.14.238.181
 10    10 ms    10 ms    10 ms  209.85.245.67
 11    10 ms    10 ms    10 ms  google-public-dns-a.google.com [8.8.8.8]

Trace complete.

NOYB

Oh and by the way that hop #2 is probably the default gateway.  So no wonder apinger was having trouble.

So it was probably detecting and marking the WAN interface as down.  That's probably why the VPN was going down.

xman111

hate to sound like any more of a dumbass but is there a way to fix that?

i did another clean install and now am only using WAN and LAN.  I also tried plugging my WAN into the other Intel NIC which gets me a different IP address from my ISP to just test, didn't seem to make a difference.

NOYB

Configure apinger to monitor the next available hop.  Or leave apinger disabled.

xman111

thanks NOYB, i configured it to the 2nd hop and am not getting any errors, thanks for the tip.  If it gives me any problems, i will disable it but i kind of like having it on. Going to try to setup OpenVPN client tomorrow to see how it works.  Have a good night.

xman111

got the VPN up and working, seems to be better.  Having a few VPN errors though.  Not sure if it is totally taking the tunnel down or just reporting.  Going to google this a little.

Oct 31 13:20:19 openvpn[53731]: MANAGEMENT: Client disconnected
Oct 31 13:20:19 openvpn[53731]: MANAGEMENT: CMD 'status 2'
Oct 31 13:20:19 openvpn[53731]: MANAGEMENT: CMD 'state 1'
Oct 31 13:20:19 openvpn[53731]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 31 13:17:24 openvpn[53731]: MANAGEMENT: Client disconnected
Oct 31 13:17:24 openvpn[53731]: MANAGEMENT: CMD 'status 2'
Oct 31 13:17:24 openvpn[53731]: MANAGEMENT: CMD 'state 1'
Oct 31 13:17:24 openvpn[53731]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 31 13:17:23 openvpn[53731]: MANAGEMENT: Client disconnected
Oct 31 13:17:23 openvpn[53731]: MANAGEMENT: CMD 'status 2'
Oct 31 13:17:23 openvpn[53731]: MANAGEMENT: CMD 'state 1'
Oct 31 13:17:23 openvpn[53731]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 31 13:17:22 openvpn[53731]: MANAGEMENT: Client disconnected
Oct 31 13:17:22 openvpn[53731]: MANAGEMENT: CMD 'status 2'
Oct 31 13:17:22 openvpn[53731]: MANAGEMENT: CMD 'state 1'
Oct 31 13:17:22 openvpn[53731]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 31 13:17:14 openvpn[53731]: MANAGEMENT: Client disconnected
Oct 31 13:17:14 openvpn[53731]: MANAGEMENT: CMD 'status 2'
Oct 31 13:17:14 openvpn[53731]: MANAGEMENT: CMD 'state 1'
Oct 31 13:17:14 openvpn[53731]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 31 13:16:43 openvpn[53731]: MANAGEMENT: Client disconnected
Oct 31 13:16:43 openvpn[53731]: MANAGEMENT: CMD 'status 2'
Oct 31 13:16:43 openvpn[53731]: MANAGEMENT: CMD 'state 1'

xman111

hey guys, VPN is up and down like crazy..  here are the logs..  frustrating..  the rest of the network stuff seems good now, this seems like it is the only outstanding problem. Switching next weekend from 30mb cable to 100mb ADSL, can't wait.  any ideas?

Nov 1 10:31:14 php-fpm[3124]: /rc.start_packages: Restarting/Starting all packages.
Nov 1 10:31:13 check_reload_status: Starting packages
Nov 1 10:31:13 php-fpm[3124]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.4.5.207 -> 10.4.14.212 - Restarting packages.
Nov 1 10:31:11 php-fpm[3124]: /rc.newwanip: Creating rrd update script
Nov 1 10:31:07 php-fpm[3124]: /rc.newwanip: IP has changed, killing states on former IP 10.4.5.207.
Nov 1 10:31:07 php-fpm[3124]: /rc.newwanip: rc.newwanip: on (IP address: 10.4.14.212) (interface: AIRVPN_WAN[opt1]) (real interface: ovpnc1).
Nov 1 10:31:07 php-fpm[3124]: /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
Nov 1 10:31:06 check_reload_status: rc.newwanip starting ovpnc1
Nov 1 10:31:06 kernel: ovpnc1: link state changed to UP
Nov 1 10:31:05 check_reload_status: Reloading filter
Nov 1 10:31:05 kernel: ovpnc1: link state changed to DOWN
Nov 1 09:33:44 php-fpm[58963]: /rc.start_packages: Restarting/Starting all packages.
Nov 1 09:33:43 check_reload_status: Starting packages
Nov 1 09:33:43 php-fpm[58963]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.4.1.211 -> 10.4.5.207 - Restarting packages.
Nov 1 09:33:41 php-fpm[58963]: /rc.newwanip: Creating rrd update script
Nov 1 09:33:37 php-fpm[58963]: /rc.newwanip: IP has changed, killing states on former IP 10.4.1.211.
Nov 1 09:33:37 php-fpm[58963]: /rc.newwanip: rc.newwanip: on (IP address: 10.4.5.207) (interface: AIRVPN_WAN[opt1]) (real interface: ovpnc1).
Nov 1 09:33:37 php-fpm[58963]: /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
Nov 1 09:33:36 check_reload_status: rc.newwanip starting ovpnc1
Nov 1 09:33:36 kernel: ovpnc1: link state changed to UP
Nov 1 09:33:35 check_reload_status: Reloading filter
Nov 1 09:33:35 kernel: ovpnc1: link state changed to DOWN
Nov 1 09:14:58 php-fpm[24903]: /rc.start_packages: Restarting/Starting all packages.
Nov 1 09:14:57 check_reload_status: Starting packages
Nov 1 09:14:57 php-fpm[24903]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.4.7.147 -> 10.4.1.211 - Restarting packages.
Nov 1 09:14:55 php-fpm[24903]: /rc.newwanip: Creating rrd update script
Nov 1 09:14:51 php-fpm[24903]: /rc.newwanip: IP has changed, killing states on former IP 10.4.7.147.
Nov 1 09:14:51 php-fpm[24903]: /rc.newwanip: rc.newwanip: on (IP address: 10.4.1.211) (interface: AIRVPN_WAN[opt1]) (real interface: ovpnc1).
Nov 1 09:14:51 php-fpm[24903]: /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
Nov 1 09:14:50 check_reload_status: rc.newwanip starting ovpnc1
Nov 1 09:14:50 kernel: ovpnc1: link state changed to UP
Nov 1 09:14:49 check_reload_status: Reloading filter
Nov 1 09:14:49 kernel: ovpnc1: link state changed to DOWN
Nov 1 08:49:53 php-fpm[88638]: /rc.start_packages: Restarting/Starting all packages.
Nov 1 08:49:52 check_reload_status: Starting packages
Nov 1 08:49:52 php-fpm[88638]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.4.21.60 -> 10.4.7.147 - Restarting packages.
Nov 1 08:49:50 php-fpm[88638]: /rc.newwanip: Creating rrd update script
Nov 1 08:49:46 php-fpm[88638]: /rc.newwanip: IP has changed, killing states on former IP 10.4.21.60.
Nov 1 08:49:46 php-fpm[88638]: /rc.newwanip: rc.newwanip: on (IP address: 10.4.7.147) (interface: AIRVPN_WAN[opt1]) (real interface: ovpnc1).
Nov 1 08:49:46 php-fpm[88638]: /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
Nov 1 08:49:45 check_reload_status: rc.newwanip starting ovpnc1
Nov 1 08:49:45 kernel: ovpnc1: link state changed to UP
Nov 1 08:49:44 kernel: ovpnc1: link state changed to DOWN
Nov 1 08:20:24 syslogd: kernel boot file is /boot/kernel/kernel