Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    100% Loss on wan

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 5 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      techy82
      last edited by

      Hi all for the last week my pfsense setup has been acting erratic, nothing has been changed apart from snort, Ids updates

      I can be online quite happily then the connection will drop out and take a while to reconnect, it effects LAN connections to

      I have looked on the logs under system gateway and can see loss sometimes upto 100% on the wan/pia interfaces

      I have tried different pia servers with the same result, since yesterday it has been really bad and I'm luckily if I can get online at all

      Another longer entry I have found states it has ran out of buffer space

      Any ideas what's going on?

      Thanks very much

      1 Reply Last reply Reply Quote 0
      • nsi-fusionN Offline
        nsi-fusion
        last edited by

        I am interested in the SNORT subject as I will be trying this in my pfSense…

        What is happening if you disable SNORT?? Is it fixing your Internet connection??

        How much RAM you have in your box?? SNORT apparently require large amount to store all the definitions...

        How do you test your WAN, is it standard PING?? Do you have any stealth rules enabled on WAN?? Something that would drop ICMP??

        1 Reply Last reply Reply Quote 0
        • T Offline
          tucansam
          last edited by

          @techy82:

          Hi all for the last week my pfsense setup has been acting erratic, nothing has been changed apart from snort, Ids updates

          I can be online quite happily then the connection will drop out and take a while to reconnect, it effects LAN connections to

          I have looked on the logs under system gateway and can see loss sometimes upto 100% on the wan/pia interfaces

          I have tried different pia servers with the same result, since yesterday it has been really bad and I'm luckily if I can get online at all

          Another longer entry I have found states it has ran out of buffer space

          Any ideas what's going on?

          Thanks very much

          I have major, major problems with PIA weekly, and often daily.  Has been this way for almost two years now.  I have a crontab that reboots pfsense twice a day (yep), and a pair of Christmas light timers that reboot my cable modem twice a day.  When the connection goes down, that is the ONLY way to get it back up.  Restarting the openvpn service does nothing, taking the interface down and then up does nothing, only hard reboots work, and it must be on both devices.  I have tried three cable modems and I have rebuilt my pfsense machine four times using three different NICs, reinstalled pfsense from the ground up at least a dozen times using every tutorial and/or youtube video I could find reference setting up PIA.  Nothing worked (well, actually, the only thing that worked was NOT using PIA, in which case I was 100% up all the time).

          I tried troubleshooting for months, got tired of it, gained much gray hair in the process (I can't afford to get any more) and so the reboots, although highly annoying, are the easiest way for me to solve it.

          Sucks real bad when I'm connected via my VPN from on the road and I forget to note the time of day…...

          1 Reply Last reply Reply Quote 0
          • T Offline
            techy82
            last edited by

            Hi have disabled gateway monitoring on wan and piawan routing and it seems to be working again, not to sure whats going on?

            I have it running on ESXI and have 8gb allocated along with 2sockets

            1 Reply Last reply Reply Quote 0
            • T Offline
              techy82
              last edited by

              well it dropped again so i upped memory to  12gb so far so good

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by

                well, actually, the only thing that worked was NOT using PIA, in which case I was 100% up all the time).

                nothing but net

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • DerelictD Offline
                  Derelict LAYER 8 Netgate
                  last edited by

                  @techy82:

                  well it dropped again so i upped memory to  12gb so far so good

                  OpenVPN runs just fine in less RAM than that.

                  Snort needs some RAM but is mostly CPU and runs well in far, far less than 12 gigs.

                  You have a free RAM widget right on the dashboard. If it shows 6GB free adding more isn't going to help anything.

                  Learn to troubleshoot connectivity and packet capture out OpenVPN and out WAN. If the traffic is leaving OpenVPN and the traffic is also leaving WAN on the OpenVPN port, and nothing is coming back, it's either PIA or your ISP. Change one or both.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    Blade Runner
                    last edited by

                    @tucansam:

                    @techy82:

                    Hi all for the last week my pfsense setup has been acting erratic, nothing has been changed apart from snort, Ids updates

                    I can be online quite happily then the connection will drop out and take a while to reconnect, it effects LAN connections to

                    I have looked on the logs under system gateway and can see loss sometimes upto 100% on the wan/pia interfaces

                    I have tried different pia servers with the same result, since yesterday it has been really bad and I'm luckily if I can get online at all

                    Another longer entry I have found states it has ran out of buffer space

                    Any ideas what's going on?

                    Thanks very much

                    I have major, major problems with PIA weekly, and often daily.  Has been this way for almost two years now.  I have a crontab that reboots pfsense twice a day (yep), and a pair of Christmas light timers that reboot my cable modem twice a day.  When the connection goes down, that is the ONLY way to get it back up.  Restarting the openvpn service does nothing, taking the interface down and then up does nothing, only hard reboots work, and it must be on both devices.  I have tried three cable modems and I have rebuilt my pfsense machine four times using three different NICs, reinstalled pfsense from the ground up at least a dozen times using every tutorial and/or youtube video I could find reference setting up PIA.  Nothing worked (well, actually, the only thing that worked was NOT using PIA, in which case I was 100% up all the time).

                    I tried troubleshooting for months, got tired of it, gained much gray hair in the process (I can't afford to get any more) and so the reboots, although highly annoying, are the easiest way for me to solve it.

                    Sucks real bad when I'm connected via my VPN from on the road and I forget to note the time of day…...

                    PIA is not correctly configured. A routing loop is triggering error message.

                    Do not be afraid to fail.

                    1 Reply Last reply Reply Quote 0
                    • T Offline
                      techy82
                      last edited by

                      @Derelict:

                      @techy82:

                      well it dropped again so i upped memory to  12gb so far so good

                      OpenVPN runs just fine in less RAM than that.

                      Snort needs some RAM but is mostly CPU and runs well in far, far less than 12 gigs.

                      You have a free RAM widget right on the dashboard. If it shows 6GB free adding more isn't going to help anything.

                      Learn to troubleshoot connectivity and packet capture out OpenVPN and out WAN. If the traffic is leaving OpenVPN and the traffic is also leaving WAN on the OpenVPN port, and nothing is coming back, it's either PIA or your ISP. Change one or both.

                      its strange its still working fine so far, ive had no drop outs I have snort, squid and openvpn and when i was checking the memory prior to upping it, it seemed fine, not to sure whats been going on

                      1 Reply Last reply Reply Quote 0
                      • DerelictD Offline
                        Derelict LAYER 8 Netgate
                        last edited by

                        Probably zero to do with your increased RAM.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.