WAN NIC losing link on Intel(R) PRO/1000 (only on 2.2.x, not on 2.1.x)
-
Thanks for the suggestion, I have tried that in the past, same problem.
The WAN interface keeps losing its ip.
-
The WAN interface keeps losing its ip.
Is it static IP or DHCP assignment? If DHCP assigned then I'd be watching at the renewals for failures / issues with a packet capture of ports 67/68. What's the lifetime being handed out? (/var/db/dhclient.leases….)
-
Is it static IP or DHCP assignment? If DHCP assigned then I'd be watching at the renewals for failures / issues with a packet capture of ports 67/68. What's the lifetime being handed out? (/var/db/dhclient.leases….)
It's dhcp (but a fixed lease), I didn't see any failures on dhcp with tcpdump. When the issue occurs, there are dhcp requests but simply no replies. (and the provider is working) Also, unplugging the ethernet cable, waiting for a minute, plugging it back in, doesn't help. Plugging a different device into the provider gives me an ip immediately.
I have to reboot (by logging into the lan or a different wan interface) the whole system.
/var/db/dhclient.leases.em1:
option dhcp-lease-time 7200; option dhcp-message-type 5; option dhcp-server-identifier 195.130.x.y; option dhcp-renewal-time 3600; option dhcp-rebinding-time 3660;
-
I didn't see any failures on dhcp with tcpdump. When the issue occurs, there are dhcp requests but simply no replies.
Why do you think that no replies is not an issue?
-
I didn't see any failures on dhcp with tcpdump. When the issue occurs, there are dhcp requests but simply no replies.
Why do you think that no replies is not an issue?
Not being helpful.. Disconnecting cable, reconnecting doesn't change anything. With 2.1.x I don't get the issue in the first place.
I have a feeling the nic comes into a broken sort of state. (might be driver related as can be seen in my first post or the other threads)
Any suggestions to fix/troubleshoot are welcome.
-
I have the same problem. I am running a 4-5 years old AMD64 box on a ASUS motherboard. I have two NICs one of which is an Intel Pro 100/1000 (4 or 5 years old). I have not yet created any custom firewall rules. When the install was fresh I could run PFSense for a few seconds to a few minutes before Pfsense stopped serving requests. The first trouble-shooting thing I did was to turn off any equipment that might compete for DHCP addressing, but to no avail.
After realising that the Gateway-log was full of error messages such as those below I stumbled up on this topic.
Dec 30 09:16:08 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:09 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:10 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:11 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:12 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:13 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:14 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:15 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:16:16 apinger: Could not bind socket on address(90.226.210.126) for monitoring address 90.226.210.1(WAN_DHCP) with error Can't assign requested address Dec 30 09:17:48 apinger: Starting Alarm Pinger, apinger(26023) Dec 30 09:36:25 apinger: Starting Alarm Pinger, apinger(21795)
Starting out I had put the LAN Interface on the Intel card, but that caused the Web Configurator to become unresponsive as soon as the link went down. Then I switched the interfaces (so that the WAN Interface uses the Intel NIC) with the somewhat positive result that I could at least reboot the system remotely when the link dropped as it kept doing after a few minutes after rebooting.
After checking "Disable hardware TCP segmentation offload" in System -> Advanced, Networking tab as advised by David_W, uptime increased from minutes to hours (at least in some cases, but sometimes it is minutes still).
I have now also tried the changing the System: Advanced: System Tuneable net.net.tcp.tso variable from 1 to 0 as advised by julicravo, but that made the system more unstable as changing that variable caused the system to stop serving request just a few minutes after rebooting. I must admit though that it is somewhat hard to tell if the net.net.tcp.so made any difference for the better or worse.
I think I will look for a dual interface card to resolve my problem. Any recommendations on such cards that play well with pfsense?
-
After checking one more time I realised that my Intel PRO NIC works fine. It is my other NIC from Marvell Semiconductors Yukon that is causing my problems. Right now I am running my WAN on the onboard ethernet and my LAN on the 1 GB Intel Pro NIC and this configuration works great. I found a thread on problems with Marvell and AMD64 here: https://forum.pfsense.org/index.php?topic=104420.msg582152#msg582152
-
any updates on this ? having similar issue
-
The only update I have is that I'm using opnsense for this specific firewall now. Not sure if that solves it because I try to keep updated with their upgrades. (and it gets very frequent updates resulting in (too) frequent reboots)
All my other pfsense firewalls have a different NIC and they don't have the problem.
I suppose we'll just have to wait until a more recent FreeBSD is used and we'll (hopefully) get updated nic drivers..
-
I hate to dig up the thread just to say "me too" but this thread accurately describes my problem. My specific WAN card is an Intel PRO/1000 PT Dual Port Server Adapter - network adapter - 2 ports (EXPI9402PTBLK). Happy to provide whatever other information would be useful.
Any updates on this issue?
I am running pfSense 2.3.2.
Would the same issue affect a Intel Pro/1000 PT Quad port D72468 39Y6137 NC364T 10N8556 EXPI9404PTG2L20 D57995?