Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN Connection flatlines ever now and then

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Anakha56
      last edited by

      Greetings PFSense Support,

      I am really hoping someone would be able to point me in the right direction on how to troubleshoot an issue I am having with a PFsense firewall I have.

      A bit of background, I have inherited this box because I have just started at the company, and very recently we switched from a DSL connection to a microwave point to point connection for better speed and throughput as well as VoIP phones. The VoIP system is handled by our service providers Mikrotik device and it also handles our Internet connectivity. Onto the issue at hand…

      The WAN connection on the PFSense box will sometimes drop the connection and a reboot will resolve the issue. The WAN configuration has been configured with a static IP pointing to the Mikrotik device. The gateway settings are the settings provided by the ISP. For the most part this setup is working correctly but as mentioned on occasion the WAN graph will show no traffic passing through and rebooting the box gets everything working again, I have tried rebooting the Mikrotik device first to see if that might be the issue but it had no effect only rebooting the box brings the traffic back up. I have increased the network buffer by adding kern.ipc.nmbclusters to 262144 and it appeared to work because for a few days I had no problem but then the problem would resurface. The ISP says all is fine from their end and because this is not the their hardware they cant offer much in the way of support. The reason why I tuned the buffer was because I was getting this error in the system log:

      dpinger WANGW x.x.x.x: sendto error: 55

      The LAN cable checks out okay so I dont see that as the problem. We are using No-IP free edition for Dynamic DNS.

      I am also seeing errors from OpenVPN clients along the lines of

      write udpv4: no buffer space available code=55

      So that is pointing me to a buffer issue but I don't think I can increase it anymore.

      Can someone please help out a new PFSense Admin?

      1 Reply Last reply Reply Quote 0
      • A
        Anakha56
        last edited by

        Forgot version number of PFSense, sorry.

        Version is 2.3.4-Release. I do see 2.3.4_1 and will schedule an update after hours on Monday evening. But this problem was also happening with the version previous to 2.3.4.

        1 Reply Last reply Reply Quote 0
        • A
          Anakha56
          last edited by

          So according to this graph it does not appear to be an mbuf issue? :/

          Does anyone have any suggestions for me to try? Heck if I could pay for a once off support session I would gladly do it…

          not_mbuf.PNG
          not_mbuf.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            these errors indicate the packet to the NIC, but the NIC was unable to send on the wire, it fills the buffer until its full.

            what type of NICs are in this system?
            how many states are in use?
            are you gettings interface errors ?

            or i could just link to the docs …..
            https://doc.pfsense.org/index.php/No_buffer_space_available
            ;)

            i'm guessing its a faulty NIC or a bad driver (realtek?). It might have worked flawless on a slower connection & started to act up once you got your speed boosted ...

            1 Reply Last reply Reply Quote 0
            • A
              Anakha56
              last edited by

              @heper thank you for the response and apologies for the late reply.

              1: I have no idea what NIC's are on this box but I may have found the information by using```
              dmesg | More

              
              2: I am not sure how to read the how many states are in use part. Going Diagnostics --> States, lets just say there a lot of states open the page goes on and on... If I were to reset the states what would happen?
              
              3: Is there an easy way to get interface error logs only? If I go Status --> Interfaces for both NICs there are no in/out errors or collisions as of now but when the problem happens again I will be sure to check this page.
              
              Regarding the page you have linked thats how I found myself to the tuning page. When the issue happens again I will try bouncing the NIC via the ifconfig command, I take it I would have to specify the NIC I want to bounce? So```
              ifconfig em3 down; ifconfig em3 up
              ```the em3 part should match the NIC I want?
              
              It is not a virtual NIC and there are no traffic shaping rules or limiters in place. I also dont have a spare NIC if it is the NIC that is faulty but hopefully with your assistance I can find out if it is indeed the NIC or something else that maybe faulty.
              
              Thank you for your assistance, if anyone else wants to help out please do :).
              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                not familiar/never heard of sundance nics. realtek is famous for being flaky on FreeBSD.
                the sundance one might be "stge0' / the realtek one should be "re0'

                to see the number of states in use, you could visit status–>monitoring

                personally i'd try with a different set of nic (but i always got some spare ones laying around in the back of my car ....)

                1 Reply Last reply Reply Quote 0
                • A
                  Anakha56
                  last edited by

                  @heper so this morning it went down again. I checked which interface is the WAN side and it is the Sundance at stge1 so I ran```
                  ifconfig stge1 down; ifconfig stge1 up

                  
                  So would that say that the NIC is faulty/driver issue with FreeBSD?
                  1 Reply Last reply Reply Quote 0
                  • A
                    Anakha56
                    last edited by

                    Morning All,

                    Apologies for resurrecting the thread but some new information has come to light in a sense. I have not had the time to pull the network card and try a different one so it is still very possible that the card is at fault.

                    I have worked out that the issue is with the VPN clients, when the guys remotely log into the system with OpenVPN and are doing work after an indeterminate amount of time the connection flat lines and I use the command mentioned above to get it up and running again.

                    Would this still indicate a network card hardware failure? Or could it be a software configuration that might be the issue?

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Network interface.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • A
                        Anakha56
                        last edited by

                        :)

                        Simple answer like that is very reassuring. We recently took offline the LTE firewall so I will take a card from that and see what happens. Never replaced a card in PFSense before so I assume from the software side when it boots up that PFSense will automatically pick up the new card and I will just have to assign it as the WAN connection?

                        Thank you for the reply, much appreciated. :)

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          The best thing to do is probably install the new NIC and boot from a USB memory stick installer or CD and see what the NICs enumerate as.

                          If your installation is fairly simple, as in no laggs, vlans, etc, it is a pretty good bet the interface reassignment will work fine.

                          If it is more complicated you might want to edit the configuration and change the physical interface names.

                          Regardless you probably want to back up the configuration, reinstall fresh, connect to LAN, and restore the configuration.

                          I would have a console connected through this evolution.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • A
                            Anakha56
                            last edited by

                            Very simple setup over here. No VLANS configured on the firewall and it looks like it is a default PFSense install with some changes to get Internet connectivity and VPN access. I always make a backup of the config before doing anything, learnt that lesson the hard way before :). Thank you for your advice :).

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.