Pfsense with Gateway Monitoring causeing packet loss
-
Do you have it set to reset states on gateway down?
Advanced, Misc (see attached)
If you have that set and your gateway monitoring is having problems - like the IP your monitoring is not answering pings are they are very long response time.. Then sure its possible your states are getting reset, etc. The pings to your gateway are zero byte in size pings. They should not cause any issues unless the IP your pinging is really bad in responding.. Try picking a different IP than your isp gateway if it sucks in responding to pings.
-
Hi.
Sorry for revamping an old thread but I'm on 2.4.4 and I have a very similar problem: I have two WANs, an ADSL line and a 4G one. The latter works perfectly, while the first is often reported as down with high packetloss.I've set 1.0.0.1 as monitor for DSL and 8.8.4.4 for the 4G, but I've previously tried with OpenDNS' IPs and the behavior is exactly the same.
In firewall I've configured LAN rules to force the two monitoring IPs to go to the associated GW.
If I ping from a PC in the LAN to 1.0.0.1 all packets goes through without any single loss. If I do the same from pfSense I get the loss reported by gateway monitoring.I also found a quite strange behavior: if I keep ping open on a LAN PC to 1.0.0.1 it stops receiving responses while pfSense's ping check runs. It also behaves differently if in the ping tester I choose an interface over another: if I set to auto the ping is interrupted on the LAN client.
Pinging from the ADSL modem itself works perfectly.
@johnpoz I cannot see the attachment, are the ones below the settings you were referring to?
thanks
-
Don't use Google's name servers as a monitoring IP address. They will drop your packets and you'll generate false-positives.
1.0.0.1 is (in theory) located in Australia. Are you geographically close to Australia? Long routes can time out frequently, so you may want to consider a closer address to check.
-
Yeah those are it - old pictures had some issues coming over to the new forum software.
As to 1.0.0.1 being in AU... You sure about that - its an anycast address.. Thought cloudflare had locations all over the globe, etc.
-
@tim-mcmanus I tried with OpenDNS, GoogleDNS and Cloudflare... They apparently all behave the same.
-
@johnpoz said in Pfsense with Gateway Monitoring causeing packet loss:
Yeah those are it - old pictures had some issues coming over to the new forum software.
As to 1.0.0.1 being in AU... You sure about that - its an anycast address.. Thought cloudflare had locations all over the globe, etc.
Not sure at all. Did a quick GeoIP lookup, which I generally don't trust as fact, but was curious.
-
@maxxer said in Pfsense with Gateway Monitoring causeing packet loss:
@tim-mcmanus I tried with OpenDNS, GoogleDNS and Cloudflare... They apparently all behave the same.
I generally stay away from DNS providers IP addresses. I am spoiled, I have a client about 120 miles from me and use their IP address as my check point.
-
well with a response time of 30ms from chicagoland
user@uc:~$ ping 1.0.0.1
PING 1.0.0.1 (1.0.0.1) 56(84) bytes of data.
64 bytes from 1.0.0.1: icmp_seq=1 ttl=51 time=31.6 ms
64 bytes from 1.0.0.1: icmp_seq=2 ttl=51 time=33.0 msIts clearly not in AU ;) hehehe
Unless my pings are breaking physics...
Here is their anycast map
https://www.cloudflare.com/network/
155 DC worldwide.Why can you not just use your isp gateway as monitor?
-
@johnpoz said in Pfsense with Gateway Monitoring causeing packet loss:
Yeah those are it - old pictures had some issues coming over to the new forum software.
but the settings are correct as unchecked, right?
I don't think the IP itself is being a problem, as I've used GDNS and ODNS in the past happily. It seems something related to 2.4.4, or with my config...
-
Just to report back, in our situation the upstream Zyxel modem had features to block ping, probably to mitigte DoS:
Disabling this stuff fixed gateway monitoring
