Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Intermittent loss of internet connectivity

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      If the default route was lost you would only be able to reach subnets you have static routes to, which would include OpenVPN, or over IPSec which is policy based.

      The firewall itself is unable to ping by IP or FQDN when this happens?

      Can it resolve anything?

      The DNS setup you have is the only unusual thing you've posted so far.

      Steve

      C 1 Reply Last reply Reply Quote 0
      • C
        claferriere @stephenw10
        last edited by

        @stephenw10 The firewall was unable to ping ip or FQDN after loss of internet access, but as mentioned, ipsec and openvpn were fine. Dns under Diagnostics lookup was also not working.
        When you say "Unusual" about the DNS, it was setup to ensure secure DNS lookups to Cloudflare, Quad9. It has been configured like this on the SG4860s as well and it works fine usually. Should I just be using the pre-configured options in Unbound?
        What about flushing routes if IP goes down ?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          What error do you see when you try to ping by IP? No route to host or 100% packet loss?

          Steve

          C 1 Reply Last reply Reply Quote 0
          • C
            claferriere @stephenw10
            last edited by

            @stephenw10 100% packet loss.

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @claferriere
              last edited by

              @claferriere said in Intermittent loss of internet connectivity:

              forward-zone:
              name: "."
              forward-ssl-upstream: yes
              forward-addr: 1.1.1.1@853
              forward-addr: 1.0.0.1@853
              forward-addr: 9.9.9.9@853
              forward-addr: 149.112.112.112@853

              Not that I'm using DNS over TLS but I really thought there is no need any more to manually enter these option : it became a simple check box.
              What pfSense version are you using ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              C 1 Reply Last reply Reply Quote 0
              • C
                claferriere @Gertjan
                last edited by

                @Gertjan It was recommended when I set it up. I believe the traffic didn't show up on port 853 without this.

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  See https://www.netgate.com/blog/pfsense-2-4-4-release-now-available.html (pfSense 2.4.0 from Septembre - last year) : it was included.

                  The next logical question : what is your pfSense version ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  C 1 Reply Last reply Reply Quote 0
                  • C
                    claferriere @Gertjan
                    last edited by

                    @Gertjan 2.4.4 P3 on all machines

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      Ok, great.

                      When you drop VPN usage and step back to a normal "WAN' connection, then your packet loss issue is gone ?

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      C 1 Reply Last reply Reply Quote 0
                      • C
                        claferriere @Gertjan
                        last edited by

                        @Gertjan No, the packet loss was generalized for anything on the network. However, I can still connect via ipsec or Openvpn. Once on the pfsense box, I could not ping or dns lookup from the Diag menu... But since I turned off NAT PNP it seems to have resolved the issue...keeping my fingers crossed !

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Mmm, that implies something was opening things using upnp that somehow broke opening new states perhaps. Hard to see how it could do that though. Was it open to requests from WAN maybe?
                          Something local to the device triggering it would explain why the same setup appears fine on other hardware in other location.

                          Steve

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.