RTO Ouf of no where

xodiacx

Hi,

I need some help please with my pfsense, I don't know who else is experiencing this but I am always getting RTO out of nowhere. Let's say I restart my router today then after few days when I try to ping via ip address or dns I will receive a RTO response. How can I troubleshoot this issue?

pfsense 2.4.3
amd64
CPU: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz (3100.07-MHz K8-class CPU)
4gb ddr3 ram

Hope someone can help me
Thanks

kiokoman

how do you solve the problem? do you restart the modem or pfsense?

stephenw10

@xodiacx said in RTO Ouf of no where:

RTO response

I assume you mean 'response timed out' or similar?

We're going to need examples of exactly what timed out. It sounds like it is still resolving if it's trying an failing to ping.
Can you ping internal hosts still? Hosts on other internal subnets?
Can you ping hosts from within pfSense on Diag > Ping or from the CLI?

Steve

xodiacx

@kiokoman by restarting the pfsense directly, after that I can ping again with no prob

xodiacx

@stephenw10 pinging from diagnostics to google.com dns will have a reply, pinging to other internal lan ip's will have a reply also, but pinging from my unit to google.com will reply to me RTO. but if I restart my pfsense box and do a ping test again It can reply now with no problems.

stephenw10

Check for a missing or incorrect default route in Diag > Routes.

If it is missing or wrong go to System > Routing > Gateways and make sure the default IPv4 gateway is set to the main WAN gateway rather than automatic.

Steve

xodiacx

@stephenw10 what if we have multiple gateways?

xodiacx

@stephenw10 please see attached/uploaded image of Diag>Routes

stephenw10

You have a default route shown there. Is that the correct default gateway?

If you have multiple WAN gateways you can set a gateway group as the default gateway there but it must be a failover group, you can't configure load-balancing there.

Steve

xodiacx

@stephenw10 so you're saying this is a misconfigured setup that's why sometimes we can ping and then sometimes not?

stephenw10

I'm saying the behaviour you're describing sounds like what happens if you have the default gateway set to automatic, there is packet loss on the main gateway and it switches to some other default route thas is invalid. If you have an internal gateway for example or potentially the OpenVPN gateway you have there.
Setting the default gateway to the main WAN gateway would prevent that if so.

Steve

xodiacx

@stephenw10 ok will into this again

JKnott

@xodiacx said in RTO Ouf of no where:

what if we have multiple gateways?

You can only have one default gateway, though you can have other routes out, but they have to be specified.