A little support for a home user.
-
Looking for a little support for a home user.
I built this little pfSense router some time ago just for home use. I did not really do a lot of learning of pfSense and just let it run as it comes in a fresh install.I am starting to experience some instability where I lose internet access for a minute or two and that happens about once a day.
So... I was wondering if someone here could take a look at it and see if there are some things that I did not do properly or if the configuration could be improved somewhat.
With me working from home and the general stress of things, I am not really in the mindset to dive into network engineering and learn this at this time. I do want to someday and that is why I built this thing in the first place, but for now, I just need internet and to be able to stay productive at my regular job.
Anyways, if someone want to help out that would be pretty cool. Just let me know what information to provide.
Thanks!
-
What hardware are you using? Did you buy a pfsense appliance or are you using a custom computer. What NICs are being used? What version are you running?
Sorry for all the questions, but we need a little information in order to help you out :)
-
I built it form stuff out of the recycling bin.
I used a i7 CPU Q 820 processor.
and added a atheros wifi card for wireless interface.other than that, I think the block diagram shows what the mother board is.
-
Oh yeah. I am on this version:
-
@badfrogg How about system log ... please post!
-
I can see the system log link from the web GUI. There are a lot of options there. Can you explain what logs in particular and how to format them?
Sorry that my pfsense experience is so lacking.
-
Also, what kind sensitive information would these logs expose if shared publicly?
-
@badfrogg General ... hide public IP! Since you're slow to post log, you can see here: https://forum.netgate.com/topic/137847/realtek-driver-slow-speed-lan-ports-after-realtek-driver and here: https://forum.netgate.com/topic/30212/realtek-8111e-driver-install-works
-
was trying to figure out how to hide IP addresses. Ended up just text editing it
Last 100 General Log Entries. (Maximum 100) Apr 9 16:31:43 php-fpm 35914 /index.php: Successful login for user 'xxxxxx' from: xxx.xxx.xxx.xxxx (Local Database) Apr 9 11:46:37 php-fpm 54423 /rc.start_packages: Restarting/Starting all packages. Apr 9 11:46:36 check_reload_status Starting packages Apr 9 11:46:36 php-fpm 35914 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx - Restarting packages. Apr 9 11:46:34 php-fpm 35914 /rc.newwanip: Creating rrd update script Apr 9 11:46:34 php-fpm 35914 /rc.newwanip: Resyncing OpenVPN instances for interface WAN. Apr 9 11:46:31 php-fpm 35914 /rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1586447191] unbound[58203:0] error: bind: address already in use [1586447191] unbound[58203:0] fatal error: could not open ports' Apr 9 11:46:28 php-fpm 74162 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:46:27 check_reload_status Reloading filter Apr 9 11:46:27 check_reload_status Restarting OpenVPN tunnels/interfaces Apr 9 11:46:27 check_reload_status Restarting ipsec tunnels Apr 9 11:46:27 check_reload_status updating dyndns WAN_DHCP Apr 9 11:46:27 rc.gateway_alarm 20717 >>> Gateway alarm: WAN_DHCP (Addr:xxx.xxx.xxx.xxx Alarm:0 RTT:244.715ms RTTsd:667.363ms Loss:0%) Apr 9 11:46:20 php-fpm 25920 /index.php: Successful login for user 'xxxxxxxx' from: xxx.xxx.xxx.xxx (Local Database) Apr 9 11:46:13 php-fpm 54423 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:46:12 check_reload_status Reloading filter Apr 9 11:46:12 check_reload_status Restarting OpenVPN tunnels/interfaces Apr 9 11:46:12 check_reload_status Restarting ipsec tunnels Apr 9 11:46:12 check_reload_status updating dyndns WAN_DHCP Apr 9 11:46:12 rc.gateway_alarm 22584 >>> Gateway alarm: WAN_DHCP (Addr:xxx.xxx.xxx.xxx Alarm:1 RTT:566.044ms RTTsd:949.119ms Loss:0%) Apr 9 11:46:05 php-fpm 97409 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:46:04 check_reload_status Reloading filter Apr 9 11:46:04 check_reload_status Restarting OpenVPN tunnels/interfaces Apr 9 11:46:04 check_reload_status Restarting ipsec tunnels Apr 9 11:46:04 check_reload_status updating dyndns WAN_DHCP6 Apr 9 11:46:04 rc.gateway_alarm 80735 >>> Gateway alarm: WAN_DHCP6 (Addr:xxxx::xxxx:xxxx:xxxx:xxxx%re0 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%) Apr 9 11:46:04 check_reload_status Reloading filter Apr 9 11:46:04 php-fpm 54423 /rc.newwanipv6: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:46:02 php-fpm 54423 /rc.newwanipv6: Removing static route for monitor xxxx::xxxx:xxxx:xxxx:xxxx and adding a new route through xxxx::xxxx:xxxx:xxxx:xxxx%re0 Apr 9 11:45:56 check_reload_status Reloading filter Apr 9 11:45:56 check_reload_status updating dyndns wan Apr 9 11:45:56 php-fpm 98286 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:45:55 php-fpm 35914 /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:45:55 check_reload_status Reloading filter Apr 9 11:45:55 check_reload_status Restarting OpenVPN tunnels/interfaces Apr 9 11:45:55 check_reload_status Restarting ipsec tunnels Apr 9 11:45:55 check_reload_status updating dyndns WAN_DHCP6 Apr 9 11:45:55 rc.gateway_alarm 96912 >>> Gateway alarm: WAN_DHCP6 (Addr:xxxx::xxxx:xxxx:xxxx:xxxx%re0 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%) Apr 9 11:45:53 php-fpm 54423 /rc.newwanipv6: rc.newwanipv6: on (IP address: xxxx:xxxx:xxxx:xx:xxxx:xxxx:xxxx:xxxx) (interface: wan) (real interface: re0). Apr 9 11:45:53 php-fpm 54423 /rc.newwanipv6: rc.newwanipv6: Info: starting on re0. Apr 9 11:45:53 php-fpm 35914 /rc.newwanip: Removing static route for monitor xxxx::xxxx:xxxx:xxxx:xxxx and adding a new route through xxxx::xxxx:xxxx:xxxx:xxxx%re0 Apr 9 11:45:49 rtsold Starting dhcp6 client for interface wan(re0) Apr 9 11:45:49 rtsold Received RA specifying route xxxx::xxxx:xxxx:xxxx:xxxx for interface wan(re0) Apr 9 11:45:48 check_reload_status Restarting ipsec tunnels Apr 9 11:45:48 php-fpm 74162 /rc.linkup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:45:46 php-fpm 35914 /rc.newwanip: rc.newwanip: on (IP address: xxx.xxx.xxx.xxx) (interface: WAN[wan]) (real interface: re0). Apr 9 11:45:46 php-fpm 35914 /rc.newwanip: rc.newwanip: Info: starting on re0. Apr 9 11:45:45 php-fpm 74162 /rc.linkup: Starting rtsold process Apr 9 11:45:45 php-fpm 74162 /rc.linkup: Accept router advertisements on interface re0 Apr 9 11:45:45 php-fpm 74162 /rc.linkup: calling interface_dhcpv6_configure. Apr 9 11:45:45 check_reload_status rc.newwanip starting re0 Apr 9 11:45:45 php-fpm 74162 /rc.linkup: HOTPLUG: Configuring interface wan Apr 9 11:45:45 php-fpm 74162 /rc.linkup: DEVD Ethernet attached event for wan Apr 9 11:45:45 check_reload_status Reloading filter Apr 9 11:45:45 php-fpm 60799 /rc.linkup: Shutting down Router Advertisment daemon cleanly Apr 9 11:45:45 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:44 php-fpm 25920 /rc.start_packages: Restarting/Starting all packages. Apr 9 11:45:44 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:44 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:44 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:43 check_reload_status Starting packages Apr 9 11:45:43 php-fpm 98286 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx - Restarting packages. Apr 9 11:45:42 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:42 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:42 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:42 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 php-fpm 98286 /rc.newwanip: Creating rrd update script Apr 9 11:45:41 php-fpm 98286 /rc.newwanip: Resyncing OpenVPN instances for interface WAN. Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:41 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0 Apr 9 11:45:39 php-fpm 54423 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:45:39 php-fpm 60799 /rc.linkup: DEVD Ethernet detached event for wan Apr 9 11:45:38 php-fpm 54423 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:45:38 check_reload_status Reloading filter Apr 9 11:45:38 check_reload_status Restarting OpenVPN tunnels/interfaces Apr 9 11:45:38 check_reload_status Restarting ipsec tunnels Apr 9 11:45:38 check_reload_status updating dyndns WAN_DHCP Apr 9 11:45:38 rc.gateway_alarm 29155 >>> Gateway alarm: WAN_DHCP (Addr:xxx.xxx.xxx.xxx Alarm:1 RTT:1263.715ms RTTsd:1244.060ms Loss:0%) Apr 9 11:45:37 php-fpm 97409 /rc.newwanipv6: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Apr 9 11:45:37 check_reload_status Restarting OpenVPN tunnels/interfaces Apr 9 11:45:37 check_reload_status Restarting ipsec tunnels
-
@badfrogg You did the right thing ... the second thread that I post above address your issue.
-
Looks like you're saying that the Realtek RTL8111E need to have a different driver loaded. That is not something I feel comfortable doing. The router works 99% of the time and that is much better then 0% if I screw it up. Also the original post is from 2009. Will the driver still be compatible?
Think I will just have to buy a proper router. It would have been cool to make this old scrap work though.
-
@badfrogg If you can just add an Intel NIC, that's all you need. It appears that you have two empty PCI slots available ... you can add an Intel pro/1000 or i350, cheap on eBay and it's plug & play ... you should be able to handle that ... nothing wrong with the computer, it just has terrible NIC. I would use the PCIe slot and if you can remove the Realtek card that would be great.
https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2060353.m570.l1313.TR11.TRC1.A0.H0.XIntel+NIC.TRS0&_nkw=Intel+NIC&_sacat=0 -
I did finally try this again. I built another system using much better parts...
May 31 08:53:17 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0 May 31 08:53:17 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0 May 31 08:53:17 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0 May 31 08:53:17 kernel arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0
And I have pretty much the exact same problem as far as I can tell. Internet drops once or twice a day for a minute or two. I used a dell branded pro / 1000 card (dual) nic card and the mother board is an Intel DQ77KB with an i7-3770S and 16gb ddr3.
I could not afford to spend money on a new router just yet. I got this stuff out of the recycle bin too.
If anyone could help it would be awesome.
-
I searched "arpresolve: can't allocate llinfo for" and I don't think it is a hardware problem. Seems like its is a WAN DHCP thing and some compatibility issue with my cable modem and pfsense. People with Natgate branded boxes are having the same issue. But none of those posts seem to ever result in a clear way of fixing it. Some folks say that buying a static IP or changing ISPs does it. Some say that spoofing the MAC on the WAN does it. Some buy a different modem or change its firmware. Most threads just end in no resolution though.
Is pfsense just not meant for residential use?
-
Every system is different...but you have looked at some good topics in the forum so far (MAC spoofing, compatibility issue with my cable, etc.)
@badfrogg Is pfsense just not meant for residential use?not pfSense is much more serious than that!
at what speed do you connect to your modem?
(if you find out, turn off auto - negotional) -
Thanks. I haven't seen that recommended before. Will give it a try.
So, what I was asking about pfsense is more along the lines of, is it not meant to be compatible with a residential ISP modems and an ISP with DHCP?
-
It's not that simple.
PfSense uses generally accepted tested packages for DHCP, but this does not mean that there should be no problems.for example:
This is usually not a fault of pfSense
rather, ethernet controller to ethernet controller issue (modem eth. port to pfSense WAN interface eth, portedit: many cable ISPs use a MAC ACL
plus MAC usability rules can be set up by the ISP (tied to time, frequency, etc.)for you, since this is an intermittent error, ethernet controller compatibility is the possible error
-
I wish I understood. Regardless, thanks for taking the time to respond. I thought it would be good to play around and DIY a router but it is quite a bit more over my head then I realized.
-
Can I take away from this that it is likely a software issue and that buying a branded Netgate box would likely not fix this problem?
-
check this, pls:
and try to preserve the speed negotiation
by not allowing auto-negotiationNetgate dedicated hardware is a good choice, but it may not solve your problem.
The cause must be investigated first... -
and try not to use the Realtek or noname ethernet controller on pfSense interfaces ...
use these:Intel I340 / I350 / i210-At / i211
edit: unfortunately, you cannot select the ethernet controller in the ISP CPE (this is given already by ISP)
-
![alt text](image url)
Got it. Will disable auto.
I am using an intel pro/1000 dual card now. But the problem is identical to the old box that ha the Realtek NIC.
Should I disable IPv6?
-
@badfrogg said in A little support for a home user.:
Can I take away from this that it is likely a software issue and that buying a branded Netgate box would likely not fix this problem?
Definitely NOT a software bug
-
I don't use IPv6 on my home network, it's unnecessary yet, but my service provides it ensure anyway
BTW, I use it in my work as it is needed in those systems...
if you don't need it much IPv6 for something (lot of IoT, etc.), turn it off
-
That is an ARP issue - thats what arpresolve is doing i assume. ARP is Layer 2. What interface is EM0? Is that your WAN interface? You can go under interfaces to see what interface that is tied to. I dont know why you would be having an ARP issue between your cable modem and the WAN port, that is really odd.
If you google that error, they talk about that generally means the device cant find its gateway. That is why I'm asking what interface EM0 is. Your using a non-netgate box, so that interface might not be your WAN.
If this interface is not your WAN, then you have the wrong network (IP Space) assigned to that interface. If you have 1.1.1.0/24 assigned to an interface and the gateway is on 1.1.2.0/24, your going to have that exact issue.
-
EM0 is connected to my Cable Modem. EM1 is connected to my home switch.
What do you mean by VM? I have pfsence booting directly from an SSD. It was the serial img.
-
Yah I updated my comment. Is your WAN interface using DHCP, or are you assigning a static IP?
-
I have Spectrum Cable Internet. It is DHCP. 400 downand 50 up.
-
OK, I use Comcast - the only thing you should have set on your WAN is DHCP for IPv4, and then DHCP for v6 if spectrum supports it - and you should be good. You dont need any other settings configured for the WAN interface other than the default two block statements at the bottom that are checked by default.
What Cable modem are you using by chance? Is it the Arris Surfboard 8200 I think it is? The little white box?
-
It is an Arris TG1682G
-
Alright, so that' an all in one modem, your definitely not just using a "cable modem". All in one modems generally require more work to work with an external router. Those have built in firewalls, and other services that could definitely be causing your problem. Have you disabled just about everything on it? Using those with wireless is very tricky too.
Does that have a pass-through setting that you can pass the WAN IP to the pfsense box? If so, have you enabled it?
Is it still acting as a Wireless Access Point for your devices?
This would be a lot more straight forward if you just bought a pure cable modem, and didnt use an all in one. My guess is you would need a wireless solution then as well.
-
When I had it installed I call the ISP and had them disable the router and wifi. I asked for the public IP to be passed thorough directly to my own personal router.
My home network is already set up with a PoE switch and access points. Its just the router that I am lacking right now.
-
Does your internet connectivity come back automatically when it stops working, or do you have to power cycle either pfsense or the cable modem?
I have a suspicion that what's actually happening is your cable modem isn't responding to dhcp requests from pfsense, and because its not your wan interface is dropping because the lease time is expiring. Does this happen right around 8 hours or so?
-
Its is random throughout the day and it comes back on its own after a minute or two.
-
Can you log into the cable modem? If you can make sure they disabled everything the firewall is doing on it. If your passing through the public IP, you dont need the firewall running on that at all anymore.
I know when I had ATT, i could pass through the public IP, but I still had to disable all the firewall services. I wonder if thats part of your problem. There shouldn't be an issue with the gateway (ARP) unless the ISP has something wrong, and I highly doubt that. My guess is your lease time is expiring, its requesting a new one (different packet types) and your firewall is responding and renewing your lease, thus your internet connectivity comes back.
I wonder if that error is because your lease time expires, pfsense ARPs for the gateway, but because the lease time expired its not technically on a network, and then when it gets or renews the IP you had its back to working again.
-
I would personally go buy a new cable modem, that is certified to work on Spectrum's network. I bet that would solve all your issues. Here is a list of Approved Modems for Spectrum:
https://www.spectrum.net/support/internet/compliant-modems-charter-network/
I use the Motorola MB8600, it has been rock solid for me for years.
-
I dont think I can log into the Modem. If I plug my computer directly into it, it will give me the public IP. I haven't tried to force the private IP and try to browse the GUI. Do you think that would work?
My Gateway Log if it helps...
May 31 15:08:07 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:06 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:05 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:05 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:04 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:08:04 dpinger WAN_DHCP 173.xxx.xxx.xxx: sendto error: 65 May 31 15:04:41 dpinger WAN_DHCP 173.xxx.xxx.xxx: Clear latency 350437us stddev 826073us loss 0% May 31 15:04:32 dpinger WAN_DHCP 173.xxx.xxx.xxx: Alarm latency 450853us stddev 885261us loss 0% May 31 15:04:27 dpinger WAN_DHCP 173.xxx.xxx.xxx: Alarm latency 521943us stddev 967372us loss 0% May 31 15:04:22 dpinger WAN_DHCP 173.xxx.xxx.xxx: Alarm latency 63587us stddev 66054us loss 25% May 31 15:04:18 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 173.xxx.xxx.xxx bind_addr 173.168.225.119 identifier "WAN_DHCP " May 31 15:04:05 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 173.xxx.xxx.xxx bind_addr 173.168.225.119 identifier "WAN_DHCP " 100%
-
Ok, so your latency spikes and your actually having packet loss. That would explain why your losing your internet connectivity. I would replace that modem, preferably with a non rented one from the list in my previous post, and i bet all your problems would go away.
If you cant currently afford to buy your own, have spectrum replace that one. There is definitely something weird going on with it.
It's also complaining about your WAN DHCP IP, so I think I'm on the right track with that too.
-
@behemyth Thank you. I will look at a new modem.
-
It is also possible there is a line problem causing the latency, maybe if the wind blows the wrong way its moving around, but that's not something they will check until you have done everything else.
Once you replace the modem, if you still have problems, remove pfsense from the loop and just run your network off the all-in-one and see if your problem goes away. If it does, then we know for sure its between the modem and pfsense.