A little support for a home user.

badfrogg

Looking for a little support for a home user.
I built this little pfSense router some time ago just for home use. I did not really do a lot of learning of pfSense and just let it run as it comes in a fresh install.

I am starting to experience some instability where I lose internet access for a minute or two and that happens about once a day.

So... I was wondering if someone here could take a look at it and see if there are some things that I did not do properly or if the configuration could be improved somewhat.

With me working from home and the general stress of things, I am not really in the mindset to dive into network engineering and learn this at this time. I do want to someday and that is why I built this thing in the first place, but for now, I just need internet and to be able to stay productive at my regular job.

Anyways, if someone want to help out that would be pretty cool. Just let me know what information to provide.

Thanks!

behemyth

What hardware are you using? Did you buy a pfsense appliance or are you using a custom computer. What NICs are being used? What version are you running?

Sorry for all the questions, but we need a little information in order to help you out :)

badfrogg

I built it form stuff out of the recycling bin.
I used a i7 CPU Q 820 processor.
and added a atheros wifi card for wireless interface.

other than that, I think the block diagram shows what the mother board is.

badfrogg

Oh yeah. I am on this version:

NollipfSense

@badfrogg How about system log ... please post!

badfrogg

I can see the system log link from the web GUI. There are a lot of options there. Can you explain what logs in particular and how to format them?

Sorry that my pfsense experience is so lacking.

badfrogg

Also, what kind sensitive information would these logs expose if shared publicly?

NollipfSense

@badfrogg General ... hide public IP! Since you're slow to post log, you can see here: https://forum.netgate.com/topic/137847/realtek-driver-slow-speed-lan-ports-after-realtek-driver and here: https://forum.netgate.com/topic/30212/realtek-8111e-driver-install-works

badfrogg

was trying to figure out how to hide IP addresses. Ended up just text editing it

Last 100 General Log Entries. (Maximum 100)
Apr 9 16:31:43	php-fpm	35914	/index.php: Successful login for user 'xxxxxx' from: xxx.xxx.xxx.xxxx (Local Database)
Apr 9 11:46:37	php-fpm	54423	/rc.start_packages: Restarting/Starting all packages.
Apr 9 11:46:36	check_reload_status		Starting packages
Apr 9 11:46:36	php-fpm	35914	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx - Restarting packages.
Apr 9 11:46:34	php-fpm	35914	/rc.newwanip: Creating rrd update script
Apr 9 11:46:34	php-fpm	35914	/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Apr 9 11:46:31	php-fpm	35914	/rc.newwanip: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1586447191] unbound[58203:0] error: bind: address already in use [1586447191] unbound[58203:0] fatal error: could not open ports'
Apr 9 11:46:28	php-fpm	74162	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:46:27	check_reload_status		Reloading filter
Apr 9 11:46:27	check_reload_status		Restarting OpenVPN tunnels/interfaces
Apr 9 11:46:27	check_reload_status		Restarting ipsec tunnels
Apr 9 11:46:27	check_reload_status		updating dyndns WAN_DHCP
Apr 9 11:46:27	rc.gateway_alarm	20717	>>> Gateway alarm: WAN_DHCP (Addr:xxx.xxx.xxx.xxx Alarm:0 RTT:244.715ms RTTsd:667.363ms Loss:0%)
Apr 9 11:46:20	php-fpm	25920	/index.php: Successful login for user 'xxxxxxxx' from: xxx.xxx.xxx.xxx (Local Database)
Apr 9 11:46:13	php-fpm	54423	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:46:12	check_reload_status		Reloading filter
Apr 9 11:46:12	check_reload_status		Restarting OpenVPN tunnels/interfaces
Apr 9 11:46:12	check_reload_status		Restarting ipsec tunnels
Apr 9 11:46:12	check_reload_status		updating dyndns WAN_DHCP
Apr 9 11:46:12	rc.gateway_alarm	22584	>>> Gateway alarm: WAN_DHCP (Addr:xxx.xxx.xxx.xxx Alarm:1 RTT:566.044ms RTTsd:949.119ms Loss:0%)
Apr 9 11:46:05	php-fpm	97409	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:46:04	check_reload_status		Reloading filter
Apr 9 11:46:04	check_reload_status		Restarting OpenVPN tunnels/interfaces
Apr 9 11:46:04	check_reload_status		Restarting ipsec tunnels
Apr 9 11:46:04	check_reload_status		updating dyndns WAN_DHCP6
Apr 9 11:46:04	rc.gateway_alarm	80735	>>> Gateway alarm: WAN_DHCP6 (Addr:xxxx::xxxx:xxxx:xxxx:xxxx%re0 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
Apr 9 11:46:04	check_reload_status		Reloading filter
Apr 9 11:46:04	php-fpm	54423	/rc.newwanipv6: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:46:02	php-fpm	54423	/rc.newwanipv6: Removing static route for monitor xxxx::xxxx:xxxx:xxxx:xxxx and adding a new route through xxxx::xxxx:xxxx:xxxx:xxxx%re0
Apr 9 11:45:56	check_reload_status		Reloading filter
Apr 9 11:45:56	check_reload_status		updating dyndns wan
Apr 9 11:45:56	php-fpm	98286	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:45:55	php-fpm	35914	/rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:45:55	check_reload_status		Reloading filter
Apr 9 11:45:55	check_reload_status		Restarting OpenVPN tunnels/interfaces
Apr 9 11:45:55	check_reload_status		Restarting ipsec tunnels
Apr 9 11:45:55	check_reload_status		updating dyndns WAN_DHCP6
Apr 9 11:45:55	rc.gateway_alarm	96912	>>> Gateway alarm: WAN_DHCP6 (Addr:xxxx::xxxx:xxxx:xxxx:xxxx%re0 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
Apr 9 11:45:53	php-fpm	54423	/rc.newwanipv6: rc.newwanipv6: on (IP address: xxxx:xxxx:xxxx:xx:xxxx:xxxx:xxxx:xxxx) (interface: wan) (real interface: re0).
Apr 9 11:45:53	php-fpm	54423	/rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Apr 9 11:45:53	php-fpm	35914	/rc.newwanip: Removing static route for monitor xxxx::xxxx:xxxx:xxxx:xxxx and adding a new route through xxxx::xxxx:xxxx:xxxx:xxxx%re0
Apr 9 11:45:49	rtsold		Starting dhcp6 client for interface wan(re0)
Apr 9 11:45:49	rtsold		Received RA specifying route xxxx::xxxx:xxxx:xxxx:xxxx for interface wan(re0)
Apr 9 11:45:48	check_reload_status		Restarting ipsec tunnels
Apr 9 11:45:48	php-fpm	74162	/rc.linkup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:45:46	php-fpm	35914	/rc.newwanip: rc.newwanip: on (IP address: xxx.xxx.xxx.xxx) (interface: WAN[wan]) (real interface: re0).
Apr 9 11:45:46	php-fpm	35914	/rc.newwanip: rc.newwanip: Info: starting on re0.
Apr 9 11:45:45	php-fpm	74162	/rc.linkup: Starting rtsold process
Apr 9 11:45:45	php-fpm	74162	/rc.linkup: Accept router advertisements on interface re0
Apr 9 11:45:45	php-fpm	74162	/rc.linkup: calling interface_dhcpv6_configure.
Apr 9 11:45:45	check_reload_status		rc.newwanip starting re0
Apr 9 11:45:45	php-fpm	74162	/rc.linkup: HOTPLUG: Configuring interface wan
Apr 9 11:45:45	php-fpm	74162	/rc.linkup: DEVD Ethernet attached event for wan
Apr 9 11:45:45	check_reload_status		Reloading filter
Apr 9 11:45:45	php-fpm	60799	/rc.linkup: Shutting down Router Advertisment daemon cleanly
Apr 9 11:45:45	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:44	php-fpm	25920	/rc.start_packages: Restarting/Starting all packages.
Apr 9 11:45:44	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:44	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:44	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:43	check_reload_status		Starting packages
Apr 9 11:45:43	php-fpm	98286	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx - Restarting packages.
Apr 9 11:45:42	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:42	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:42	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:42	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	php-fpm	98286	/rc.newwanip: Creating rrd update script
Apr 9 11:45:41	php-fpm	98286	/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:41	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on re0
Apr 9 11:45:39	php-fpm	54423	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:45:39	php-fpm	60799	/rc.linkup: DEVD Ethernet detached event for wan
Apr 9 11:45:38	php-fpm	54423	/rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:45:38	check_reload_status		Reloading filter
Apr 9 11:45:38	check_reload_status		Restarting OpenVPN tunnels/interfaces
Apr 9 11:45:38	check_reload_status		Restarting ipsec tunnels
Apr 9 11:45:38	check_reload_status		updating dyndns WAN_DHCP
Apr 9 11:45:38	rc.gateway_alarm	29155	>>> Gateway alarm: WAN_DHCP (Addr:xxx.xxx.xxx.xxx Alarm:1 RTT:1263.715ms RTTsd:1244.060ms Loss:0%)
Apr 9 11:45:37	php-fpm	97409	/rc.newwanipv6: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Apr 9 11:45:37	check_reload_status		Restarting OpenVPN tunnels/interfaces
Apr 9 11:45:37	check_reload_status		Restarting ipsec tunnels

NollipfSense

@badfrogg You did the right thing ... the second thread that I post above address your issue.

badfrogg

Looks like you're saying that the Realtek RTL8111E need to have a different driver loaded. That is not something I feel comfortable doing. The router works 99% of the time and that is much better then 0% if I screw it up. Also the original post is from 2009. Will the driver still be compatible?

Think I will just have to buy a proper router. It would have been cool to make this old scrap work though.

NollipfSense

@badfrogg If you can just add an Intel NIC, that's all you need. It appears that you have two empty PCI slots available ... you can add an Intel pro/1000 or i350, cheap on eBay and it's plug & play ... you should be able to handle that ... nothing wrong with the computer, it just has terrible NIC. I would use the PCIe slot and if you can remove the Realtek card that would be great.
https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2060353.m570.l1313.TR11.TRC1.A0.H0.XIntel+NIC.TRS0&_nkw=Intel+NIC&_sacat=0

badfrogg

I did finally try this again. I built another system using much better parts...

May 31 08:53:17	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0
May 31 08:53:17	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0
May 31 08:53:17	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0
May 31 08:53:17	kernel		arpresolve: can't allocate llinfo for xxx.xxx.xxx.xxx on em0

And I have pretty much the exact same problem as far as I can tell. Internet drops once or twice a day for a minute or two. I used a dell branded pro / 1000 card (dual) nic card and the mother board is an Intel DQ77KB with an i7-3770S and 16gb ddr3.

I could not afford to spend money on a new router just yet. I got this stuff out of the recycle bin too.

If anyone could help it would be awesome.

badfrogg

I searched "arpresolve: can't allocate llinfo for" and I don't think it is a hardware problem. Seems like its is a WAN DHCP thing and some compatibility issue with my cable modem and pfsense. People with Natgate branded boxes are having the same issue. But none of those posts seem to ever result in a clear way of fixing it. Some folks say that buying a static IP or changing ISPs does it. Some say that spoofing the MAC on the WAN does it. Some buy a different modem or change its firmware. Most threads just end in no resolution though.

Is pfsense just not meant for residential use?

DaddyGo

Every system is different...but you have looked at some good topics in the forum so far (MAC spoofing, compatibility issue with my cable, etc.)
@badfrogg Is pfsense just not meant for residential use?

not pfSense is much more serious than that!

at what speed do you connect to your modem?
(if you find out, turn off auto - negotional)

badfrogg

Thanks. I haven't seen that recommended before. Will give it a try.

So, what I was asking about pfsense is more along the lines of, is it not meant to be compatible with a residential ISP modems and an ISP with DHCP?

DaddyGo

It's not that simple.
PfSense uses generally accepted tested packages for DHCP, but this does not mean that there should be no problems.

for example:

This is usually not a fault of pfSense
rather, ethernet controller to ethernet controller issue (modem eth. port to pfSense WAN interface eth, port

edit: many cable ISPs use a MAC ACL
plus MAC usability rules can be set up by the ISP (tied to time, frequency, etc.)

for you, since this is an intermittent error, ethernet controller compatibility is the possible error

badfrogg

I wish I understood. Regardless, thanks for taking the time to respond. I thought it would be good to play around and DIY a router but it is quite a bit more over my head then I realized.

badfrogg

Can I take away from this that it is likely a software issue and that buying a branded Netgate box would likely not fix this problem?

DaddyGo

check this, pls:

and try to preserve the speed negotiation
by not allowing auto-negotiation

Netgate dedicated hardware is a good choice, but it may not solve your problem.
The cause must be investigated first...