Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway monitoring issues with 2.5.1

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 782 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      townsenk64
      last edited by townsenk64

      With PfSense I use four seperate VPN client connections to provide a failover if a vpn connection goes down. Up through version 2.5 this has worked flawlessly using the VPN endpoint IP as the monitor IP. The VPN gateway interfaces would come up quickly stabilizing at 0% packet loss on all four connections. Without making any configuration changes upgrading to version 2.51 causes 80%-100% packet loss on all four VPN gateway interfaces and I'm lucky if any of the interfaces drop below the 15% threshold to establish a connection. When I disable gateway monitoring on these everything works but I lose any failover capability. I'm using default dpinger settings. and as I said before no config changes were made.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • T Offline
        townsenk64
        last edited by townsenk64

        I have since discovered that I can enable gateway monitoring on one or two of VPN gateway interfaces and not experience packet loss but when I enable more than that the packet lost gets progressively worse and the gateway reports 100% loss but the VPN connections remains connected. I've tried setting the monitor IP to 8.8.8.8 and other addresses known to respond to pings with the same results. I've also found that the problem didn't manifest itself until after version 2.5.1.r.20210403.0300. I can roll back to that version and all four of my VPN client gateways come up with zero packet loss within seconds.
        I find it very interesting that nobody else has experienced this issue since it's so easy for me to reproduce. I don't consider my VPN configuration unusual and it has worked for me for years. where should I start when troubleshooting this? logs? packet capture? This issue a;so persists with the most recent 2.6.0 developer version.

        T 1 Reply Last reply Reply Quote 0
        • T Offline
          townsenk64 @townsenk64
          last edited by

          So I guess there's no help here. I've rolled back to 2.4.5. There appears to be so many things wrong with 2.50/2.51 releases that it's very difficult to troubleshoot. It wouldn't surprise me to see people jumping ship. I have definitely considered alternatives.

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            vjizzle @townsenk64
            last edited by vjizzle

            @townsenk64 Hi! Indeed stay away from the 2.5 line of releases. I would love to get back to 2.4.5 -p1 but unfortunately the latest version of pfblockerng is not available on that older version of pfsense.

            For now 2.5.0 is running fine after I manually upgraded unbound but honestly I am watching it like a hawk. I don’t trust it :(. The moment I can pinpoint some weird behavior in my network to pfsense I am going back to 2.4.5 -p1 with a separate Adguard Home server for adblocking. It is sad.

            I ran 2.5.1 but that was horrible and nat just kept on dying and the only solution was rebooting. What other solutions are you looking for? I can use some ideas ...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.