Gaming time out every 2 hours on the dot…
-
I havn't had a chance to test it with many other games. But I've been playing Ark a lot lately and noticed that I keep getting time outs. I'll run a continous ping check and time it. Every 2 hours on the dot I get a row of 4 packet loses in a row and my Ark client times out.
I have troubleshooted local hardware, including switch and NIC etc… I left the continous ping running all day long and came back to a 0% packet loss. It seems to only happen when I'm playing Ark.
I have it feeling it might have to do with how packets are handled. I'm trying to set my NAT from auto to manual and see if that makes a difference. But while I'm testing that... anyone else have any recommendations?
And yes. I have the game ports forwarded.
-
I'm going to put my work hat on for a second and start asking the hard hitting questions:
1.) have you run a packet capture during the time you're playing ARK?
2.) have you checked the logs of your machine that's playing ARK (I presume that's windows…so, I'm not too sure on what logs to grab there)?
3.) what MTU are you using locally?
4.) do you have pmtu turned on (also could be pmtud)
5.) have you tried to do ping tests to other sites while playing ark?
6.) what do your system resources look like when playing ARK (ie. are you straining memory/cpu)?
7.) have you checked for any local packet drops?
8.) have you considered doing an additional packet capture on the pfsense box while also running a pcap on the gaming machine to make sure packets are even getting to the pfsense box (maybe include switches if you have a complex setup)?
9.) Have you run tcp-based pings and traceroutes? (this is pretty important as a lot of ISPs, Cloud Providers, MSPs, etc. all deprioritize ICMP packets, which can lead to drops in pings if the router/switch is too busy handling other traffic and MAY present a false positive. I suggest using traceroute with the tcp flag (for tcp-based traceroute) and nuttcp, nping (from nmap), or hping to do a tcp-based ping....just a few questions to get you going in the right direction.
-
I've done most of this but here is my answers.
1.) have you run a packet capture during the time you're playing ARK?
Yes. Used wireshark at the time. It does not show anything out of the norm. Packet simply drops randomly.2.) have you checked the logs of your machine that's playing ARK (I presume that's windows…so, I'm not too sure on what logs to grab there)?
Yes. It's a pretty clean, recently formatted machine. Game doesn't crash. It simply times out of the server. Because so there is no system logs. I've also put AV in game mode, made exceptions to my game drive and even tried to disable/remove it. It's not AV related.3.) what MTU are you using locally?
Default. I believe that is 1500.4.) do you have pmtu turned on (also could be pmtud)
No.5.) have you tried to do ping tests to other sites while playing ark?
Yes. That is how I know I've lost connection. I'm doing a continuous ping check to google.com.6.) what do your system resources look like when playing ARK (ie. are you straining memory/cpu)?
I'm running on a pretty high end system. The resources don't go above 50% and I'm running on water cooling.7.) have you checked for any local packet drops?
Yes. I was able to weed out it being a network wide issue. I ran a continuous ping check on my web server which is on opt1 as well. When I get the packet drops on my local PC. I do not get them on my server. It is local to my system and only when playing Ark.8.) have you considered doing an additional packet capture on the pfsense box while also running a pcap on the gaming machine to make sure packets are even getting to the pfsense box (maybe include switches if you have a complex setup)?
No. I'm coming from a Watchguard to PFSense. I'm fairly new to using PFSense but not to networking in general. I'm just now getting into using Snort, however not on auto block mode.9.) Have you run tcp-based pings and traceroutes? (this is pretty important as a lot of ISPs, Cloud Providers, MSPs, etc. all deprioritize ICMP packets, which can lead to drops in pings if the router/switch is too busy handling other traffic and MAY present a false positive. I suggest using traceroute with the tcp flag (for tcp-based traceroute) and nuttcp, nping (from nmap), or hping to do a tcp-based ping.
Yes. However, as I stated before. It only happens when in game and every 2 hours on the dot. I can run trace routes out of game all day and I'm unable to reproduce the problem.NOTE:
After all the tests I have done. Different servers, different games, different system etc… the only thing I can logically come up with is that the issue is related to how packets are handled when Ark is running something in the backend. Maybe it's scheduled to run a hack scan every two hours and something in the PFSense is forcing it to drop it's packet or blocks it firewall level thinking it's an attack?!?!? (although there is no logs in firewall showing that) What is weird to me is that it is every 2 hours without fail, only when in Ark!
-
Just an update.
I just installed a Qlogic NIC card in attempts to rule out a NIC issue. Still having the same problem, it really looks like a packet translation issue with PFSense.
-
The NIC didn't really make me suspect anything previously, but it's good that you ruled that out for sure. The fact that it is JUST with ARK, leads me to believe that ARK is either generating bad packets (ie. something like bad headers) or they're doing something else wrong on the server end.
Have you checked to see what the firewall is dropping in terms of invalid packets/headers?
I keep coming back to thinking that this isn't really an issue with pfsense per se unless it's doing something strange with upnp or NAT.
Have you also logged this issue with the ARK developers? It may be worthwhile to report the issue to them as well.
I would like to point out that I'm pretty new to pfsense myself, but I have a LOT of experience with detailed networking issues…specifically in linux.
There are definitely some network tweaks to perform on pfsense depending on your NIC on the WAN and the LAN to ensure that packet throughput is at its maximums. If you haven't had a look at those, it may be worth a look...BUT, I doubt it will help here since it's just ARK, unless somehow you're not stressing your system except in the situation where you're playing ARK.Your earlier description suggests you play other games on the network, but I think it'd be worthwhile to look to see what your peak usage is during the two hour window that you're able to play ARK vs. the usage in other video games with the same or greater bandwidth throughput (and potentially pps throughput as well)
-
Yeah, hardest part of troubleshooting this was that there was no entries in the logs.
I found the issue. Someone on the network wanted to "extend the wifi" so they added their own home linksys router on the network with DHCP on and the works… and it was on the EXACT same IP as the pfsense, so it wouldn't even show up on port scans etc...
I'm sure the double NAT wasn't helping...
It was just by luck I saw it and removed it from the network. Havn't had the issue since.
I even reverted my config back from before I made the change to static NAT. It works just fine on Dynamic NAT.
Thanks for all your guys input.
-
What remote servers are you running ping against? Have you tried multiple different targets, including pfSense? You need to find out where the loss starts, not just guess.
Have you tried by-passing pfSense and just running behind your modem/ONT/whatever?
-
I havn't had a chance to test it with many other games. But I've been playing Ark a lot lately and noticed that I keep getting time outs. I'll run a continous ping check and time it. Every 2 hours on the dot I get a row of 4 packet loses in a row and my Ark client times out.
I have troubleshooted local hardware, including switch and NIC etc… I left the continous ping running all day long and came back to a 0% packet loss. It seems to only happen when I'm playing Ark.
I have it feeling it might have to do with how packets are handled. I'm trying to set my NAT from auto to manual and see if that makes a difference. But while I'm testing that... anyone else have any recommendations?
And yes. I have the game ports forwarded.
By any chance does your DHCP lease reset every two hours? It shouldn't be disconnecting you but something to consider.