WAN gateway goes down several times a day

ripuli

hi there

I have been using pfsense for a while now but recently it started acting up.

The problem
Several times per day (2-4) the WAN interface goes down and has to be disabled and enabled manually in order to get back up. I can see that packet loss is skyrocketing and all traffic to the outside world stops. This has started last week and has never been an issue before.

the hardware
pfsense 2.4.4 on an Asus C232 motherboard with a Intel Pentium G4560 and 8 gigs of ECC RAM, 240 GB SSD

running on the pfsense box/ setup

• I have Snort and pfblockerng installed with a pi hole for ads and tracker
• only WAN traffic goes through an OpenVPN tunnel (PIA)
• no VLANs are set up, everything on the network is in the same subnet
• Verizon Fiber 100/100 as the provider

the log

Dec 3 09:52:06	dpinger		
send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 40% dest_addr 1.1.1.1 bind_addr ext.ter.nal.ip identifier "WAN_DHCP "

Dec 3 09:51:54	dpinger		
send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 40% dest_addr 1.1.1.1 bind_addr ext.ter.nal.ip identifier "WAN_DHCP "

Dec 3 09:50:45	dpinger		
WAN_DHCP 1.1.1.1: Alarm latency 1837us stddev 2586us loss 41%

steps taken so far

• set monitor IP to 1.1.1.1 from EMPTY
• Gateway Monitoring Disabled
• Gateway Action Disabled
• disabled several device on the network which showed blocked packages around the time when WAN went down
• checked logs to find anything out of the ordinary to no avail

Since none of my solutions are working I am wondering what the problem could be. Do you have an idea which logs I could check to better find the culprit? Since my setup was working fine for at least 4 months and even the update to 2.4.4 worked for at least a week without any disconnects I assume that it is not per se a PFsense issue. That suggests that the problem is either on my end (i.e. a device flooding the gateway), it might be on Verizons end (doubtful since the connection immediately comes back up when I restart the gateway), or it might be an issue with the VPN server.

Have you guys experienced something like this before? what can I do?

any help is highly appreciated!

Kartoff

Why did you change monitor IP ? Usually it do monitoring of gateway IP in your ISP... You have to set different IP only when your ISP has only one connection and you have couple of WAN interfaces... Then if your ISP loss connectivity pfSense will catch that and move to another WAN, instead of pinging something that is there but has no internet...

ripuli

@Kartoff just to test if that is part of the problem but it isn't.

new development:
It seems the problem is on the side of PIA. I have added a gateway group and set it up to use PIA and NordVPN as a fallback and now it is running on NordVPN without a problem.

Another thread on this forum suggested that some PIA users are using the service to spam this very forum which is why some IPs seem to be banned. My humble attempt of an explanation is this: It seems reasonable to assume that PIA is having server issues and their servers are going down due to excessive load from spam activities. If the server that I am connected to is going down, then my connection would go down with it and not recover.