Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Gateway (monitoring) seems to go to sleep

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 564 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      talaverde
      last edited by

      Re: Firewall setting to allow quality monitoring of vpn connection…

      I've created gateway groups for VPN connections (2-5 connections for same service). For the most part, it works quite well. The speed is increased 2-3 times and this helps overcome the unreliability of VPN connections. However, I noticing some strange behaviour. If I sit and just watch the dashboard, the gateway monitoring is (eventually) all green. Working well. If I stop watching it, or when I first get up in the morning and check the status, half (or more) of the gateways are down. After a few moments, they all start turning green/on. It's like they stop monitoring when I'm not watching and then mark the gateways down (turn them off) because the groups are set to disable members that are down.

      I had a problem a few months ago where the AT&T modem would block any connection I monitored because it saw too many ICMP pings as nafarious. I was able to turn tha off, but I still thought maybe I should turn down the ping frequency to avoid this issue (or maybe not?)

      I've tried playing around with the gateway monitoring settings, hoping to find a good combindation that would recognize when a gateway was down so it could remove it from the group, yet not ping to much so to avoid being blocked simply for monitoring.

      Now I'm seeing a new problem. Either the gateways or the monitoring is going to sleep, requiring me to constantly watch them or they get disconnected.

      The VPN instructions say to disable gateway monitoring. I don't want to do that because then I won't know if a (gateway) connection is down so I can r(auto) remove it from the group.

      Is anyone aware of some special functionality in this area that is either causing my problems or a solution to stop the issue?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What do you have to do to get monitoring functioning again? Can you just restart dpinger?

        If that doesn't help it could be the other end blocking pings. In which case reducing the ping frequency may well stop it triggering. Try a 2s interval, yiu may want to increase the other values also.

        What are you actually pinging on each connection? Are they all different IPs?

        Steve

        T 1 Reply Last reply Reply Quote 0
        • T
          talaverde @stephenw10
          last edited by

          @stephenw10 said in VPN Gateway (monitoring) seems to go to sleep:

          What do you have to do to get monitoring functioning again? Can you just restart dpinger?
          If that doesn't help it could be the other end blocking pings. In which case reducing the ping frequency may well stop it triggering. Try a 2s interval, yiu may want to increase the other values also.
          What are you actually pinging on each connection? Are they all different IPs?
          Steve

          To monitor the connection, I've just been using the built in monitoring in the advanced gateway settings. The gateway groups have the funcatility to priorizie and/or drop connections with increased latency or dropped packets.

          I've trid increasing the ping frequency to 4-8 times the default. I can't tell if it's worse or better.

          I've never heard of dpinger. is that an add on app? How is that different than what is built into the pfsense gateway monitoring function? They may be the exact answer I was looking for. I just want to be sure I'm not adding an app which pfsense already does on its own.

          Each gateway is monitored by a different public dns IP with < 5ms ping.

          It might just be sucky / unreliable VPN connections, but I swear when I'm watching it, it's 100% green and no zero dropped packets. When I'm off doing other stuff or close the dashboard, connections start dropping. I go back to look. half lost their connection. After a few moments of watching, they all turn green again. It's like that 'watched pot never boils' mantra, only in reverse :).

          1 Reply Last reply Reply Quote 0
          • T
            talaverde
            last edited by talaverde

            Oh, ha! I just figured out what dpinger is. It's the same thing I'm talking about. I was setting up Service Watchdog on my 2nd Carp node and saw the service name was... dpinger!

            What would you recommend for these settings? I've played around with them but found no combination that did any better than the default. Maybe you have some better ideas? Thanks!

            0_1551646121122_3b046c9e-887a-4afc-a42c-cbfb2e2b59c5-image.png

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              If you increase the probe interval want to increase the other intervals shown there in proportion. Otherwise they start to be meaningless. The Alert interval must be more than the probe interval for example.

              If you're using DNS server as monitoring targets those servers MUST be set to the same gateways in System > General setup. Each of those things sets a static route to that IP and they must agree.

              You can check the Status > Monitoring Quality graphs to see what each link has been doing historically.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.