PFSense drops internet connection every 10 minutes.
-
Preamble:
Hi all, hoping someone can help me out or point me in the right direction.
I setup a PFSense VM with Private Internet Access (VPN) to have all traffic from my house go through the VPN.Issue:
PFSense drops the internet connection every 10 minutes.
It seems to come back within a minute and then drops again about 10 minutes later.If I swap the PFSense VM out for my Fortigate everything works fine indefinitely (Only no VPN).
The Private Internet Access Windows client works fine but uses up my device limit for each device its on and doesn't cover visitors to the house.
(Based on that I don't think its a PIA outage as they have been rock solid. Could be wrong though).For the 10 minutes that this setup is working its working great, speeds good etc.
Nothing else in the network shows any issues when the outage occurs (Other than no internet).
I can still access the LAN interface and the web GUI during the outages.I don't see any alarming hardware usage.
(CPU seems to hit 12% max and ram about 32%).Setup:
PFSense- PFSense (2.4.4-RELEASE-p2 (amd64) ) is installed as a VM on a Microsoft Hyper-V Server 2019 host.
- The VM has 1GB of RAM and a 10GB dynamic vhdx assigned to it.
- The host's CPU is an Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz.
- The PFSense VM has two virtual NICs assigned.
- WAN:
- An External Hyper-V Switch (Based on physical Intel(R) PRO/1000 MT Server Adapter).
- Does not share the virtual switch with the Hyper-V host (Or anything else).
- Plugged directly into my ONT (Fiber box to ISP).
- Set to VLAN 10 via Hyper-V (Required by ISP).
- Gets a public IP from my ISP via DHCP (The IP is static from the ISP so it always receives the same IP).
- LAN:
- A different External Hyper-V Switch (Based on physical Intel(R) 82579LM Gigabit Network Connection).
- Shares the virtual switch with the Hyper-V host and other VMs.
- Plugged into a switch which connects to the rest of the house.
- Has no VLANs applied to it.
- WAN:
Private Internet Access (OpenVPN)
- Was setup in PFSense following this guide: https://www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-3-setup-guide
- After seeing the issue I tried replacing the PIA server DNS entry with a direct IP as i had seen some people suggest but no difference.
I have attached my 'General' and 'Gateways' logs from around the time (But have replaced my public IP and gateway with [PUBLIC IP] and [PUBLIC IP Gateway] for privacy).
In the 'Gateways' log my public gateway always fails to respond to the up check (I tried changing packet size from 0-1 but no difference).
(I assume my ISP flat out blocks ICMP on the gateway).The issue starts around 06:19 and 06:29 in the logs.
Cheers for any help/advice!!
-
This looks like an ARP issue:
Mar 24 06:19:36 kernel arpresolve: can't allocate llinfo for [PUBLIC IP GATEWAY] on hn0
The gateway should always respond to ARP even if it isn't pingable. Make sure you have all offloading options disabled in Sys > Adv > Networking.
You should disable dhcpv6 on WAN if it does not support v6. A lot of those errors are that not responding.
Change the monitoring IP on the WAN gateway to something external if it's gateway doesn't respond to ping.
Steve
-
Cheers, I will try this out when i get the chance and let you know how it goes.
-
@alphar3c0n
Heyarpresolve: can't allocate llinfo for %d.%d.%d.%d
The route for the referenced host points to a device upon which ARP is required, but ARP was unable to allocate a routing table entry in which to store the host's MAC address. This usually points to a misconfigured routing table. It can also occur if the kernel cannot allocate memory. -
This post is deleted!