Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    During transition of default gateway, pfsense is irresponsive for various seconds

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 5 Posters 728 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      felipemalmeida
      last edited by felipemalmeida

      When dpinger alarms, then all LAN can't connect to pfsense or route traffic to internet, even though I have Multi-WAN configuration and the other WAN is working properly.

      This is extremely annoying because when one WAN is unstable, the whole internet becomes unstable too because it starts ping-ponging between one WAN to the other. When the first tier WAN becomes "stable" again, then it again stops responding and routing traffic switching back, just to find a few minutes later it is not answering again.

      Is this normal behavior? Logs don't show any errors except for dpingers.

      Also, I see this same irresponsiveness when I set some configurations, such as enabling/disabling or altering any configuration on any interface.

      I use VLANs, FreeRadius, Multi-WAN and DHCP.

      Regards,

      1 Reply Last reply Reply Quote 0
      • B
        bogs
        last edited by bogs

        I registered just so I can say I am in the same boat. The router becomes unresponsive for anywhere between 2-5 minutes. Restarting does not fix it, there is no exceptions or errors in the logs just completely unusable. I have 2 WAN that I balance in a group and kick one offline on Packet or Latency loss.

        PING 192.168.1.1 (192.168.1.1): 56 data bytes
        Request timeout for icmp_seq 0
        Request timeout for icmp_seq 1
        Request timeout for icmp_seq 2
        Request timeout for icmp_seq 3
        Request timeout for icmp_seq 4
        Request timeout for icmp_seq 5
        Request timeout for icmp_seq 6
        Request timeout for icmp_seq 7
        Request timeout for icmp_seq 8
        Request timeout for icmp_seq 9
        Request timeout for icmp_seq 10
        Request timeout for icmp_seq 11
        Request timeout for icmp_seq 12
        Request timeout for icmp_seq 13
        Request timeout for icmp_seq 14
        Request timeout for icmp_seq 15
        Request timeout for icmp_seq 16
        Request timeout for icmp_seq 17
        Request timeout for icmp_seq 18
        Request timeout for icmp_seq 19
        Request timeout for icmp_seq 20
        Request timeout for icmp_seq 21
        Request timeout for icmp_seq 22
        Request timeout for icmp_seq 23
        Request timeout for icmp_seq 24
        Request timeout for icmp_seq 25
        Request timeout for icmp_seq 26
        Request timeout for icmp_seq 27
        Request timeout for icmp_seq 28
        Request timeout for icmp_seq 29
        Request timeout for icmp_seq 30
        Request timeout for icmp_seq 31
        Request timeout for icmp_seq 32
        Request timeout for icmp_seq 33
        Request timeout for icmp_seq 34
        Request timeout for icmp_seq 35
        Request timeout for icmp_seq 36
        Request timeout for icmp_seq 37
        Request timeout for icmp_seq 38
        Request timeout for icmp_seq 39
        Request timeout for icmp_seq 40
        Request timeout for icmp_seq 41
        Request timeout for icmp_seq 42
        Request timeout for icmp_seq 43
        Request timeout for icmp_seq 44
        Request timeout for icmp_seq 45
        Request timeout for icmp_seq 46
        Request timeout for icmp_seq 47
        Request timeout for icmp_seq 48
        Request timeout for icmp_seq 49
        Request timeout for icmp_seq 50
        Request timeout for icmp_seq 51
        Request timeout for icmp_seq 52
        Request timeout for icmp_seq 53
        Request timeout for icmp_seq 54
        Request timeout for icmp_seq 55
        Request timeout for icmp_seq 56
        Request timeout for icmp_seq 57
        Request timeout for icmp_seq 58
        Request timeout for icmp_seq 59
        Request timeout for icmp_seq 60
        Request timeout for icmp_seq 61
        Request timeout for icmp_seq 62
        Request timeout for icmp_seq 63
        Request timeout for icmp_seq 64
        Request timeout for icmp_seq 65
        Request timeout for icmp_seq 66
        Request timeout for icmp_seq 67
        Request timeout for icmp_seq 68
        Request timeout for icmp_seq 69
        Request timeout for icmp_seq 70
        Request timeout for icmp_seq 71
        Request timeout for icmp_seq 72
        Request timeout for icmp_seq 73
        Request timeout for icmp_seq 74
        Request timeout for icmp_seq 75
        Request timeout for icmp_seq 76
        Request timeout for icmp_seq 77
        Request timeout for icmp_seq 78
        Request timeout for icmp_seq 79
        Request timeout for icmp_seq 80
        Request timeout for icmp_seq 81
        Request timeout for icmp_seq 82
        Request timeout for icmp_seq 83
        Request timeout for icmp_seq 84
        Request timeout for icmp_seq 85
        Request timeout for icmp_seq 86
        Request timeout for icmp_seq 87
        Request timeout for icmp_seq 88
        Request timeout for icmp_seq 89
        Request timeout for icmp_seq 90
        Request timeout for icmp_seq 91
        Request timeout for icmp_seq 92
        Request timeout for icmp_seq 93
        Request timeout for icmp_seq 94
        Request timeout for icmp_seq 95
        Request timeout for icmp_seq 96
        Request timeout for icmp_seq 97
        Request timeout for icmp_seq 98
        Request timeout for icmp_seq 99
        Request timeout for icmp_seq 100
        Request timeout for icmp_seq 101
        Request timeout for icmp_seq 102
        Request timeout for icmp_seq 103
        Request timeout for icmp_seq 104
        64 bytes from 192.168.1.1: icmp_seq=105 ttl=64 time=2.142 ms
        64 bytes from 192.168.1.1: icmp_seq=106 ttl=64 time=3.428 ms
        
        1 Reply Last reply Reply Quote 0
        • F
          felipemalmeida
          last edited by

          Nobody knows if this is normal behavior or not? Should I, maybe, use HA with different WANs?

          1 Reply Last reply Reply Quote 0
          • M
            moo82
            last edited by moo82

            This isn't normal behavior, I have never seen this on our dual wan box with four dedicated Intel ports on two dual nics.

            What kind of network interfaces do you use for wan1, wan2 and lan?

            Are all the nics dedicated ports, or are they on one shared nic with VLANs?

            Dedicated hardware or a VM? Self made box or official Netgate box?

            F 1 Reply Last reply Reply Quote 0
            • F
              felipemalmeida @moo82
              last edited by

              @moo82 It is a https://www.aliexpress.com/item/Eglobal-Fanless-Mini-PC-J1900-Quad-Core-4-Intel-WG82583-Gigabit-Lan-Firewall-Multi-function-Router/32714820537.html

              It uses a single NIC with four ports. VLANs are used only on LAN, not WANs. But LAN also stops responding, even for pinging the box itself.

              I'll check if something appears in dmesg when this happens.

              M 1 Reply Last reply Reply Quote 0
              • M
                moo82 @felipemalmeida
                last edited by

                @felipemalmeida I wouldn't be very surprised if the Intel parts in that computer are less than genuine. Have you tried disabling hardware offloading in Advanced -> Networking to see if this remedies this issue? By default checksum offloading appears to be enabled, while LRO and TSO are disabled. Try disabling all three.

                https://docs.netgate.com/pfsense/en/latest/config/advanced-setup.html

                In any event, the J1900 CPU doesn't appear to support AES-NI, so you need to look into a replacement router or CPU upgrade before upgrading to pfsense 2.5. It will possibly be released at some point this year? ✌

                1 Reply Last reply Reply Quote 0
                • JeGrJ
                  JeGr LAYER 8 Moderator
                  last edited by

                  @moo82 said in During transition of default gateway, pfsense is irresponsive for various seconds:

                  In any event, the J1900 CPU doesn't appear to support AES-NI, so you need to look into a replacement router or CPU upgrade before upgrading to pfsense 2.5. It will possibly be released at some point this year?

                  That requirement has already been discussed and lifted for 2.5 as it will most likely not getting the REST API. But again, it wouldn't hurt to upgrade before stepping up to 2.5 either ;)

                  Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                  If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                  K 1 Reply Last reply Reply Quote 0
                  • K
                    KLX @JeGr
                    last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.