4. During transition of default gateway, pfsense is irresponsive for various seconds

During transition of default gateway, pfsense is irresponsive for various seconds

  • F

    When dpinger alarms, then all LAN can't connect to pfsense or route traffic to internet, even though I have Multi-WAN configuration and the other WAN is working properly.

    This is extremely annoying because when one WAN is unstable, the whole internet becomes unstable too because it starts ping-ponging between one WAN to the other. When the first tier WAN becomes "stable" again, then it again stops responding and routing traffic switching back, just to find a few minutes later it is not answering again.

    Is this normal behavior? Logs don't show any errors except for dpingers.

    Also, I see this same irresponsiveness when I set some configurations, such as enabling/disabling or altering any configuration on any interface.

    I use VLANs, FreeRadius, Multi-WAN and DHCP.

    Regards,

    0
  • B

    I registered just so I can say I am in the same boat. The router becomes unresponsive for anywhere between 2-5 minutes. Restarting does not fix it, there is no exceptions or errors in the logs just completely unusable. I have 2 WAN that I balance in a group and kick one offline on Packet or Latency loss.

    PING 192.168.1.1 (192.168.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
Request timeout for icmp_seq 9
Request timeout for icmp_seq 10
Request timeout for icmp_seq 11
Request timeout for icmp_seq 12
Request timeout for icmp_seq 13
Request timeout for icmp_seq 14
Request timeout for icmp_seq 15
Request timeout for icmp_seq 16
Request timeout for icmp_seq 17
Request timeout for icmp_seq 18
Request timeout for icmp_seq 19
Request timeout for icmp_seq 20
Request timeout for icmp_seq 21
Request timeout for icmp_seq 22
Request timeout for icmp_seq 23
Request timeout for icmp_seq 24
Request timeout for icmp_seq 25
Request timeout for icmp_seq 26
Request timeout for icmp_seq 27
Request timeout for icmp_seq 28
Request timeout for icmp_seq 29
Request timeout for icmp_seq 30
Request timeout for icmp_seq 31
Request timeout for icmp_seq 32
Request timeout for icmp_seq 33
Request timeout for icmp_seq 34
Request timeout for icmp_seq 35
Request timeout for icmp_seq 36
Request timeout for icmp_seq 37
Request timeout for icmp_seq 38
Request timeout for icmp_seq 39
Request timeout for icmp_seq 40
Request timeout for icmp_seq 41
Request timeout for icmp_seq 42
Request timeout for icmp_seq 43
Request timeout for icmp_seq 44
Request timeout for icmp_seq 45
Request timeout for icmp_seq 46
Request timeout for icmp_seq 47
Request timeout for icmp_seq 48
Request timeout for icmp_seq 49
Request timeout for icmp_seq 50
Request timeout for icmp_seq 51
Request timeout for icmp_seq 52
Request timeout for icmp_seq 53
Request timeout for icmp_seq 54
Request timeout for icmp_seq 55
Request timeout for icmp_seq 56
Request timeout for icmp_seq 57
Request timeout for icmp_seq 58
Request timeout for icmp_seq 59
Request timeout for icmp_seq 60
Request timeout for icmp_seq 61
Request timeout for icmp_seq 62
Request timeout for icmp_seq 63
Request timeout for icmp_seq 64
Request timeout for icmp_seq 65
Request timeout for icmp_seq 66
Request timeout for icmp_seq 67
Request timeout for icmp_seq 68
Request timeout for icmp_seq 69
Request timeout for icmp_seq 70
Request timeout for icmp_seq 71
Request timeout for icmp_seq 72
Request timeout for icmp_seq 73
Request timeout for icmp_seq 74
Request timeout for icmp_seq 75
Request timeout for icmp_seq 76
Request timeout for icmp_seq 77
Request timeout for icmp_seq 78
Request timeout for icmp_seq 79
Request timeout for icmp_seq 80
Request timeout for icmp_seq 81
Request timeout for icmp_seq 82
Request timeout for icmp_seq 83
Request timeout for icmp_seq 84
Request timeout for icmp_seq 85
Request timeout for icmp_seq 86
Request timeout for icmp_seq 87
Request timeout for icmp_seq 88
Request timeout for icmp_seq 89
Request timeout for icmp_seq 90
Request timeout for icmp_seq 91
Request timeout for icmp_seq 92
Request timeout for icmp_seq 93
Request timeout for icmp_seq 94
Request timeout for icmp_seq 95
Request timeout for icmp_seq 96
Request timeout for icmp_seq 97
Request timeout for icmp_seq 98
Request timeout for icmp_seq 99
Request timeout for icmp_seq 100
Request timeout for icmp_seq 101
Request timeout for icmp_seq 102
Request timeout for icmp_seq 103
Request timeout for icmp_seq 104
64 bytes from 192.168.1.1: icmp_seq=105 ttl=64 time=2.142 ms
64 bytes from 192.168.1.1: icmp_seq=106 ttl=64 time=3.428 ms
    0
  • F

    Nobody knows if this is normal behavior or not? Should I, maybe, use HA with different WANs?

    0
  • M

    This isn't normal behavior, I have never seen this on our dual wan box with four dedicated Intel ports on two dual nics.

    What kind of network interfaces do you use for wan1, wan2 and lan?

    Are all the nics dedicated ports, or are they on one shared nic with VLANs?

    Dedicated hardware or a VM? Self made box or official Netgate box?

    0
    F
     1 Reply
  • F

    @moo82 It is a https://www.aliexpress.com/item/Eglobal-Fanless-Mini-PC-J1900-Quad-Core-4-Intel-WG82583-Gigabit-Lan-Firewall-Multi-function-Router/32714820537.html

    It uses a single NIC with four ports. VLANs are used only on LAN, not WANs. But LAN also stops responding, even for pinging the box itself.

    I'll check if something appears in dmesg when this happens.

    0
    M
     1 Reply
  • M

    @felipemalmeida I wouldn't be very surprised if the Intel parts in that computer are less than genuine. Have you tried disabling hardware offloading in Advanced -> Networking to see if this remedies this issue? By default checksum offloading appears to be enabled, while LRO and TSO are disabled. Try disabling all three.

    https://docs.netgate.com/pfsense/en/latest/config/advanced-setup.html

    In any event, the J1900 CPU doesn't appear to support AES-NI, so you need to look into a replacement router or CPU upgrade before upgrading to pfsense 2.5. It will possibly be released at some point this year? ✌

    0
  • Rebel Alliance Moderator

    @moo82 said in During transition of default gateway, pfsense is irresponsive for various seconds:

    In any event, the J1900 CPU doesn't appear to support AES-NI, so you need to look into a replacement router or CPU upgrade before upgrading to pfsense 2.5. It will possibly be released at some point this year?

    That requirement has already been discussed and lifted for 2.5 as it will most likely not getting the REST API. But again, it wouldn't hurt to upgrade before stepping up to 2.5 either ;)

    0
    K
     1 Reply
  • K

    This post is deleted!
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy