One interface loses internet access and I could get it back only after reboot the pfsense

ady2

Hi,
I have a weird issue, one of my interfaces is loses internet access time to time (some time once in a week, sometimes twice a day) and the only way to restore the internet is to reboot the pfsense (after reboot everything is working fine for some time). Need to mention that majority of devices on this interface are forced through firewall rules to use a VPN gateway (Private internet access).
What I did:

The firewall logs doesn't show any blocked addresses;
Tried to restart the DNS Resolver - nothing changed;
run ping yahoo.com from my laptop - request timeout;
run ping 209.222.18.222 (Open DNS ip) - OK , ping was fine)
run ping yahoo.com from pfsense - 100% lost;
run DNS Lookup for yahoo.com - getting a list of ip addresses, but ping returns timeout;
switched to the interface that is going out through WAN, - internet is OK;
8( the dashboard is displaying the VPN client used for gateway as online and latency small < 50ms.

How to debug such issue?
What to verify to figure out what is the root of this issue? Is the VPN or DNS?
It's quite annoying when all other family members are complaining the internet is down again.

Any help is welcome and appreciated.
Thanks

note:
pfsense is running on separate T20 machine, 2.4.4.3 version (but the issue was reproducible on previous versions too)

rbuckland

Sorry I don't have any suggestions for you - I have a very similar looking issue
https://forum.netgate.com/topic/143715/upgraded-from-2-4-3-to-2-4-4p2-now-p3-sporadic-loss-of-network-wan

mokey_fraggle

The next time it happens, can you screencap what mtr shows going to the impacted IP addresses. It will at least show what route the packets are taking. Where does the tunnel teminate? a provider? have you tried setting a static /32 route to push that traffic through the VPN tunnel?

Regards,
--Mokey

ady2

@mokey_fraggle
It happened again and it looks like all my interfaces have loose the internet connection.

here are the results for ping yahoo.com from LAN
Screen Shot 2019-07-09 at 6.46.28 PM.png

and here is the results for ping yahoo.com from WAN
Screen Shot 2019-07-09 at 6.46.46 PM.png

Running ping yahoo.com from my mac:
Screen Shot 2019-07-09 at 7.25.17 PM.png

Looks like DNS resolver is working as DNS Lookup was given results for yahoo.com

Restarted the DNS Resolver without any change.

Finally reset all states and internet is back.

In mean time (previous week) I modified my settings trying to eliminate other possible dependences. I added a new Intel network card with 2 ports to addition to existing Intel 4 port card.
Stopped all other services like pfBlockerNG, snort, paused firewall rules to direct clients through VPN.
Now I have minimum services running:
Screen Shot 2019-07-09 at 7.32.57 PM.png

Any suggestion will be very appreciated

Thanks

netblues

@ady2 It is clear its not a dns issue.
And since pf can ping, certainly not a connectivity issue too.
We do need a traceroute (or mtr) to see where the packets are going.
So clearing states solves the issue.
I suspect that clearing states forces vpn to reestablish.
Try restarting the vpn next time, it will confirm it.
Look at vpn logs when it happens

ady2

@netblues
In this specific case only my laptop has a firewall rule to go through VPN client on one of the interfaces, everything else and all other interfaces use the WAN gateway.
But now I have stopped all VPN clients and paused the firewall VPN rule for my laptop, now only the VPN server is on to allow me to connect remotely.

Do you mean to run Diagnostics/Traceroute on specific interface for a yahoo.com, right?

netblues

I mean try a traceroute from a pc/laptop etch and not from pf..

ady2

@netblues
Thanks a lot for your help
Will try traceroute next time.

ady2

Today it happened again and affected at least 2 interfaces. I was on one of it but on my work vpn and have internet till disconnected from work vpn.
The trace-route from my mac show that it reach the pfsense and nothing else. Please see the trace-route screenshot: Screen Shot 2019-07-19 at 9.48.24 AM.png
ping was timeout.
Verified OpenVPN and found that my clients are on, so disabled them one by one and suddenly the internet was back.
Based on this I'm thinking that my issue is related with one or all vpn client(s).
Going to keep them off and see if the internet will not disappear for a week or two, to confirm that.

Interesting why internet is blocked even on interfaces that never had VPN gateway assigned or any firewall rules for vpn. I have created a brand new interface for kids devices and today's internet outage affected that too.

One of the reason to switch to pfsense was to keep majority of devices connected to internet through vpn and that is giving me troubles now. It could be that my settings have a wrong setup, but then why everything is working fine till broke the whole home internet (only the WAN interface has internet when it happens).

ady2

Again same issue this evening (no internet on all interfaces.
Same symptoms, no trace-route after pfsense, ping timeout.
At this time no vpn clients on, only openVPN seerver was on.
Restarting the DNSResolver and internet is back. What the ... ?

kiokoman

do you have any package installed? like suricata / snort? do you have anything in dmesg ?

ady2

@kiokoman
I have next services active:
Screen Shot 2019-07-20 at 10.59.42 PM.png

I have run "dmesg" on pfsense console, but don't know what to look for (I could see that lines a repeating 4 times) dmseg_07_21.txt.
Any help Welcome

kiokoman

do the dmesg when the problem present itself

Asamat

Can you

check Status/Gateways menu
run 'ifconfig -a'
run 'netstat -rn'
run Packet Capture on WAN with promiscuous mode enabled (Diagnostics/Packet Capture) to check if there is any in/out traffic
when it happens again?

ady2

After 29 days of working without any issue my problem was back, no internet on a few interfaces that I have checked (same symptoms, no internet, ping timeout from interface as source). It was late night and needed internet to finish something so just restarted the pfsense and everything was back and working. Sorry, didn't have time to troubleshoot. Will hope that next time will have more to report.
Thanks to everybody for their help @Asamat, @kiokoman, @netblues, @mokey_fraggle

p.s. No vpn clients active on any interface, only vpn server was on. Nothing was changed during that time except the BandwithD packet was added to monitor the internet stats on ~ 08/18 and the problem occurred on 08/26.

Raul Ramos

@ady2 I have to renew the interface manually after WAN interface (DHCP mode) lose connection, just power cycle the ONT and interface tourn red and 100% packet loss.

ady2

Happened today again (no internet on all interfaces). ping timeout, traceroute only till pfsense ip address. Verified and I have no vpn clients active, only the vpn server so I restarted it and my internet is back.
How that is possible that vpn server is blocking internet access on all interfaces?

Gertjan

The VPN server is just listening on a port like 1194 on an interface like WAN.
If there are no incoming connections, then it 's doing close to nothing.

Mine is listing on WAN for month now, never had any issues.
You have quit a few interfaces : swap the WAN with some other NIC, and see if the problems moves.

kiokoman

sorry i didn't see the link to your dmesg
there.. apart from UP and DOWN
nothing useful

my bet.. or your network card go overload/overheat for some reason and stop working or driver are not working well anymore, especially if the network card is some chinese clone. they suddenly stop working reliable and this can happen. maybe it's time to change it.

if I were you I would reset / format pfsense after making a configuration backup. restore everything and see if the problem persist.
if it persist i would change the network card

ady2

@kiokoman said in One interface loses internet access and I could get it back only after reboot the pfsense:

sorry i didn't see the link to your dmesg
there.. apart from UP and DOWN
nothing useful

my bet.. or your network card go overload/overheat for some reason and stop working or driver are not working well anymore, especially if the network card is some chinese clone. they suddenly stop working reliable and this can happen. maybe it's time to change it.

if I were you I would reset / format pfsense after making a configuration backup. restore everything and see if the problem persist.
if it persist i would change the network card

@kiokoman
I was thinking that it could be the nic card that is causing those issues, so I have for some time (around 3-4 months) a second NIC card with 2 ports in addition to 4 port Chinese clone (bought as new for ~ $45 on ebay). When Installed the second nic with 2 ports, I switch a few interfaces to that card to check if there was the 4 ports card fault, and found same issue again and again. It will be quite strange that both NIC cards are overloaded at the same time or they both stop working at the same time. Could try to switch the WAN port to one of the nic cards port (my WAN is using my motherboard network port now) to check if this will block the WAN connection completely as it's happening now with my LAN interfaces.

BTW, my pfsense was dead with the "PHP Startup: Unable to load Dynamic Library." problem after 2 days I have upgraded to 2.4.4p3 version. So I have to install everything and restore from backup and even after that the problem still happens time to time, same as before that.

Is there any way to check if the NIC is the root cause ?

kiokoman

does it work if you force the network card of your laptop to use dnsfrom google for example? like 8.8.8.8 ?

ady2

@kiokoman said in One interface loses internet access and I could get it back only after reboot the pfsense:

does it work if you force the network card of your laptop to use dnsfrom google for example? like 8.8.8.8 ?

I have a firewall rule that is blocking all dns requests to other sources except pfsense, will pause that rule and try next time and report back

pollard5

I have a similar kind of issue. Once you find the solution let me know by posting here.

ady2

Today happened again (no internet on all interfaces with Wi-Fi - verified on all), but at the same time my daughter was watching Netflix on a TV and it was working till she turn off the TV (I have connected to the same subnet with my mac and no internet for me (ping was timeout and web was not open any sites). Traceroute was to pfsense ip and nothing else.

ady2

@Asamat
Status on Gateways is online. Also I was trying to use ping from WAN and was always succeed, but not working from any other interface.

I run all the commands from pfsense shell:
Shell Output - ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:15:17:19:b8:44
hwaddr 00:15:17:19:b8:44
inet6 fe80::215:17ff:fe19:b844%em0 prefixlen 64 scopeid 0x1
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:15:17:19:b8:45
hwaddr 00:15:17:19:b8:45
inet6 fe80::215:17ff:fe19:b845%em1 prefixlen 64 scopeid 0x2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether XX:XX:XX:XX:XX:XX
hwaddr XX:XX:XX:XX:XX:XX
inet6 fe80::6600:6aff:fe61:1b16%em2 prefixlen 64 scopeid 0x3
inet XX.XXX.XXX.XX netmask 0xfffffe00 broadcast 255.255.255.255
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6500bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:04
hwaddr a0:36:9f:85:04:04
inet6 fe80::a236:9fff:fe85:404%igb0 prefixlen 64 scopeid 0x4
inet 10.0.99.1 netmask 0xffffff00 broadcast 10.0.99.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:05
hwaddr a0:36:9f:85:04:05
inet6 fe80::a236:9fff:fe85:405%igb1 prefixlen 64 scopeid 0x5
inet 172.31.255.1 netmask 0xffffff00 broadcast 172.31.255.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:06
hwaddr a0:36:9f:85:04:06
inet6 fe80::a236:9fff:fe85:406%igb2 prefixlen 64 scopeid 0x6
inet 10.10.50.1 netmask 0xffffff00 broadcast 10.10.50.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6500bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:07
hwaddr a0:36:9f:85:04:07
inet6 fe80::a236:9fff:fe85:407%igb3 prefixlen 64 scopeid 0x7
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
enc0: flags=0<> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 224.0.0.240 maxupd: 128 defer: on
syncok: 1
igb3.53: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:07
inet6 fe80::a236:9fff:fe85:407%igb3.53 prefixlen 64 scopeid 0xc
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 53 vlanpcp: 7 parent interface: igb3
groups: vlan
igb3.55: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:07
inet6 fe80::a236:9fff:fe85:407%igb3.55 prefixlen 64 scopeid 0xd
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 55 vlanpcp: 7 parent interface: igb3
groups: vlan
igb3.56: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:07
inet6 fe80::a236:9fff:fe85:407%igb3.56 prefixlen 64 scopeid 0xe
inet 10.10.56.1 netmask 0xffffff00 broadcast 10.10.56.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 56 vlanpcp: 5 parent interface: igb3
groups: vlan
igb3.57: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:07
inet6 fe80::a236:9fff:fe85:407%igb3.57 prefixlen 64 scopeid 0xf
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 57 vlanpcp: 6 parent interface: igb3
groups: vlan
igb0.11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:04
inet6 fe80::a236:9fff:fe85:404%igb0.11 prefixlen 64 scopeid 0x10
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 11 vlanpcp: 0 parent interface: igb0
groups: vlan
igb0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:04
inet6 fe80::a236:9fff:fe85:404%igb0.10 prefixlen 64 scopeid 0x11
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 10 vlanpcp: 1 parent interface: igb0
groups: vlan
em1.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:15:17:19:b8:45
inet6 fe80::215:17ff:fe19:b845%em1.10 prefixlen 64 scopeid 0x12
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 10 vlanpcp: 2 parent interface: em1
groups: vlan
em1.11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:15:17:19:b8:45
inet6 fe80::215:17ff:fe19:b845%em1.11 prefixlen 64 scopeid 0x13
inet 10.10.11.1 netmask 0xffffff00 broadcast 10.10.11.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 11 vlanpcp: 1 parent interface: em1
groups: vlan
em0.53: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:15:17:19:b8:44
inet6 fe80::215:17ff:fe19:b844%em0.53 prefixlen 64 scopeid 0x14
inet 10.10.53.1 netmask 0xffffff00 broadcast 10.10.53.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 53 vlanpcp: 3 parent interface: em0
groups: vlan
igb3.51: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:85:04:07
inet6 fe80::a236:9fff:fe85:407%igb3.51 prefixlen 64 scopeid 0x15
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 51 vlanpcp: 4 parent interface: igb3
groups: vlan
em0.51: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:15:17:19:b8:44
inet6 fe80::215:17ff:fe19:b844%em0.51 prefixlen 64 scopeid 0x16
inet 10.10.51.1 netmask 0xffffff00 broadcast 10.10.51.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 51 vlanpcp: 4 parent interface: em0
groups: vlan
ovpns5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::215:17ff:fe19:b844%ovpns5 prefixlen 64 scopeid 0x17
inet 192.168.200.1 --> 192.168.200.2 netmask 0xffffff00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn
Opened by PID 34800

ady2

@Asamat
Shell Output - netstat -rn
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 192.168.200.1 UGS lo0
10.0.99.0/24 link#4 U igb0
10.0.99.1 link#4 UHS lo0
10.10.10.0/24 link#18 U em1.10
10.10.10.1 link#18 UHS lo0
10.10.11.0/24 link#19 U em1.11
10.10.11.1 link#19 UHS lo0
10.10.50.0/24 link#6 U igb2
10.10.50.1 link#6 UHS lo0
10.10.51.0/24 link#22 U em0.51
10.10.51.1 link#22 UHS lo0
10.10.53.0/24 link#20 U em0.53
10.10.53.1 link#20 UHS lo0
10.10.56.0/24 link#14 U igb3.56
10.10.56.1 link#14 UHS lo0
XX.XXX.XX.XX/23 link#3 U em2
XX.XXX.XX.XX link#3 UHS lo0
127.0.0.1 link#9 UH lo0
172.31.255.0/24 link#5 U igb1
172.31.255.1 link#5 UHS lo0
192.168.200.0/24 192.168.200.2 UGS ovpns5
192.168.200.1 link#23 UHS lo0
192.168.200.2 link#23 UH ovpns5

Internet6:
Destination Gateway Flags Netif Expire
default fe80::201:5cff:fe6e:a646%em2 UG em2
::1 link#9 UH lo0
fe80::%em0/64 link#1 U em0
fe80::215:17ff:fe19:b844%em0 link#1 UHS lo0
fe80::%em1/64 link#2 U em1
fe80::215:17ff:fe19:b845%em1 link#2 UHS lo0
fe80::%em2/64 link#3 U em2
fe80::6600:6aff:fe61:1b16%em2 link#3 UHS lo0
fe80::%igb0/64 link#4 U igb0
fe80::a236:9fff:fe85:404%igb0 link#4 UHS lo0
fe80::%igb1/64 link#5 U igb1
fe80::a236:9fff:fe85:405%igb1 link#5 UHS lo0
fe80::%igb2/64 link#6 U igb2
fe80::a236:9fff:fe85:406%igb2 link#6 UHS lo0
fe80::%igb3/64 link#7 U igb3
fe80::a236:9fff:fe85:407%igb3 link#7 UHS lo0
fe80::%lo0/64 link#9 U lo0
fe80::1%lo0 link#9 UHS lo0
fe80::%igb3.53/64 link#12 U igb3.53
fe80::a236:9fff:fe85:407%igb3.53 link#12 UHS lo0
fe80::%igb3.55/64 link#13 U igb3.55
fe80::a236:9fff:fe85:407%igb3.55 link#13 UHS lo0
fe80::%igb3.56/64 link#14 U igb3.56
fe80::a236:9fff:fe85:407%igb3.56 link#14 UHS lo0
fe80::%igb3.57/64 link#15 U igb3.57
fe80::a236:9fff:fe85:407%igb3.57 link#15 UHS lo0
fe80::%igb0.11/64 link#16 U igb0.11
fe80::a236:9fff:fe85:404%igb0.11 link#16 UHS lo0
fe80::%igb0.10/64 link#17 U igb0.10
fe80::a236:9fff:fe85:404%igb0.10 link#17 UHS lo0
fe80::%em1.10/64 link#18 U em1.10
fe80::215:17ff:fe19:b845%em1.10 link#18 UHS lo0
fe80::%em1.11/64 link#19 U em1.11
fe80::215:17ff:fe19:b845%em1.11 link#19 UHS lo0
fe80::%em0.53/64 link#20 U em0.53
fe80::215:17ff:fe19:b844%em0.53 link#20 UHS lo0
fe80::%igb3.51/64 link#21 U igb3.51
fe80::a236:9fff:fe85:407%igb3.51 link#21 UHS lo0
fe80::%em0.51/64 link#22 U em0.51
fe80::215:17ff:fe19:b844%em0.51 link#22 UHS lo0
fe80::215:17ff:fe19:b844%ovpns5 link#23 UHS lo0

ady2

@Asamat
I did 3 packet capture each 100 lines:

18:51:53.203733 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35397, length 8
18:51:53.221962 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35397, length 8
18:51:53.495342 IP XX.XXX.XX79.60309 > 205.251.196.138.53: UDP, length 47
18:51:53.534174 IP 205.251.196.138.53 > XX.XXX.XX79.60309: UDP, length 217
18:51:53.534464 IP XX.XXX.XX79.11868 > 198.51.45.6.53: UDP, length 51
18:51:53.554183 IP 198.51.45.6.53 > XX.XXX.XX79.11868: UDP, length 67
18:51:53.735930 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35398, length 8
18:51:53.753195 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35398, length 8
18:51:54.268183 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35399, length 8
18:51:54.276526 IP 184.105.148.116.443 > XX.XXX.XX79.4162: tcp 34
18:51:54.276997 IP XX.XXX.XX79.4162 > 184.105.148.116.443: tcp 0
18:51:54.278425 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35399, length 8
18:51:54.505014 IP XX.XXX.XX79.57442 > 176.32.99.148.443: tcp 241
18:51:54.584660 IP 176.32.99.148.443 > XX.XXX.XX79.57442: tcp 92
18:51:54.585121 IP XX.XXX.XX79.57442 > 176.32.99.148.443: tcp 0
18:51:54.800442 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35400, length 8
18:51:54.811661 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35400, length 8
18:51:54.991784 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
18:51:55.332697 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35401, length 8
18:51:55.342068 IP XX.XXX.XX79.16769 > 52.53.96.55.10060: UDP, length 110
18:51:55.347894 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35401, length 8
18:51:55.367028 IP 52.53.96.55.10060 > XX.XXX.XX79.16769: UDP, length 426
18:51:55.455347 IP XX.XXX.XX79.57415 > 129.192.166.10.4500: UDP, length 1
18:51:55.864954 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35402, length 8
18:51:55.874125 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35402, length 8
18:51:56.387522 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35403, length 8
18:51:56.397357 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35403, length 8
18:51:56.463241 IP XX.XXX.XX79.32734 > 54.175.219.166.9998: tcp 69
18:51:56.542522 IP 54.175.219.166.9998 > XX.XXX.XX79.32734: tcp 0
18:51:56.543499 IP 72.9.149.69.5010 > XX.XXX.XX79.1242: UDP, length 293
18:51:56.544635 IP XX.XXX.XX79.1242 > 72.9.149.69.5010: UDP, length 291
18:51:56.574930 IP XX.XXX.XX79.35177 > 52.9.146.37.53: UDP, length 59
18:51:56.575188 IP XX.XXX.XX79.16157 > 204.74.108.1.53: UDP, length 46
18:51:56.597519 IP 52.9.146.37.53 > XX.XXX.XX79.35177: UDP, length 64
18:51:56.598521 IP 204.74.108.1.53 > XX.XXX.XX79.16157: UDP, length 211
18:51:56.598913 IP XX.XXX.XX79.14210 > 208.78.70.31.53: UDP, length 46
18:51:56.617530 IP 208.78.70.31.53 > XX.XXX.XX79.14210: UDP, length 107
18:51:56.617736 IP XX.XXX.XX79.19768 > 204.13.250.31.53: UDP, length 46
18:51:56.636537 IP 204.13.250.31.53 > XX.XXX.XX79.19768: UDP, length 107
18:51:56.917785 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35404, length 8
18:51:56.926614 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35404, length 8
18:51:56.936614 IP 54.175.219.166.9998 > XX.XXX.XX79.32734: tcp 69
18:51:57.052837 IP XX.XXX.XX79.32734 > 54.175.219.166.9998: tcp 0
18:51:57.419040 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35405, length 8
18:51:57.427808 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35405, length 8
18:51:57.534927 IP 52.94.233.109.443 > XX.XXX.XX79.58853: tcp 46
18:51:57.537301 IP XX.XXX.XX79.58853 > 52.94.233.109.443: tcp 46
18:51:57.614918 IP 52.94.233.109.443 > XX.XXX.XX79.58853: tcp 0
18:51:57.694329 IP XX.XXX.XX79.24934 > 205.251.198.70.53: UDP, length 68
18:51:57.694353 IP XX.XXX.XX79.36551 > 205.251.194.237.53: UDP, length 68
18:51:57.722004 IP 205.251.198.70.53 > XX.XXX.XX79.24934: UDP, length 333
18:51:57.725004 IP 205.251.194.237.53 > XX.XXX.XX79.36551: UDP, length 333
18:51:57.927595 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35406, length 8
18:51:57.937021 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35406, length 8
18:51:58.129830 IP XX.XXX.XX79.5917 > 67.148.47.222.53: UDP, length 54
18:51:58.152194 IP 67.148.47.222.53 > XX.XXX.XX79.5917: UDP, length 70
18:51:58.439437 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35407, length 8
18:51:58.449247 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35407, length 8
18:51:58.821435 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
18:51:58.941783 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35408, length 8
18:51:58.951469 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35408, length 8
18:51:59.457591 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35409, length 8
18:51:59.476703 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35409, length 8
18:51:59.619214 IP XX.XXX.XX79.14224 > 140.143.83.64.53: UDP, length 49
18:51:59.825930 IP 140.143.83.64.53 > XX.XXX.XX79.14224: UDP, length 65
18:51:59.989770 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35410, length 8
18:51:59.998928 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35410, length 8
18:52:00.495303 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35411, length 8
18:52:00.505151 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35411, length 8
18:52:01.023034 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35412, length 8
18:52:01.033387 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35412, length 8
18:52:01.535681 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35413, length 8
18:52:01.545613 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35413, length 8
18:52:01.951810 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
18:52:01.959690 IP XX.XXX.XX79.9142 > 205.251.196.19.53: UDP, length 52
18:52:01.999937 IP 205.251.196.19.53 > XX.XXX.XX79.9142: UDP, length 317
18:52:02.056532 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35414, length 8
18:52:02.066838 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35414, length 8
18:52:02.587765 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35415, length 8
18:52:02.598072 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35415, length 8
18:52:02.822782 IP XX.XXX.XX79.49983 > 95.101.36.128.53: UDP, length 62
18:52:02.866258 IP XX.XXX.XX79.14459 > 74.125.199.188.443: tcp 26
18:52:02.891277 IP 95.101.36.128.53 > XX.XXX.XX79.49983: UDP, length 103
18:52:02.891726 IP XX.XXX.XX79.61871 > 193.108.88.128.53: UDP, length 65
18:52:02.913293 IP 74.125.199.188.443 > XX.XXX.XX79.14459: tcp 0
18:52:02.924291 IP 193.108.88.128.53 > XX.XXX.XX79.61871: UDP, length 106
18:52:03.119018 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35416, length 8
18:52:03.130181 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35416, length 8
18:52:03.283471 IP 45.76.21.192.10300 > XX.XXX.XX79.42237: tcp 258
18:52:03.283739 IP XX.XXX.XX79.42237 > 45.76.21.192.10300: tcp 0
18:52:03.403252 IP XX.XXX.XX79.61224 > 205.251.193.129.53: UDP, length 40
18:52:03.423512 IP 205.251.193.129.53 > XX.XXX.XX79.61224: UDP, length 305
18:52:03.533535 IP 74.125.199.188.443 > XX.XXX.XX79.14459: tcp 26
18:52:03.534497 IP XX.XXX.XX79.14459 > 74.125.199.188.443: tcp 0
18:52:03.649814 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35417, length 8
18:52:03.659538 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35417, length 8
18:52:04.180777 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35418, length 8
18:52:04.189772 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35418, length 8
18:52:04.276907 IP 184.105.148.116.443 > XX.XXX.XX79.4162: tcp 34
18:52:04.277328 IP XX.XXX.XX79.4162 > 184.105.148.116.443: tcp 0

19:00:04.572337 IP 92.119.160.69.43263 > XX.XXX.XX79.43757: tcp 0
19:00:04.733281 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
19:00:04.819589 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36339, length 8
19:00:04.828275 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 36339, length 8
19:00:05.017969 IP XX.XXX.XX79.1242 > 72.9.149.69.5010: UDP, length 742
19:00:05.073460 IP 72.9.149.69.5010 > XX.XXX.XX79.1242: UDP, length 510
19:00:05.340025 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36340, length 8
19:00:05.350502 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 36340, length 8
19:00:05.548636 IP6 2001:558:4010:10::1 > ff02::1:ffed:da92: ICMP6, neighbor solicitation, who has 2001:558:4010:10:211:e6ff:feed:da92, length 32
19:00:05.570481 IP XX.XXX.XX79.28251 > 184.27.199.31.53: UDP, length 48
19:00:05.570799 IP XX.XXX.XX79.37913 > 95.100.168.193.53: UDP, length 44
19:00:05.571157 IP XX.XXX.XX79.8112 > 84.53.139.193.53: UDP, length 44
19:00:05.571432 IP XX.XXX.XX79.30605 > 2.22.230.193.53: UDP, length 44
19:00:05.571707 IP XX.XXX.XX79.31609 > 2.22.230.193.53: UDP, length 49
19:00:05.571958 IP XX.XXX.XX79.42491 > 95.101.36.192.53: UDP, length 46
19:00:05.572172 IP XX.XXX.XX79.22176 > 95.100.168.193.53: UDP, length 50
19:00:05.572413 IP XX.XXX.XX79.35440 > 23.211.133.193.53: UDP, length 51
19:00:05.572893 IP XX.XXX.XX79.57271 > 2.22.230.193.53: UDP, length 46
19:00:05.573108 IP XX.XXX.XX79.6230 > 184.85.248.193.53: UDP, length 50
19:00:05.573320 IP XX.XXX.XX79.17244 > 23.211.133.193.53: UDP, length 50
19:00:05.573536 IP XX.XXX.XX79.40388 > 23.211.133.193.53: UDP, length 50
19:00:05.583681 IP 184.27.199.31.53 > XX.XXX.XX79.28251: UDP, length 80
19:00:05.594710 IP 184.85.248.193.53 > XX.XXX.XX79.6230: UDP, length 66
19:00:05.594928 IP XX.XXX.XX79.48933 > 95.101.36.192.53: UDP, length 50
19:00:05.614698 IP 84.53.139.193.53 > XX.XXX.XX79.8112: UDP, length 60
19:00:05.614881 IP 23.211.133.193.53 > XX.XXX.XX79.35440: UDP, length 67
19:00:05.615009 IP 23.211.133.193.53 > XX.XXX.XX79.17244: UDP, length 66
19:00:05.615015 IP 23.211.133.193.53 > XX.XXX.XX79.40388: UDP, length 66
19:00:05.615083 IP XX.XXX.XX79.29794 > 95.100.168.193.53: UDP, length 44
19:00:05.615355 IP XX.XXX.XX79.33558 > 184.85.248.193.53: UDP, length 51
19:00:05.615620 IP XX.XXX.XX79.11105 > 84.53.139.193.53: UDP, length 51
19:00:05.615835 IP XX.XXX.XX79.17035 > 184.85.248.193.53: UDP, length 51
19:00:05.616075 IP XX.XXX.XX79.11869 > 95.100.168.193.53: UDP, length 51
19:00:05.616316 IP XX.XXX.XX79.34169 > 23.211.61.193.53: UDP, length 46
19:00:05.616591 IP XX.XXX.XX79.24846 > 95.101.36.192.53: UDP, length 51
19:00:05.616806 IP XX.XXX.XX79.19583 > 23.61.199.193.53: UDP, length 50
19:00:05.617014 IP XX.XXX.XX79.64648 > 84.53.139.193.53: UDP, length 50
19:00:05.630703 IP 95.100.168.193.53 > XX.XXX.XX79.37913: UDP, length 60
19:00:05.631324 IP XX.XXX.XX79.28551 > 23.211.133.192.53: UDP, length 44
19:00:05.631700 IP XX.XXX.XX79.38327 > 95.100.168.193.53: UDP, length 46
19:00:05.631937 IP XX.XXX.XX79.43729 > 23.61.199.193.53: UDP, length 46
19:00:05.635705 IP 95.100.168.193.53 > XX.XXX.XX79.22176: UDP, length 66
19:00:05.635917 IP XX.XXX.XX79.5647 > 95.100.168.193.53: UDP, length 50
19:00:05.640706 IP 184.85.248.193.53 > XX.XXX.XX79.33558: UDP, length 67
19:00:05.640867 IP 184.85.248.193.53 > XX.XXX.XX79.17035: UDP, length 67
19:00:05.640940 IP XX.XXX.XX79.41589 > 193.108.88.1.53: UDP, length 51
19:00:05.641159 IP XX.XXX.XX79.19201 > 184.26.160.193.53: UDP, length 51
19:00:05.641383 IP XX.XXX.XX79.40034 > 95.101.36.192.53: UDP, length 51
19:00:05.644707 IP 95.101.36.192.53 > XX.XXX.XX79.42491: UDP, length 62
19:00:05.644938 IP XX.XXX.XX79.27574 > 184.85.248.193.53: UDP, length 46
19:00:05.646709 IP 2.22.230.193.53 > XX.XXX.XX79.31609: UDP, length 65
19:00:05.646868 IP 2.22.230.193.53 > XX.XXX.XX79.57271: UDP, length 62
19:00:05.646944 IP XX.XXX.XX79.57663 > 193.108.88.1.53: UDP, length 49
19:00:05.647305 IP XX.XXX.XX79.38390 > 84.53.139.193.53: UDP, length 46
19:00:05.647527 IP XX.XXX.XX79.48780 > 23.74.25.192.53: UDP, length 46
19:00:05.647921 IP 2.22.230.193.53 > XX.XXX.XX79.30605: UDP, length 60
19:00:05.648172 IP XX.XXX.XX79.64533 > 23.211.133.192.53: UDP, length 44
19:00:05.660716 IP 84.53.139.193.53 > XX.XXX.XX79.64648: UDP, length 116
19:00:05.660876 IP 84.53.139.193.53 > XX.XXX.XX79.11105: UDP, length 67
19:00:05.661120 IP XX.XXX.XX79.48019 > 95.101.36.192.53: UDP, length 51
19:00:05.661941 IP 184.26.160.193.53 > XX.XXX.XX79.19201: UDP, length 67
19:00:05.662145 IP XX.XXX.XX79.43113 > 184.26.160.193.53: UDP, length 51
19:00:05.662967 IP 193.108.88.1.53 > XX.XXX.XX79.41589: UDP, length 117
19:00:05.663678 IP 95.101.36.192.53 > XX.XXX.XX79.48933: UDP, length 116
19:00:05.665691 IP 184.85.248.193.53 > XX.XXX.XX79.27574: UDP, length 112
19:00:05.666693 IP 193.108.88.1.53 > XX.XXX.XX79.57663: UDP, length 115
19:00:05.670693 IP 23.211.133.192.53 > XX.XXX.XX79.28551: UDP, length 121
19:00:05.670927 IP XX.XXX.XX79.25833 > 96.7.50.192.53: UDP, length 44
19:00:05.672695 IP 23.74.25.192.53 > XX.XXX.XX79.48780: UDP, length 62
19:00:05.672905 IP XX.XXX.XX79.33573 > 95.100.168.193.53: UDP, length 46
19:00:05.673922 IP 23.61.199.193.53 > XX.XXX.XX79.19583: UDP, length 116
19:00:05.674081 IP 23.211.61.193.53 > XX.XXX.XX79.34169: UDP, length 62
19:00:05.674428 IP XX.XXX.XX79.24837 > 23.61.199.193.53: UDP, length 46
19:00:05.675946 IP 95.100.168.193.53 > XX.XXX.XX79.29794: UDP, length 121
19:00:05.676188 IP XX.XXX.XX79.52731 > 95.101.36.192.53: UDP, length 44
19:00:05.681699 IP 95.100.168.193.53 > XX.XXX.XX79.11869: UDP, length 67
19:00:05.681928 IP XX.XXX.XX79.25433 > 193.108.88.1.53: UDP, length 51
19:00:05.684700 IP 23.61.199.193.53 > XX.XXX.XX79.43729: UDP, length 62
19:00:05.684932 IP XX.XXX.XX79.15417 > 84.53.139.193.53: UDP, length 46
19:00:05.690704 IP 84.53.139.193.53 > XX.XXX.XX79.38390: UDP, length 112
19:00:05.690864 IP 23.211.133.192.53 > XX.XXX.XX79.64533: UDP, length 121
19:00:05.690930 IP XX.XXX.XX79.11133 > 184.85.248.193.53: UDP, length 46
19:00:05.691015 IP 95.101.36.192.53 > XX.XXX.XX79.24846: UDP, length 117
19:00:05.692728 IP 95.100.168.193.53 > XX.XXX.XX79.38327: UDP, length 62
19:00:05.692950 IP XX.XXX.XX79.28705 > 84.53.139.193.53: UDP, length 46
19:00:05.696706 IP 184.26.160.193.53 > XX.XXX.XX79.43113: UDP, length 117
19:00:05.696891 IP 95.100.168.193.53 > XX.XXX.XX79.5647: UDP, length 116
19:00:05.701707 IP 193.108.88.1.53 > XX.XXX.XX79.25433: UDP, length 117
19:00:05.710737 IP 184.85.248.193.53 > XX.XXX.XX79.11133: UDP, length 112
19:00:05.710922 IP 95.101.36.192.53 > XX.XXX.XX79.40034: UDP, length 117
19:00:05.725743 IP 84.53.139.193.53 > XX.XXX.XX79.15417: UDP, length 112
19:00:05.733717 IP 23.61.199.193.53 > XX.XXX.XX79.24837: UDP, length 112
19:00:05.733943 IP XX.XXX.XX79.57204 > 23.211.133.193.53: UDP, length 46
19:00:05.735723 IP 84.53.139.193.53 > XX.XXX.XX79.28705: UDP, length 112
19:00:05.741725 IP 95.100.168.193.53 > XX.XXX.XX79.33573: UDP, length 112
19:00:05.746726 IP 95.101.36.192.53 > XX.XXX.XX79.48019: UDP, length 117
19:00:05.750728 IP 95.101.36.192.53 > XX.XXX.XX79.52731: UDP, length 121
19:00:05.760782 IP 96.7.50.192.53 > XX.XXX.XX79.25833: UDP, length 121
19:00:05.772762 IP 23.211.133.193.53 > XX.XXX.XX79.57204: UDP, length 112
19:00:05.849230 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36341, length 8

19:03:13.035722 IP XX.XXX.XX79.30381 > 99.84.224.62.443: tcp 0
19:03:13.036663 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 650
19:03:13.036992 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
19:03:13.037315 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
19:03:13.037641 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
19:03:13.037965 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
19:03:13.038353 IP XX.XXX.XX79.26164 > 99.84.224.62.443: tcp 0
19:03:13.038765 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
19:03:13.039091 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
19:03:13.039105 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 240
19:03:13.039398 IP XX.XXX.XX79.26164 > 99.84.224.62.443: tcp 0
19:03:13.039890 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
19:03:13.040217 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
19:03:13.040938 IP XX.XXX.XX79.26164 > 99.84.224.62.443: tcp 0
19:03:13.040947 IP XX.XXX.XX79.21364 > 99.84.224.62.443: tcp 0
19:03:13.041198 IP XX.XXX.XX79.21364 > 99.84.224.62.443: tcp 0
19:03:13.041943 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
19:03:13.042266 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
19:03:13.042664 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 650
19:03:13.042815 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 651
19:03:13.042831 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 650
19:03:13.043017 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.043146 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.043161 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1448
19:03:13.043343 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1448
19:03:13.043358 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 650
19:03:13.043544 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.043560 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.043574 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
19:03:13.043869 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
19:03:13.043884 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1448
19:03:13.044194 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1448
19:03:13.044209 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.044518 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.044534 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.044548 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.044562 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 401
19:03:13.044820 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1448
19:03:13.044835 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1324
19:03:13.044849 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
19:03:13.044973 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
19:03:13.045117 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1448
19:03:13.045132 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1421
19:03:13.045146 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 650
19:03:13.045160 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
19:03:13.045280 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
19:03:13.045468 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.045483 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.045718 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
19:03:13.045734 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
19:03:13.045748 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
19:03:13.046044 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
19:03:13.046394 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.046741 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.047120 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
19:03:13.047135 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 434
19:03:13.047263 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 337
19:03:13.047669 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.047996 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.048219 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
19:03:13.048234 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 891
19:03:13.048543 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
19:03:13.048559 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
19:03:13.048592 IP XX.XXX.XX79.43669 > 99.84.224.62.443: tcp 0
19:03:13.048597 IP XX.XXX.XX79.43907 > 99.84.224.62.443: tcp 0
19:03:13.048610 IP XX.XXX.XX79.62339 > 99.84.224.62.443: tcp 0
19:03:13.048622 IP XX.XXX.XX79.57695 > 99.84.224.21.443: tcp 0
19:03:13.048673 IP XX.XXX.XX79.21364 > 99.84.224.62.443: tcp 0
19:03:13.048869 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.048874 IP XX.XXX.XX79.16642 > 99.84.224.62.443: tcp 0
19:03:13.048879 IP XX.XXX.XX79.62339 > 99.84.224.62.443: tcp 0
19:03:13.048889 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.048897 IP XX.XXX.XX79.43907 > 99.84.224.62.443: tcp 0
19:03:13.048998 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 682
19:03:13.049293 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.049424 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.049620 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
19:03:13.049769 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
19:03:13.049943 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.049958 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.050295 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
19:03:13.050466 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 87
19:03:13.051045 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1433
19:03:13.051620 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
19:03:13.051635 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 381
19:03:13.052746 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
19:03:13.053070 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
19:03:13.053396 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
19:03:13.053721 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
19:03:13.054045 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
19:03:13.054060 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
19:03:13.054397 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
19:03:13.054412 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
19:03:13.055747 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
19:03:13.056072 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1405
19:03:13.056220 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 687
19:03:13.090026 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36702, length 8
19:03:13.091131 IP XX.XXX.XX79.57695 > 99.84.224.21.443: tcp 0
19:03:13.091135 IP XX.XXX.XX79.43669 > 99.84.224.62.443: tcp 0
19:03:13.091137 IP XX.XXX.XX79.16642 > 99.84.224.62.443: tcp 0

ady2

To get internet back I just restarted the VPN Server and internet was back.
The suggestion that NIC card (in my case 2 nic cards) get overloaded somehow, but then why when restart the VPN server the internet is back?
I could not understand how the VPN server restart is related with all interfaces access to internet.
This is second or third time when restarting the VPN server is restoring internet access on all interfaces

ady2

Today is getting crazy. Second time the internet stopped.
I was trying to check (try youtube, ping yahoo, etc,) but also tried to connect from my phone (on LTE internet) through vpn, and it connected successfully so I could check my surveillance cameras, that means that pfsense doesn't loose internet connection, but the main point here is that right after that my internet was back on my laptop and desktop.
So looks like my OpenVpn server is the cause, any suggestions based on the provided info?

Thanks

ady2

@kiokoman said in One interface loses internet access and I could get it back only after reboot the pfsense:

does it work if you force the network card of your laptop to use dnsfrom google for example? like 8.8.8.8 ?

Tried using DNS 8.8.8.8 on my mac last time it happened and no luck.

stephenw10

@ady2 said in One interface loses internet access and I could get it back only after reboot the pfsense:

default 192.168.200.1 UGS lo0

That looks wrong. I'd say you are losing your correct default route. What do you have the default gateway set to? If it's set to automatic set it to a fixed gateway instead.

Steve

ady2

@stephenw10 said in One interface loses internet access and I could get it back only after reboot the pfsense:

@ady2 said in One interface loses internet access and I could get it back only after reboot the pfsense:

default 192.168.200.1 UGS lo0

That looks wrong. I'd say you are losing your correct default route. What do you have the default gateway set to? If it's set to automatic set it to a fixed gateway instead.

Steve

Thanks for looking.
Do you mean this:
in the System/ Routing/ Gateways >> Default gateway tab
Screen Shot 2019-09-26 at 6.26.54 PM.png
and set Default gateway IPv4 to WAN_DHCP?

ady2

@stephenw10

I have rerun the "netstat -rn" command when internet was working (from pfsense Diagnostics/Command Prompt/Execute Shell Command) and the default Gateway was from my WAN subnet ip address.
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 67.XXX.XXX.1 UGS em2
10.0.99.0/24 link#4 U igb0

And then internet stopped working again and I have rerun "netstat -rn" :
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 192.168.200.1 UGS lo0
10.0.99.0/24 link#4

Also found that my default gateway was my OpenVPN
Screen Shot 2019-09-26 at 11.17.04 PM.png

What I did, I have setup Default gateway IPv4 to WAN_DHCP and clicked save button, so now it looks like:
Screen Shot 2019-09-26 at 11.27.33 PM.png
The internet was back.
and

No idea if this is a temporary solution till next blackout or this should fix it permanently ?

ady2

Also verified that all my firewall rules for all interfaces have the gateway set to default. Do I need to set the gateway to WAN for each rule ?

Gertjan

Noop.

'default" means the default gateway will be used.

stephenw10

Exactly. When you have the default gateway set to automatic it will change to a different gateway when the previous default goes down. That works fine if you have, say, two public WAN connections but here you have gateways for OpenVPNs, it selects on and it's invalid as the WAN is down.
Set the default v4 gateway to be the WAN gateway. That will probably resolve it.

Steve

ady2

@stephenw10
Thanks a lot Steve for pointing to the right direction.
Hope this fix will resolve my issue and will let me enjoy my pfsense firewall.

bjohe

@ady2
Your problem seem to be very similar to mine in how the Internet access drops intermittently. However I do not have a VPN gateway setup.
I've been reviwing the Netgate documentation and following the troubleshooting. Installed a "clean" simple installation and I still get these dropouts.

Since your last post was a while ago then I assume this solved the issue you were having?

ady2

@bjohe

Yes, since I have setup my WAN as default gateway I didn't have any internet dropout.
In your case did you consider a hardware failure? Trying to debug my issue I have bought another (actually 2 other relatively cheap used LAN cards from ebay) and added to my setup trying to exclude the lan card failure, but in my case it was not the card.

One interface loses internet access and I could get it back only after reboot the pfsense

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter