1. Home
  2. pfSense® Software
  3. Installation and Upgrades
  4. One interface loses internet access and I could get it back only after reboot the pfsense

One interface loses internet access and I could get it back only after reboot the pfsense

  • A

    Hi,
    I have a weird issue, one of my interfaces is loses internet access time to time (some time once in a week, sometimes twice a day) and the only way to restore the internet is to reboot the pfsense (after reboot everything is working fine for some time). Need to mention that majority of devices on this interface are forced through firewall rules to use a VPN gateway (Private internet access).
    What I did:

    1. The firewall logs doesn't show any blocked addresses;
    2. Tried to restart the DNS Resolver - nothing changed;
    3. run ping yahoo.com from my laptop - request timeout;
    4. run ping 209.222.18.222 (Open DNS ip) - OK , ping was fine)
    5. run ping yahoo.com from pfsense - 100% lost;
    6. run DNS Lookup for yahoo.com - getting a list of ip addresses, but ping returns timeout;
    7. switched to the interface that is going out through WAN, - internet is OK;
      8( the dashboard is displaying the VPN client used for gateway as online and latency small < 50ms.

    How to debug such issue?
    What to verify to figure out what is the root of this issue? Is the VPN or DNS?
    It's quite annoying when all other family members are complaining the internet is down again.

    Any help is welcome and appreciated.
    Thanks

    note:
    pfsense is running on separate T20 machine, 2.4.4.3 version (but the issue was reproducible on previous versions too)

    0
  • R

    Sorry I don't have any suggestions for you - I have a very similar looking issue
    https://forum.netgate.com/topic/143715/upgraded-from-2-4-3-to-2-4-4p2-now-p3-sporadic-loss-of-network-wan

    0
  • M

    The next time it happens, can you screencap what mtr shows going to the impacted IP addresses. It will at least show what route the packets are taking. Where does the tunnel teminate? a provider? have you tried setting a static /32 route to push that traffic through the VPN tunnel?

    Regards,
    --Mokey

    0 A 1 Reply
  • A

    @mokey_fraggle
    It happened again and it looks like all my interfaces have loose the internet connection.

    here are the results for ping yahoo.com from LAN
    Screen Shot 2019-07-09 at 6.46.28 PM.png

    and here is the results for ping yahoo.com from WAN
    Screen Shot 2019-07-09 at 6.46.46 PM.png

    Running ping yahoo.com from my mac:
    Screen Shot 2019-07-09 at 7.25.17 PM.png

    Looks like DNS resolver is working as DNS Lookup was given results for yahoo.com

    Restarted the DNS Resolver without any change.

    Finally reset all states and internet is back.

    In mean time (previous week) I modified my settings trying to eliminate other possible dependences. I added a new Intel network card with 2 ports to addition to existing Intel 4 port card.
    Stopped all other services like pfBlockerNG, snort, paused firewall rules to direct clients through VPN.
    Now I have minimum services running:
    Screen Shot 2019-07-09 at 7.32.57 PM.png

    Any suggestion will be very appreciated

    Thanks

    0 N 1 Reply
  • N

    @ady2 It is clear its not a dns issue.
    And since pf can ping, certainly not a connectivity issue too.
    We do need a traceroute (or mtr) to see where the packets are going.
    So clearing states solves the issue.
    I suspect that clearing states forces vpn to reestablish.
    Try restarting the vpn next time, it will confirm it.
    Look at vpn logs when it happens

    0 A 1 Reply
  • A

    @netblues
    In this specific case only my laptop has a firewall rule to go through VPN client on one of the interfaces, everything else and all other interfaces use the WAN gateway.
    But now I have stopped all VPN clients and paused the firewall VPN rule for my laptop, now only the VPN server is on to allow me to connect remotely.

    Do you mean to run Diagnostics/Traceroute on specific interface for a yahoo.com, right?

    0
  • N

    I mean try a traceroute from a pc/laptop etch and not from pf..

    0 A 1 Reply
  • A

    @netblues
    Thanks a lot for your help
    Will try traceroute next time.

    0
  • A

    Today it happened again and affected at least 2 interfaces. I was on one of it but on my work vpn and have internet till disconnected from work vpn.
    The trace-route from my mac show that it reach the pfsense and nothing else. Please see the trace-route screenshot:Screen Shot 2019-07-19 at 9.48.24 AM.png
    ping was timeout.
    Verified OpenVPN and found that my clients are on, so disabled them one by one and suddenly the internet was back.
    Based on this I'm thinking that my issue is related with one or all vpn client(s).
    Going to keep them off and see if the internet will not disappear for a week or two, to confirm that.

    Interesting why internet is blocked even on interfaces that never had VPN gateway assigned or any firewall rules for vpn. I have created a brand new interface for kids devices and today's internet outage affected that too.

    One of the reason to switch to pfsense was to keep majority of devices connected to internet through vpn and that is giving me troubles now. It could be that my settings have a wrong setup, but then why everything is working fine till broke the whole home internet (only the WAN interface has internet when it happens).

    0
  • A

    Again same issue this evening (no internet on all interfaces.
    Same symptoms, no trace-route after pfsense, ping timeout.
    At this time no vpn clients on, only openVPN seerver was on.
    Restarting the DNSResolver and internet is back. What the ... ?

    0
  • kiokoman
    LAYER 8

    do you have any package installed? like suricata / snort? do you have anything in dmesg ?

    0 A 1 Reply
  • A

    @kiokoman
    I have next services active:
    Screen Shot 2019-07-20 at 10.59.42 PM.png

    I have run "dmesg" on pfsense console, but don't know what to look for (I could see that lines a repeating 4 times) dmseg_07_21.txt.
    Any help Welcome

    0
  • kiokoman
    LAYER 8

    do the dmesg when the problem present itself

    0
  • A
    Global Moderator

    Can you

    • check Status/Gateways menu
    • run 'ifconfig -a'
    • run 'netstat -rn'
    • run Packet Capture on WAN with promiscuous mode enabled (Diagnostics/Packet Capture) to check if there is any in/out traffic
      when it happens again?
    0 A 4 Replies
  • A

    After 29 days of working without any issue my problem was back, no internet on a few interfaces that I have checked (same symptoms, no internet, ping timeout from interface as source). It was late night and needed internet to finish something so just restarted the pfsense and everything was back and working. Sorry, didn't have time to troubleshoot. Will hope that next time will have more to report.
    Thanks to everybody for their help @Asamat, @kiokoman, @netblues, @mokey_fraggle

    p.s. No vpn clients active on any interface, only vpn server was on. Nothing was changed during that time except the BandwithD packet was added to monitor the internet stats on ~ 08/18 and the problem occurred on 08/26.

    0 Raul Ramos 1 Reply
  • Raul Ramos

    @ady2 I have to renew the interface manually after WAN interface (DHCP mode) lose connection, just power cycle the ONT and interface tourn red and 100% packet loss.

    0
  • A

    Happened today again (no internet on all interfaces). ping timeout, traceroute only till pfsense ip address. Verified and I have no vpn clients active, only the vpn server so I restarted it and my internet is back.
    How that is possible that vpn server is blocking internet access on all interfaces?

    0
  • Gertjan

    The VPN server is just listening on a port like 1194 on an interface like WAN.
    If there are no incoming connections, then it 's doing close to nothing.

    Mine is listing on WAN for month now, never had any issues.
    You have quit a few interfaces : swap the WAN with some other NIC, and see if the problems moves.

    0
  • kiokoman
    LAYER 8

    sorry i didn't see the link to your dmesg
    there.. apart from UP and DOWN
    nothing useful

    my bet.. or your network card go overload/overheat for some reason and stop working or driver are not working well anymore, especially if the network card is some chinese clone. they suddenly stop working reliable and this can happen. maybe it's time to change it.

    if I were you I would reset / format pfsense after making a configuration backup. restore everything and see if the problem persist.
    if it persist i would change the network card

    0 A 1 Reply
  • A

    @kiokoman said in One interface loses internet access and I could get it back only after reboot the pfsense:

    sorry i didn't see the link to your dmesg
    there.. apart from UP and DOWN
    nothing useful

    my bet.. or your network card go overload/overheat for some reason and stop working or driver are not working well anymore, especially if the network card is some chinese clone. they suddenly stop working reliable and this can happen. maybe it's time to change it.

    if I were you I would reset / format pfsense after making a configuration backup. restore everything and see if the problem persist.
    if it persist i would change the network card

    @kiokoman
    I was thinking that it could be the nic card that is causing those issues, so I have for some time (around 3-4 months) a second NIC card with 2 ports in addition to 4 port Chinese clone (bought as new for ~ $45 on ebay). When Installed the second nic with 2 ports, I switch a few interfaces to that card to check if there was the 4 ports card fault, and found same issue again and again. It will be quite strange that both NIC cards are overloaded at the same time or they both stop working at the same time. Could try to switch the WAN port to one of the nic cards port (my WAN is using my motherboard network port now) to check if this will block the WAN connection completely as it's happening now with my LAN interfaces.

    BTW, my pfsense was dead with the "PHP Startup: Unable to load Dynamic Library." problem after 2 days I have upgraded to 2.4.4p3 version. So I have to install everything and restore from backup and even after that the problem still happens time to time, same as before that.

    Is there any way to check if the NIC is the root cause ?

    0
  • kiokoman
    LAYER 8

    does it work if you force the network card of your laptop to use dnsfrom google for example? like 8.8.8.8 ?

    0 A 2 Replies
  • A

    @kiokoman said in One interface loses internet access and I could get it back only after reboot the pfsense:

    does it work if you force the network card of your laptop to use dnsfrom google for example? like 8.8.8.8 ?

    I have a firewall rule that is blocking all dns requests to other sources except pfsense, will pause that rule and try next time and report back

    0
  • P

    I have a similar kind of issue. Once you find the solution let me know by posting here.

    0
  • A

    Today happened again (no internet on all interfaces with Wi-Fi - verified on all), but at the same time my daughter was watching Netflix on a TV and it was working till she turn off the TV (I have connected to the same subnet with my mac and no internet for me (ping was timeout and web was not open any sites). Traceroute was to pfsense ip and nothing else.

    0
  • A

    @Asamat
    Status on Gateways is online. Also I was trying to use ping from WAN and was always succeed, but not working from any other interface.

    I run all the commands from pfsense shell:
    Shell Output - ifconfig -a
    em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
    ether 00:15:17:19:b8:44
    hwaddr 00:15:17:19:b8:44
    inet6 fe80::215:17ff:fe19:b844%em0 prefixlen 64 scopeid 0x1
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
    ether 00:15:17:19:b8:45
    hwaddr 00:15:17:19:b8:45
    inet6 fe80::215:17ff:fe19:b845%em1 prefixlen 64 scopeid 0x2
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
    ether XX:XX:XX:XX:XX:XX
    hwaddr XX:XX:XX:XX:XX:XX
    inet6 fe80::6600:6aff:fe61:1b16%em2 prefixlen 64 scopeid 0x3
    inet XX.XXX.XXX.XX netmask 0xfffffe00 broadcast 255.255.255.255
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=6500bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:04
    hwaddr a0:36:9f:85:04:04
    inet6 fe80::a236:9fff:fe85:404%igb0 prefixlen 64 scopeid 0x4
    inet 10.0.99.1 netmask 0xffffff00 broadcast 10.0.99.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: no carrier
    igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:05
    hwaddr a0:36:9f:85:04:05
    inet6 fe80::a236:9fff:fe85:405%igb1 prefixlen 64 scopeid 0x5
    inet 172.31.255.1 netmask 0xffffff00 broadcast 172.31.255.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    igb2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:06
    hwaddr a0:36:9f:85:04:06
    inet6 fe80::a236:9fff:fe85:406%igb2 prefixlen 64 scopeid 0x6
    inet 10.10.50.1 netmask 0xffffff00 broadcast 10.10.50.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    igb3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=6500bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:07
    hwaddr a0:36:9f:85:04:07
    inet6 fe80::a236:9fff:fe85:407%igb3 prefixlen 64 scopeid 0x7
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    enc0: flags=0<> metric 0 mtu 1536
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: enc
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: lo
    pflog0: flags=100<PROMISC> metric 0 mtu 33160
    groups: pflog
    pfsync0: flags=0<> metric 0 mtu 1500
    groups: pfsync
    syncpeer: 224.0.0.240 maxupd: 128 defer: on
    syncok: 1
    igb3.53: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:07
    inet6 fe80::a236:9fff:fe85:407%igb3.53 prefixlen 64 scopeid 0xc
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 53 vlanpcp: 7 parent interface: igb3
    groups: vlan
    igb3.55: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:07
    inet6 fe80::a236:9fff:fe85:407%igb3.55 prefixlen 64 scopeid 0xd
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 55 vlanpcp: 7 parent interface: igb3
    groups: vlan
    igb3.56: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:07
    inet6 fe80::a236:9fff:fe85:407%igb3.56 prefixlen 64 scopeid 0xe
    inet 10.10.56.1 netmask 0xffffff00 broadcast 10.10.56.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 56 vlanpcp: 5 parent interface: igb3
    groups: vlan
    igb3.57: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:07
    inet6 fe80::a236:9fff:fe85:407%igb3.57 prefixlen 64 scopeid 0xf
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 57 vlanpcp: 6 parent interface: igb3
    groups: vlan
    igb0.11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:04
    inet6 fe80::a236:9fff:fe85:404%igb0.11 prefixlen 64 scopeid 0x10
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: no carrier
    vlan: 11 vlanpcp: 0 parent interface: igb0
    groups: vlan
    igb0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:04
    inet6 fe80::a236:9fff:fe85:404%igb0.10 prefixlen 64 scopeid 0x11
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: no carrier
    vlan: 10 vlanpcp: 1 parent interface: igb0
    groups: vlan
    em1.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether 00:15:17:19:b8:45
    inet6 fe80::215:17ff:fe19:b845%em1.10 prefixlen 64 scopeid 0x12
    inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 10 vlanpcp: 2 parent interface: em1
    groups: vlan
    em1.11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether 00:15:17:19:b8:45
    inet6 fe80::215:17ff:fe19:b845%em1.11 prefixlen 64 scopeid 0x13
    inet 10.10.11.1 netmask 0xffffff00 broadcast 10.10.11.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 11 vlanpcp: 1 parent interface: em1
    groups: vlan
    em0.53: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether 00:15:17:19:b8:44
    inet6 fe80::215:17ff:fe19:b844%em0.53 prefixlen 64 scopeid 0x14
    inet 10.10.53.1 netmask 0xffffff00 broadcast 10.10.53.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 53 vlanpcp: 3 parent interface: em0
    groups: vlan
    igb3.51: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:85:04:07
    inet6 fe80::a236:9fff:fe85:407%igb3.51 prefixlen 64 scopeid 0x15
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 51 vlanpcp: 4 parent interface: igb3
    groups: vlan
    em0.51: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether 00:15:17:19:b8:44
    inet6 fe80::215:17ff:fe19:b844%em0.51 prefixlen 64 scopeid 0x16
    inet 10.10.51.1 netmask 0xffffff00 broadcast 10.10.51.255
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    vlan: 51 vlanpcp: 4 parent interface: em0
    groups: vlan
    ovpns5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet6 fe80::215:17ff:fe19:b844%ovpns5 prefixlen 64 scopeid 0x17
    inet 192.168.200.1 --> 192.168.200.2 netmask 0xffffff00
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: tun openvpn
    Opened by PID 34800

    0
  • A

    @Asamat
    Shell Output - netstat -rn
    Routing tables

    Internet:
    Destination Gateway Flags Netif Expire
    default 192.168.200.1 UGS lo0
    10.0.99.0/24 link#4 U igb0
    10.0.99.1 link#4 UHS lo0
    10.10.10.0/24 link#18 U em1.10
    10.10.10.1 link#18 UHS lo0
    10.10.11.0/24 link#19 U em1.11
    10.10.11.1 link#19 UHS lo0
    10.10.50.0/24 link#6 U igb2
    10.10.50.1 link#6 UHS lo0
    10.10.51.0/24 link#22 U em0.51
    10.10.51.1 link#22 UHS lo0
    10.10.53.0/24 link#20 U em0.53
    10.10.53.1 link#20 UHS lo0
    10.10.56.0/24 link#14 U igb3.56
    10.10.56.1 link#14 UHS lo0
    XX.XXX.XX.XX/23 link#3 U em2
    XX.XXX.XX.XX link#3 UHS lo0
    127.0.0.1 link#9 UH lo0
    172.31.255.0/24 link#5 U igb1
    172.31.255.1 link#5 UHS lo0
    192.168.200.0/24 192.168.200.2 UGS ovpns5
    192.168.200.1 link#23 UHS lo0
    192.168.200.2 link#23 UH ovpns5

    Internet6:
    Destination Gateway Flags Netif Expire
    default fe80::201:5cff:fe6e:a646%em2 UG em2
    ::1 link#9 UH lo0
    fe80::%em0/64 link#1 U em0
    fe80::215:17ff:fe19:b844%em0 link#1 UHS lo0
    fe80::%em1/64 link#2 U em1
    fe80::215:17ff:fe19:b845%em1 link#2 UHS lo0
    fe80::%em2/64 link#3 U em2
    fe80::6600:6aff:fe61:1b16%em2 link#3 UHS lo0
    fe80::%igb0/64 link#4 U igb0
    fe80::a236:9fff:fe85:404%igb0 link#4 UHS lo0
    fe80::%igb1/64 link#5 U igb1
    fe80::a236:9fff:fe85:405%igb1 link#5 UHS lo0
    fe80::%igb2/64 link#6 U igb2
    fe80::a236:9fff:fe85:406%igb2 link#6 UHS lo0
    fe80::%igb3/64 link#7 U igb3
    fe80::a236:9fff:fe85:407%igb3 link#7 UHS lo0
    fe80::%lo0/64 link#9 U lo0
    fe80::1%lo0 link#9 UHS lo0
    fe80::%igb3.53/64 link#12 U igb3.53
    fe80::a236:9fff:fe85:407%igb3.53 link#12 UHS lo0
    fe80::%igb3.55/64 link#13 U igb3.55
    fe80::a236:9fff:fe85:407%igb3.55 link#13 UHS lo0
    fe80::%igb3.56/64 link#14 U igb3.56
    fe80::a236:9fff:fe85:407%igb3.56 link#14 UHS lo0
    fe80::%igb3.57/64 link#15 U igb3.57
    fe80::a236:9fff:fe85:407%igb3.57 link#15 UHS lo0
    fe80::%igb0.11/64 link#16 U igb0.11
    fe80::a236:9fff:fe85:404%igb0.11 link#16 UHS lo0
    fe80::%igb0.10/64 link#17 U igb0.10
    fe80::a236:9fff:fe85:404%igb0.10 link#17 UHS lo0
    fe80::%em1.10/64 link#18 U em1.10
    fe80::215:17ff:fe19:b845%em1.10 link#18 UHS lo0
    fe80::%em1.11/64 link#19 U em1.11
    fe80::215:17ff:fe19:b845%em1.11 link#19 UHS lo0
    fe80::%em0.53/64 link#20 U em0.53
    fe80::215:17ff:fe19:b844%em0.53 link#20 UHS lo0
    fe80::%igb3.51/64 link#21 U igb3.51
    fe80::a236:9fff:fe85:407%igb3.51 link#21 UHS lo0
    fe80::%em0.51/64 link#22 U em0.51
    fe80::215:17ff:fe19:b844%em0.51 link#22 UHS lo0
    fe80::215:17ff:fe19:b844%ovpns5 link#23 UHS lo0

    0
  • A

    @Asamat
    I did 3 packet capture each 100 lines:

    18:51:53.203733 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35397, length 8
    18:51:53.221962 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35397, length 8
    18:51:53.495342 IP XX.XXX.XX79.60309 > 205.251.196.138.53: UDP, length 47
    18:51:53.534174 IP 205.251.196.138.53 > XX.XXX.XX79.60309: UDP, length 217
    18:51:53.534464 IP XX.XXX.XX79.11868 > 198.51.45.6.53: UDP, length 51
    18:51:53.554183 IP 198.51.45.6.53 > XX.XXX.XX79.11868: UDP, length 67
    18:51:53.735930 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35398, length 8
    18:51:53.753195 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35398, length 8
    18:51:54.268183 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35399, length 8
    18:51:54.276526 IP 184.105.148.116.443 > XX.XXX.XX79.4162: tcp 34
    18:51:54.276997 IP XX.XXX.XX79.4162 > 184.105.148.116.443: tcp 0
    18:51:54.278425 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35399, length 8
    18:51:54.505014 IP XX.XXX.XX79.57442 > 176.32.99.148.443: tcp 241
    18:51:54.584660 IP 176.32.99.148.443 > XX.XXX.XX79.57442: tcp 92
    18:51:54.585121 IP XX.XXX.XX79.57442 > 176.32.99.148.443: tcp 0
    18:51:54.800442 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35400, length 8
    18:51:54.811661 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35400, length 8
    18:51:54.991784 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
    18:51:55.332697 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35401, length 8
    18:51:55.342068 IP XX.XXX.XX79.16769 > 52.53.96.55.10060: UDP, length 110
    18:51:55.347894 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35401, length 8
    18:51:55.367028 IP 52.53.96.55.10060 > XX.XXX.XX79.16769: UDP, length 426
    18:51:55.455347 IP XX.XXX.XX79.57415 > 129.192.166.10.4500: UDP, length 1
    18:51:55.864954 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35402, length 8
    18:51:55.874125 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35402, length 8
    18:51:56.387522 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35403, length 8
    18:51:56.397357 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35403, length 8
    18:51:56.463241 IP XX.XXX.XX79.32734 > 54.175.219.166.9998: tcp 69
    18:51:56.542522 IP 54.175.219.166.9998 > XX.XXX.XX79.32734: tcp 0
    18:51:56.543499 IP 72.9.149.69.5010 > XX.XXX.XX79.1242: UDP, length 293
    18:51:56.544635 IP XX.XXX.XX79.1242 > 72.9.149.69.5010: UDP, length 291
    18:51:56.574930 IP XX.XXX.XX79.35177 > 52.9.146.37.53: UDP, length 59
    18:51:56.575188 IP XX.XXX.XX79.16157 > 204.74.108.1.53: UDP, length 46
    18:51:56.597519 IP 52.9.146.37.53 > XX.XXX.XX79.35177: UDP, length 64
    18:51:56.598521 IP 204.74.108.1.53 > XX.XXX.XX79.16157: UDP, length 211
    18:51:56.598913 IP XX.XXX.XX79.14210 > 208.78.70.31.53: UDP, length 46
    18:51:56.617530 IP 208.78.70.31.53 > XX.XXX.XX79.14210: UDP, length 107
    18:51:56.617736 IP XX.XXX.XX79.19768 > 204.13.250.31.53: UDP, length 46
    18:51:56.636537 IP 204.13.250.31.53 > XX.XXX.XX79.19768: UDP, length 107
    18:51:56.917785 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35404, length 8
    18:51:56.926614 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35404, length 8
    18:51:56.936614 IP 54.175.219.166.9998 > XX.XXX.XX79.32734: tcp 69
    18:51:57.052837 IP XX.XXX.XX79.32734 > 54.175.219.166.9998: tcp 0
    18:51:57.419040 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35405, length 8
    18:51:57.427808 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35405, length 8
    18:51:57.534927 IP 52.94.233.109.443 > XX.XXX.XX79.58853: tcp 46
    18:51:57.537301 IP XX.XXX.XX79.58853 > 52.94.233.109.443: tcp 46
    18:51:57.614918 IP 52.94.233.109.443 > XX.XXX.XX79.58853: tcp 0
    18:51:57.694329 IP XX.XXX.XX79.24934 > 205.251.198.70.53: UDP, length 68
    18:51:57.694353 IP XX.XXX.XX79.36551 > 205.251.194.237.53: UDP, length 68
    18:51:57.722004 IP 205.251.198.70.53 > XX.XXX.XX79.24934: UDP, length 333
    18:51:57.725004 IP 205.251.194.237.53 > XX.XXX.XX79.36551: UDP, length 333
    18:51:57.927595 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35406, length 8
    18:51:57.937021 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35406, length 8
    18:51:58.129830 IP XX.XXX.XX79.5917 > 67.148.47.222.53: UDP, length 54
    18:51:58.152194 IP 67.148.47.222.53 > XX.XXX.XX79.5917: UDP, length 70
    18:51:58.439437 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35407, length 8
    18:51:58.449247 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35407, length 8
    18:51:58.821435 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
    18:51:58.941783 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35408, length 8
    18:51:58.951469 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35408, length 8
    18:51:59.457591 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35409, length 8
    18:51:59.476703 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35409, length 8
    18:51:59.619214 IP XX.XXX.XX79.14224 > 140.143.83.64.53: UDP, length 49
    18:51:59.825930 IP 140.143.83.64.53 > XX.XXX.XX79.14224: UDP, length 65
    18:51:59.989770 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35410, length 8
    18:51:59.998928 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35410, length 8
    18:52:00.495303 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35411, length 8
    18:52:00.505151 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35411, length 8
    18:52:01.023034 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35412, length 8
    18:52:01.033387 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35412, length 8
    18:52:01.535681 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35413, length 8
    18:52:01.545613 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35413, length 8
    18:52:01.951810 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
    18:52:01.959690 IP XX.XXX.XX79.9142 > 205.251.196.19.53: UDP, length 52
    18:52:01.999937 IP 205.251.196.19.53 > XX.XXX.XX79.9142: UDP, length 317
    18:52:02.056532 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35414, length 8
    18:52:02.066838 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35414, length 8
    18:52:02.587765 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35415, length 8
    18:52:02.598072 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35415, length 8
    18:52:02.822782 IP XX.XXX.XX79.49983 > 95.101.36.128.53: UDP, length 62
    18:52:02.866258 IP XX.XXX.XX79.14459 > 74.125.199.188.443: tcp 26
    18:52:02.891277 IP 95.101.36.128.53 > XX.XXX.XX79.49983: UDP, length 103
    18:52:02.891726 IP XX.XXX.XX79.61871 > 193.108.88.128.53: UDP, length 65
    18:52:02.913293 IP 74.125.199.188.443 > XX.XXX.XX79.14459: tcp 0
    18:52:02.924291 IP 193.108.88.128.53 > XX.XXX.XX79.61871: UDP, length 106
    18:52:03.119018 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35416, length 8
    18:52:03.130181 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35416, length 8
    18:52:03.283471 IP 45.76.21.192.10300 > XX.XXX.XX79.42237: tcp 258
    18:52:03.283739 IP XX.XXX.XX79.42237 > 45.76.21.192.10300: tcp 0
    18:52:03.403252 IP XX.XXX.XX79.61224 > 205.251.193.129.53: UDP, length 40
    18:52:03.423512 IP 205.251.193.129.53 > XX.XXX.XX79.61224: UDP, length 305
    18:52:03.533535 IP 74.125.199.188.443 > XX.XXX.XX79.14459: tcp 26
    18:52:03.534497 IP XX.XXX.XX79.14459 > 74.125.199.188.443: tcp 0
    18:52:03.649814 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35417, length 8
    18:52:03.659538 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35417, length 8
    18:52:04.180777 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 35418, length 8
    18:52:04.189772 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 35418, length 8
    18:52:04.276907 IP 184.105.148.116.443 > XX.XXX.XX79.4162: tcp 34
    18:52:04.277328 IP XX.XXX.XX79.4162 > 184.105.148.116.443: tcp 0

    19:00:04.572337 IP 92.119.160.69.43263 > XX.XXX.XX79.43757: tcp 0
    19:00:04.733281 IP6 fe80::201:5cff:fe6e:a646 > ff02::1: ICMP6, router advertisement, length 144
    19:00:04.819589 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36339, length 8
    19:00:04.828275 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 36339, length 8
    19:00:05.017969 IP XX.XXX.XX79.1242 > 72.9.149.69.5010: UDP, length 742
    19:00:05.073460 IP 72.9.149.69.5010 > XX.XXX.XX79.1242: UDP, length 510
    19:00:05.340025 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36340, length 8
    19:00:05.350502 IP XX.XXX.XX1 > XX.XXX.XX79: ICMP echo reply, id 17814, seq 36340, length 8
    19:00:05.548636 IP6 2001:558:4010:10::1 > ff02::1:ffed:da92: ICMP6, neighbor solicitation, who has 2001:558:4010:10:211:e6ff:feed:da92, length 32
    19:00:05.570481 IP XX.XXX.XX79.28251 > 184.27.199.31.53: UDP, length 48
    19:00:05.570799 IP XX.XXX.XX79.37913 > 95.100.168.193.53: UDP, length 44
    19:00:05.571157 IP XX.XXX.XX79.8112 > 84.53.139.193.53: UDP, length 44
    19:00:05.571432 IP XX.XXX.XX79.30605 > 2.22.230.193.53: UDP, length 44
    19:00:05.571707 IP XX.XXX.XX79.31609 > 2.22.230.193.53: UDP, length 49
    19:00:05.571958 IP XX.XXX.XX79.42491 > 95.101.36.192.53: UDP, length 46
    19:00:05.572172 IP XX.XXX.XX79.22176 > 95.100.168.193.53: UDP, length 50
    19:00:05.572413 IP XX.XXX.XX79.35440 > 23.211.133.193.53: UDP, length 51
    19:00:05.572893 IP XX.XXX.XX79.57271 > 2.22.230.193.53: UDP, length 46
    19:00:05.573108 IP XX.XXX.XX79.6230 > 184.85.248.193.53: UDP, length 50
    19:00:05.573320 IP XX.XXX.XX79.17244 > 23.211.133.193.53: UDP, length 50
    19:00:05.573536 IP XX.XXX.XX79.40388 > 23.211.133.193.53: UDP, length 50
    19:00:05.583681 IP 184.27.199.31.53 > XX.XXX.XX79.28251: UDP, length 80
    19:00:05.594710 IP 184.85.248.193.53 > XX.XXX.XX79.6230: UDP, length 66
    19:00:05.594928 IP XX.XXX.XX79.48933 > 95.101.36.192.53: UDP, length 50
    19:00:05.614698 IP 84.53.139.193.53 > XX.XXX.XX79.8112: UDP, length 60
    19:00:05.614881 IP 23.211.133.193.53 > XX.XXX.XX79.35440: UDP, length 67
    19:00:05.615009 IP 23.211.133.193.53 > XX.XXX.XX79.17244: UDP, length 66
    19:00:05.615015 IP 23.211.133.193.53 > XX.XXX.XX79.40388: UDP, length 66
    19:00:05.615083 IP XX.XXX.XX79.29794 > 95.100.168.193.53: UDP, length 44
    19:00:05.615355 IP XX.XXX.XX79.33558 > 184.85.248.193.53: UDP, length 51
    19:00:05.615620 IP XX.XXX.XX79.11105 > 84.53.139.193.53: UDP, length 51
    19:00:05.615835 IP XX.XXX.XX79.17035 > 184.85.248.193.53: UDP, length 51
    19:00:05.616075 IP XX.XXX.XX79.11869 > 95.100.168.193.53: UDP, length 51
    19:00:05.616316 IP XX.XXX.XX79.34169 > 23.211.61.193.53: UDP, length 46
    19:00:05.616591 IP XX.XXX.XX79.24846 > 95.101.36.192.53: UDP, length 51
    19:00:05.616806 IP XX.XXX.XX79.19583 > 23.61.199.193.53: UDP, length 50
    19:00:05.617014 IP XX.XXX.XX79.64648 > 84.53.139.193.53: UDP, length 50
    19:00:05.630703 IP 95.100.168.193.53 > XX.XXX.XX79.37913: UDP, length 60
    19:00:05.631324 IP XX.XXX.XX79.28551 > 23.211.133.192.53: UDP, length 44
    19:00:05.631700 IP XX.XXX.XX79.38327 > 95.100.168.193.53: UDP, length 46
    19:00:05.631937 IP XX.XXX.XX79.43729 > 23.61.199.193.53: UDP, length 46
    19:00:05.635705 IP 95.100.168.193.53 > XX.XXX.XX79.22176: UDP, length 66
    19:00:05.635917 IP XX.XXX.XX79.5647 > 95.100.168.193.53: UDP, length 50
    19:00:05.640706 IP 184.85.248.193.53 > XX.XXX.XX79.33558: UDP, length 67
    19:00:05.640867 IP 184.85.248.193.53 > XX.XXX.XX79.17035: UDP, length 67
    19:00:05.640940 IP XX.XXX.XX79.41589 > 193.108.88.1.53: UDP, length 51
    19:00:05.641159 IP XX.XXX.XX79.19201 > 184.26.160.193.53: UDP, length 51
    19:00:05.641383 IP XX.XXX.XX79.40034 > 95.101.36.192.53: UDP, length 51
    19:00:05.644707 IP 95.101.36.192.53 > XX.XXX.XX79.42491: UDP, length 62
    19:00:05.644938 IP XX.XXX.XX79.27574 > 184.85.248.193.53: UDP, length 46
    19:00:05.646709 IP 2.22.230.193.53 > XX.XXX.XX79.31609: UDP, length 65
    19:00:05.646868 IP 2.22.230.193.53 > XX.XXX.XX79.57271: UDP, length 62
    19:00:05.646944 IP XX.XXX.XX79.57663 > 193.108.88.1.53: UDP, length 49
    19:00:05.647305 IP XX.XXX.XX79.38390 > 84.53.139.193.53: UDP, length 46
    19:00:05.647527 IP XX.XXX.XX79.48780 > 23.74.25.192.53: UDP, length 46
    19:00:05.647921 IP 2.22.230.193.53 > XX.XXX.XX79.30605: UDP, length 60
    19:00:05.648172 IP XX.XXX.XX79.64533 > 23.211.133.192.53: UDP, length 44
    19:00:05.660716 IP 84.53.139.193.53 > XX.XXX.XX79.64648: UDP, length 116
    19:00:05.660876 IP 84.53.139.193.53 > XX.XXX.XX79.11105: UDP, length 67
    19:00:05.661120 IP XX.XXX.XX79.48019 > 95.101.36.192.53: UDP, length 51
    19:00:05.661941 IP 184.26.160.193.53 > XX.XXX.XX79.19201: UDP, length 67
    19:00:05.662145 IP XX.XXX.XX79.43113 > 184.26.160.193.53: UDP, length 51
    19:00:05.662967 IP 193.108.88.1.53 > XX.XXX.XX79.41589: UDP, length 117
    19:00:05.663678 IP 95.101.36.192.53 > XX.XXX.XX79.48933: UDP, length 116
    19:00:05.665691 IP 184.85.248.193.53 > XX.XXX.XX79.27574: UDP, length 112
    19:00:05.666693 IP 193.108.88.1.53 > XX.XXX.XX79.57663: UDP, length 115
    19:00:05.670693 IP 23.211.133.192.53 > XX.XXX.XX79.28551: UDP, length 121
    19:00:05.670927 IP XX.XXX.XX79.25833 > 96.7.50.192.53: UDP, length 44
    19:00:05.672695 IP 23.74.25.192.53 > XX.XXX.XX79.48780: UDP, length 62
    19:00:05.672905 IP XX.XXX.XX79.33573 > 95.100.168.193.53: UDP, length 46
    19:00:05.673922 IP 23.61.199.193.53 > XX.XXX.XX79.19583: UDP, length 116
    19:00:05.674081 IP 23.211.61.193.53 > XX.XXX.XX79.34169: UDP, length 62
    19:00:05.674428 IP XX.XXX.XX79.24837 > 23.61.199.193.53: UDP, length 46
    19:00:05.675946 IP 95.100.168.193.53 > XX.XXX.XX79.29794: UDP, length 121
    19:00:05.676188 IP XX.XXX.XX79.52731 > 95.101.36.192.53: UDP, length 44
    19:00:05.681699 IP 95.100.168.193.53 > XX.XXX.XX79.11869: UDP, length 67
    19:00:05.681928 IP XX.XXX.XX79.25433 > 193.108.88.1.53: UDP, length 51
    19:00:05.684700 IP 23.61.199.193.53 > XX.XXX.XX79.43729: UDP, length 62
    19:00:05.684932 IP XX.XXX.XX79.15417 > 84.53.139.193.53: UDP, length 46
    19:00:05.690704 IP 84.53.139.193.53 > XX.XXX.XX79.38390: UDP, length 112
    19:00:05.690864 IP 23.211.133.192.53 > XX.XXX.XX79.64533: UDP, length 121
    19:00:05.690930 IP XX.XXX.XX79.11133 > 184.85.248.193.53: UDP, length 46
    19:00:05.691015 IP 95.101.36.192.53 > XX.XXX.XX79.24846: UDP, length 117
    19:00:05.692728 IP 95.100.168.193.53 > XX.XXX.XX79.38327: UDP, length 62
    19:00:05.692950 IP XX.XXX.XX79.28705 > 84.53.139.193.53: UDP, length 46
    19:00:05.696706 IP 184.26.160.193.53 > XX.XXX.XX79.43113: UDP, length 117
    19:00:05.696891 IP 95.100.168.193.53 > XX.XXX.XX79.5647: UDP, length 116
    19:00:05.701707 IP 193.108.88.1.53 > XX.XXX.XX79.25433: UDP, length 117
    19:00:05.710737 IP 184.85.248.193.53 > XX.XXX.XX79.11133: UDP, length 112
    19:00:05.710922 IP 95.101.36.192.53 > XX.XXX.XX79.40034: UDP, length 117
    19:00:05.725743 IP 84.53.139.193.53 > XX.XXX.XX79.15417: UDP, length 112
    19:00:05.733717 IP 23.61.199.193.53 > XX.XXX.XX79.24837: UDP, length 112
    19:00:05.733943 IP XX.XXX.XX79.57204 > 23.211.133.193.53: UDP, length 46
    19:00:05.735723 IP 84.53.139.193.53 > XX.XXX.XX79.28705: UDP, length 112
    19:00:05.741725 IP 95.100.168.193.53 > XX.XXX.XX79.33573: UDP, length 112
    19:00:05.746726 IP 95.101.36.192.53 > XX.XXX.XX79.48019: UDP, length 117
    19:00:05.750728 IP 95.101.36.192.53 > XX.XXX.XX79.52731: UDP, length 121
    19:00:05.760782 IP 96.7.50.192.53 > XX.XXX.XX79.25833: UDP, length 121
    19:00:05.772762 IP 23.211.133.193.53 > XX.XXX.XX79.57204: UDP, length 112
    19:00:05.849230 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36341, length 8

    19:03:13.035722 IP XX.XXX.XX79.30381 > 99.84.224.62.443: tcp 0
    19:03:13.036663 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 650
    19:03:13.036992 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
    19:03:13.037315 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
    19:03:13.037641 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
    19:03:13.037965 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 1448
    19:03:13.038353 IP XX.XXX.XX79.26164 > 99.84.224.62.443: tcp 0
    19:03:13.038765 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
    19:03:13.039091 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
    19:03:13.039105 IP 99.84.224.62.443 > XX.XXX.XX79.26164: tcp 240
    19:03:13.039398 IP XX.XXX.XX79.26164 > 99.84.224.62.443: tcp 0
    19:03:13.039890 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
    19:03:13.040217 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
    19:03:13.040938 IP XX.XXX.XX79.26164 > 99.84.224.62.443: tcp 0
    19:03:13.040947 IP XX.XXX.XX79.21364 > 99.84.224.62.443: tcp 0
    19:03:13.041198 IP XX.XXX.XX79.21364 > 99.84.224.62.443: tcp 0
    19:03:13.041943 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
    19:03:13.042266 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 1448
    19:03:13.042664 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 650
    19:03:13.042815 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 651
    19:03:13.042831 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 650
    19:03:13.043017 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.043146 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.043161 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1448
    19:03:13.043343 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1448
    19:03:13.043358 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 650
    19:03:13.043544 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.043560 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.043574 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
    19:03:13.043869 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
    19:03:13.043884 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1448
    19:03:13.044194 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1448
    19:03:13.044209 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.044518 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.044534 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.044548 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.044562 IP 99.84.224.62.443 > XX.XXX.XX79.21364: tcp 401
    19:03:13.044820 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1448
    19:03:13.044835 IP 99.84.224.62.443 > XX.XXX.XX79.43669: tcp 1324
    19:03:13.044849 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
    19:03:13.044973 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
    19:03:13.045117 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1448
    19:03:13.045132 IP 99.84.224.62.443 > XX.XXX.XX79.16642: tcp 1421
    19:03:13.045146 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 650
    19:03:13.045160 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
    19:03:13.045280 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
    19:03:13.045468 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.045483 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.045718 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
    19:03:13.045734 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
    19:03:13.045748 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
    19:03:13.046044 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 1448
    19:03:13.046394 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.046741 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.047120 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 1448
    19:03:13.047135 IP 99.84.224.62.443 > XX.XXX.XX79.62339: tcp 434
    19:03:13.047263 IP 99.84.224.21.443 > XX.XXX.XX79.57695: tcp 337
    19:03:13.047669 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.047996 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.048219 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 1448
    19:03:13.048234 IP 99.84.224.62.443 > XX.XXX.XX79.50307: tcp 891
    19:03:13.048543 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
    19:03:13.048559 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
    19:03:13.048592 IP XX.XXX.XX79.43669 > 99.84.224.62.443: tcp 0
    19:03:13.048597 IP XX.XXX.XX79.43907 > 99.84.224.62.443: tcp 0
    19:03:13.048610 IP XX.XXX.XX79.62339 > 99.84.224.62.443: tcp 0
    19:03:13.048622 IP XX.XXX.XX79.57695 > 99.84.224.21.443: tcp 0
    19:03:13.048673 IP XX.XXX.XX79.21364 > 99.84.224.62.443: tcp 0
    19:03:13.048869 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.048874 IP XX.XXX.XX79.16642 > 99.84.224.62.443: tcp 0
    19:03:13.048879 IP XX.XXX.XX79.62339 > 99.84.224.62.443: tcp 0
    19:03:13.048889 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.048897 IP XX.XXX.XX79.43907 > 99.84.224.62.443: tcp 0
    19:03:13.048998 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 682
    19:03:13.049293 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.049424 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.049620 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
    19:03:13.049769 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1448
    19:03:13.049943 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.049958 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.050295 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 1448
    19:03:13.050466 IP 99.84.224.62.443 > XX.XXX.XX79.43907: tcp 87
    19:03:13.051045 IP 99.84.224.62.443 > XX.XXX.XX79.1433: tcp 1433
    19:03:13.051620 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 1448
    19:03:13.051635 IP 99.84.224.62.443 > XX.XXX.XX79.6976: tcp 381
    19:03:13.052746 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
    19:03:13.053070 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
    19:03:13.053396 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
    19:03:13.053721 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
    19:03:13.054045 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
    19:03:13.054060 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 1448
    19:03:13.054397 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
    19:03:13.054412 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
    19:03:13.055747 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1448
    19:03:13.056072 IP 99.84.224.62.443 > XX.XXX.XX79.51443: tcp 1405
    19:03:13.056220 IP 99.84.224.62.443 > XX.XXX.XX79.44006: tcp 687
    19:03:13.090026 IP XX.XXX.XX79 > XX.XXX.XX1: ICMP echo request, id 17814, seq 36702, length 8
    19:03:13.091131 IP XX.XXX.XX79.57695 > 99.84.224.21.443: tcp 0
    19:03:13.091135 IP XX.XXX.XX79.43669 > 99.84.224.62.443: tcp 0
    19:03:13.091137 IP XX.XXX.XX79.16642 > 99.84.224.62.443: tcp 0

    0
  • A

    To get internet back I just restarted the VPN Server and internet was back.
    The suggestion that NIC card (in my case 2 nic cards) get overloaded somehow, but then why when restart the VPN server the internet is back?
    I could not understand how the VPN server restart is related with all interfaces access to internet.
    This is second or third time when restarting the VPN server is restoring internet access on all interfaces

    0
  • A

    Today is getting crazy. Second time the internet stopped.
    I was trying to check (try youtube, ping yahoo, etc,) but also tried to connect from my phone (on LTE internet) through vpn, and it connected successfully so I could check my surveillance cameras, that means that pfsense doesn't loose internet connection, but the main point here is that right after that my internet was back on my laptop and desktop.
    So looks like my OpenVpn server is the cause, any suggestions based on the provided info?

    Thanks

    0
  • A

    @kiokoman said in One interface loses internet access and I could get it back only after reboot the pfsense:

    does it work if you force the network card of your laptop to use dnsfrom google for example? like 8.8.8.8 ?

    Tried using DNS 8.8.8.8 on my mac last time it happened and no luck.

    0
  • stephenw10
    Netgate Administrator

    @ady2 said in One interface loses internet access and I could get it back only after reboot the pfsense:

    default 192.168.200.1 UGS lo0

    That looks wrong. I'd say you are losing your correct default route. What do you have the default gateway set to? If it's set to automatic set it to a fixed gateway instead.

    Steve

    0 A 2 Replies
  • A

    @stephenw10 said in One interface loses internet access and I could get it back only after reboot the pfsense:

    @ady2 said in One interface loses internet access and I could get it back only after reboot the pfsense:

    default 192.168.200.1 UGS lo0

    That looks wrong. I'd say you are losing your correct default route. What do you have the default gateway set to? If it's set to automatic set it to a fixed gateway instead.

    Steve

    Thanks for looking.
    Do you mean this:
    in the System/ Routing/ Gateways >> Default gateway tab
    Screen Shot 2019-09-26 at 6.26.54 PM.png
    and set Default gateway IPv4 to WAN_DHCP?

    0
  • A

    @stephenw10

    I have rerun the "netstat -rn" command when internet was working (from pfsense Diagnostics/Command Prompt/Execute Shell Command) and the default Gateway was from my WAN subnet ip address.
    Routing tables
    Internet:
    Destination Gateway Flags Netif Expire
    default 67.XXX.XXX.1 UGS em2
    10.0.99.0/24 link#4 U igb0

    And then internet stopped working again and I have rerun "netstat -rn" :
    Routing tables

    Internet:
    Destination Gateway Flags Netif Expire
    default 192.168.200.1 UGS lo0
    10.0.99.0/24 link#4

    Also found that my default gateway was my OpenVPN
    Screen Shot 2019-09-26 at 11.17.04 PM.png

    What I did, I have setup Default gateway IPv4 to WAN_DHCP and clicked save button, so now it looks like:
    Screen Shot 2019-09-26 at 11.27.33 PM.png
    The internet was back.
    and
    Screen Shot 2019-09-26 at 11.25.23 PM.png

    No idea if this is a temporary solution till next blackout or this should fix it permanently ?

    0
  • A

    Also verified that all my firewall rules for all interfaces have the gateway set to default. Do I need to set the gateway to WAN for each rule ?

    0
  • Gertjan

    Noop.

    c271240d-a8b4-42f7-ba32-42f9cfa86be3-image.png

    'default" means the default gateway will be used.

    0
  • stephenw10
    Netgate Administrator

    Exactly. When you have the default gateway set to automatic it will change to a different gateway when the previous default goes down. That works fine if you have, say, two public WAN connections but here you have gateways for OpenVPNs, it selects on and it's invalid as the WAN is down.
    Set the default v4 gateway to be the WAN gateway. That will probably resolve it.

    Steve

    0 A 1 Reply
  • A

    @stephenw10
    Thanks a lot Steve for pointing to the right direction.
    Hope this fix will resolve my issue and will let me enjoy my pfsense firewall.

    0
  • B

    @ady2
    Your problem seem to be very similar to mine in how the Internet access drops intermittently. However I do not have a VPN gateway setup.
    I've been reviwing the Netgate documentation and following the troubleshooting. Installed a "clean" simple installation and I still get these dropouts.

    02d9383f-b556-42af-b407-8948b7107fc0-image.png
    Since your last post was a while ago then I assume this solved the issue you were having?

    0 A 1 Reply
  • A

    @bjohe

    Yes, since I have setup my WAN as default gateway I didn't have any internet dropout.
    In your case did you consider a hardware failure? Trying to debug my issue I have bought another (actually 2 other relatively cheap used LAN cards from ebay) and added to my setup trying to exclude the lan card failure, but in my case it was not the card.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy