SG1100 up, admin GUI works, traffic graphs show data, no internet



  • Every now and then my SG-1100 just stops serving internet. It's up and running, approachable, traffic graphs are showing traffic, but nothing is coming through. I am using OpenVPN clients connecting to ProtonVPN, and Proton DNS server can be pinged. Google or Cloudflare DNS cannot be pinged. I suspected Proton to be the problem, but after a reboot of the SG-1100 internet was served again.

    I cannot reproduce this problem and the resolution workaround is simple. However, it still bothers me. Does the community have any suggestions for me that may help to diagnose this problem? Could I make some dump somehow when it occurs, which logs should I check, other things I could do? All help appreciated.



  • I'm having similar issue. connecting to wan through PPPOE and openvpn to AirVPN, it will disconnect couple of times everyday and have to wait for around 10 minutes to get connection back. I tried few things but nothing worked so far. also, sometimes the SG1100 just hangs or restart on its own, so I can't even access the web GUI. I will try to format it and install a fresh copy of pfsense, and do the setup again hopefully won't have this issue.



  • @a-katib91 I am sorry to hear you have similar issues. Although, they are not completely similar: in my case the SG-1100 was not serving internet for several hours, happily running as if nothing was wrong. And I do not experience reboots. I have completely reinstalled the thing just 10 days ago or so with a new image, latest version. So I doubt that a reinstall will help you solve your issues...


  • Netgate Administrator

    Yeah that sounds like a different issue.

    @brightwolf Where are you pinging from?

    It could be you have no NAT happening out of the OpenVPN interface in that situation.

    You might have no default route. The VPN provided DNS and gateway may still be accessible in that situation of they are in the same subnet. Check the routing table in Diag > Routes before it fails so you know what it should look like and then in the failed state.

    You can generate a status file to later review by manually going to [your_firewall_IP]/status.php
    It can take a while for that page to load. There is a download link at the top to get all data there as a file. It's definitely not something you would want to make public though.

    Steve



  • @stephenw10 Thanks for your hints. Took a screenshot of that routes page, now it is in a working state, so I can compare it with the failed state later on.

    I am starting to suspect that it could have something to do with traffic shaper. I noticed some traffic shaper log entries hinting that it was only active on one of my four different VPN clients. Since I am balancing the VPN clients in a gateway group, could it be that when the VPN switches to a different client, and there's no traffic shaper defined, that it stops? Because it thinks no traffic is allowed or something?


  • Netgate Administrator

    Unlikely. It's possible to break the ruleset entirely by having shaping that ends up invalid on the interface it's defined on but you would see problems all the time if that were the case.

    Steve


Log in to reply