dpinger errors and apparent loss of internet connection



  • I've been having an ongoing issue and can't figure out if the problem is on my side or the ISPs side. Brief overview of the setup, charter internet which runs to a pfsense box and then off to a wireless AP. The pfsense box has a vpn connection to a remote location. When the computers on the LAN side begin to have trouble connecting to the internet, the VPN connection to the remote office often still works. Any attempt to ping outside IP addresses from the LAN side leads to 100% packet loss. The firewall has no rules other than the basic ones to get everything flowing. I've tried everything thing that I can think of and the only thing that seems to fix the situation is releasing and then renewing the DHCP lease on the WAN interface. Once this happens everything seems to return to normal until it decides to have the issue again. Resetting the modem will also remedy the situation. In my logs there are a lot of dpinger error 65s and alarms for high packet loss everything from 8% up to 22%. When I've contacted Charter they give me the default answer of it must be a problem on my end. I'm really thinking that isn't the case. Any help would be awesome.


  • Netgate Administrator

    Try setting the gateway monitoring IP to something external like 8.8.8.8 rather than the gateway IP that may not necessarily respond to ping reliably and doesn't show upstream issues anyway.
    You might also disable the disable gateway monitoring action if you only have one WAN as that will reload a load of things and doesn't really help if it can't failover.
    Both those are in System > Routing > Gateways. Edit the WAN gateway.

    When it does fail can you ping out from the firewall itself from Diag > Ping? By IP dierctly, to 8.8.8.8 for example?

    Steve



  • So I've changed the dpinger to monitor 8.8.8.8 and I've disabled "Gateway Monitoring Action". Yes some times from the firewall I can ping various external IP addresses as well as FQDN while i'm experiencing an "outage". Which i'm unable to do either from a computer on the LAN side. I can still ping other internal IP address from the LAN side as well as the firewall itself from computers on the LAN.



  • So since I've made the change to the monitored IP address there continues to be alarms. I've had two, a loss of 21% and then another a short while later of 5%. There hasn't been any apparent loss of internet connection though. With that said the "outages" are mostly observed in the mornings and it'll be a few days before I would know if this solved the "outage" problem.


  • Netgate Administrator

    You should usually see two lines one with ALARM when one of the thresholds is breached, 20% packet loss there, and a second with CLEAR when the line quality returns to normal, probably the 5% line you see there.

    Steve


Log in to reply