Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway Alarm is causing ipsec tunnels and other stuff to be reset/reloaded? Why?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 637 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Setup:

      • Two WAN Gateways inside a Gateway Group
      • "UMGW" configured as Tier2, it's not active since the other Tier1 gateway is active
      • Gateway monitoring configured with IPs 1.1.1.1 for UMGW and 8.8.4.4 for the other one
      • The IPSEC tunnel is configured to use the other gateay ("Interface" in general configuration of the ipsec tunnel is set to the other interface, not the one belonging to "UMGW")

      In the logs I see the "UMGW" going down and then the ipsec tunnels as well as other stuff being restarted:

      Jul 16 06:22:38	rc.gateway_alarm	31906	>>> Gateway alarm: UMGW (Addr:1.1.1.1 Alarm:1 RTT:23.097ms RTTsd:68.139ms Loss:22%)
Jul 16 06:22:38	check_reload_status		updating dyndns UMGW
Jul 16 06:22:38	check_reload_status		Restarting ipsec tunnels
Jul 16 06:22:38	check_reload_status		Restarting OpenVPN tunnels/interfaces
Jul 16 06:22:38	check_reload_status		Reloading filter
Jul 16 06:22:39	php-fpm	383	/rc.openvpn: MONITOR: UMGW is down, omitting from routing group GWGroup 1.1.1.1|xx.xx.xx.xx|UMGW|23.34ms|68.89ms|24%|down
Jul 16 06:22:40	php-cgi		notify_monitor.php: Message sent to xxxx@xxxxxxxx.xxx OK
Jul 16 06:22:54	php-fpm	384	/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Jul 16 06:22:54	check_reload_status		Reloading filter
Jul 16 06:23:44	rc.gateway_alarm	27207	>>> Gateway alarm: UMGW (Addr:1.1.1.1 Alarm:0 RTT:12.893ms RTTsd:1.965ms Loss:5%)
Jul 16 06:23:44	check_reload_status		updating dyndns UMGW
Jul 16 06:23:44	check_reload_status		Restarting ipsec tunnels
Jul 16 06:23:44	check_reload_status		Restarting OpenVPN tunnels/interfaces
Jul 16 06:23:44	check_reload_status		Reloading filter
Jul 16 06:23:45	php-fpm	18056	/rc.openvpn: 18056MONITOR: UMGW is available now, adding to routing group GWGroup 1.1.1.1|xx.xx.xx.xx|UMGW|12.887ms|1.949ms|3%|none
Jul 16 06:23:51	php-cgi		notify_monitor.php: Message sent to xxxx@xxxxxxxx.xxx OK
Jul 16 06:24:00	php-fpm	8881	/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Jul 16 06:24:00	check_reload_status		Reloading filter

      Why would pfSense restart the ipsec tunnel when an interface the ipsec tunnel is not using goes down? Is this intended behaviour? Can this be configured somehow?

      Does this also cause other outages or reset of connections? I see "reloading filter" there, what does this mean exactly, are the state tables cleared maybe?

      C 1 Reply Last reply Reply Quote 0
      • C
        ChrisT @A Former User
        last edited by

        I have the same behavior in a similar setup. Did you ever manage to find out what was causing this?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.