4. pfSense loses internet when dpinger fails (help with gateway config)

pfSense loses internet when dpinger fails (help with gateway config)

  • S

    I posted this on r/pfsense but didn't get a good answer.

    I have a cable isp. I have the following un-checked:
    ☐Disable Gateway Monitoring
    ☐Disable Gateway Monitoring Action

    I was using 8.8.8.8 as a gateway monitor but it occasionally went down and I lost internet (though internet was up, 8.8.8.8 was down). (It's set to reject lease from 192.168.100.1) A few months ago I did a traceroute and chose a cable router close to home (and changed the monitor ip to that from 8.8.8.8).

    Lately, it's gone down 2 consecutive days and I lost internet which is why I'm so desperate for answers.

    To complicate, I also have a cable hotspot which I use as a secondary ISP in a gateway group (tier 2). The hotspot is fine for web clients but it doesn't permit any ssh so I lose outside connectivity with site-to-site when I'm remote.

    Problem 1: How to chose a reliable monitor?
    Problem 2: Why does pfSense fail to re-connect when cable comes back? Should I Disable gateway monitoring action? (If I do then I lose the failover to hotspot.)

    Note that I believe I need monitoring to auto-switch gateways.

    0

  • Monitor your ISP's gateway, the next hop up from you. Why monitor something halfway around the world with lots of potential points of failure in between???

    No idea about your connection issue. Lots of people seem to have it where the WAN doesn't reconnect after losing sync until you reboot or something.

    0
  • LAYER 8 Global Moderator

    Out of the box pfsense will monitor its gateway IP, the only reason to really change that would be if that gateway doesn't answer pings, or your gateway local and not your ISP, say your behind your own router or firewall, etc.

    I just monitor pfsense gateway... And have never had single issue with cable going out and pfsense not being able to recover.. Be it power outage local, or isp outage, or I just pull the plug on cable modem on purpose, etc.

    Yeah sure the cable modem will hand out a 192.168.100.x address to pfsense now and then on specific sort of outages, but within a few minutes it has recovered to its public IP.

    0
    S
     1 Reply
  • S

    This is new information to me. I thought there was no monitoring unless the "Monitor IP" was entered. I'll try it - thanks!

    0
  • S

    @johnpoz I set it up like this but today (3 days later) it went down again. There were no issues in the modem logs but the dpinger log showed a latency so pfsense switched over to my hotspot tier 2 in a gateway group.

    The thing is that the modem and ISP were fine shortly thereafter but pfsense never switches back to the cable WAN. (I am currently remote.) Fortunately I have a port 443 reverse tunnel on the hotspot so I was able to get in and reboot and then it re-connected.

    How do I get pfsense to keep trying and switch back to WAN?

    Thanks for further help.

    0

  • Put the other members of the gateway group on a lower tier. If you have them all on tier 1 then it won't switch when the down member comes back.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy