Internet connection drops randomly - Gmail, Webspotify



  • Hey folks,

    We have a PFSENSE 2.4.4 working as a internet proxy with Squid (not transparent) + SquidGuard + Samba authenticating on AD.

    It has been reported that many "persistent" connections keep dropping randomly e constantly, with the message "reconnecting" or "lost connection" depending on the webpage (like gmail, booking.com, web spotify, and so on). It does not seem to be a general network issue because intranet works fine, as do many other internet websites.

    Can anyone provide a little guidance as to fine tuning options on Squid (or PFSENSE) that refer to these kind of connections?

    I don´t know if this is related or not, but for the same webpage on the access logs it shows many hits 200 and many more Denied 407 (which seems to happen when the specific connection does not pass the logged user to the proxy, which is not able to authenticate access on AD).
    Caphhfghturar.PNG

    Kindest Regards,

    Andre.

    Ps: As I wrote this post the connection dropped as per image attached!Capturardasds.PNG image url)



  • Don't worry about this one :

    14ae5b09-8aad-48a8-b964-f15178f70a17-image.png

    the local (java ? ) scripts in your browser are some what nervous and signal a loss rather fast.
    edit : I guess it's more the server side (pfSense forum) that some times just can't cope with the load of visitors .... )
    Happens to me also, although many other devices on my LAN's are connected to what ever else everywhere and indicate nothing happened.
    SSH connections were not broken , for example.



  • U say AD, have u check cache.log from squid?

    How any users u have simultaneously?
    What settings u have in squid for SG?

    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    

    How much ram u have?
    How many u setup for squid?



  • Hi @Gertjan thanks for the input! ´ll take a look at the scripts running. SSH connections (and others) don´t seem to be affected as well. Actually, not even http/https in general, only some specific websites.

    @periko thanks for the reply! Here are the information you asked about (and a few more):

    • CPU: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz 8 CPUs: 1 package(s) x 4 core(s) x 2 hardware threads (has not gone over 20% utilization)

    • Server RAM: 16GB (usually 14% in use)

    • The proxy has 1 lan interface for private network and 2 wan interfaces on separate ISP links grouped on TIER 1 for failover

    • Proxy cache configs are basically default, I just increased the cache size to 200mb

    • I have about 200 users, consuming at Average 5.78 Mbit/s (according to NTOP) but this number varies throughout the day

    • Overall bandwith throttling is set to 0

    • Cache.log: getting a lot of Got NTLMSSP neg_flags=0xa208b207 for most of the authentication

    • I ran wireshark on my station and got a few RST packages and a few more Keep Alives.

    • SG configs is as follows:
      # Package Integration
      url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squid
      Guard.conf
      url_rewrite_bypass off
      url_rewrite_children 16 startup=8 idle=4 concurrency=0

    Thanks again!

    Andre.



  • @armandelli said in Internet connection drops randomly - Gmail, Webspotify:

    url_rewrite_children 16 startup=8 idle=4 concurrency=0

    What I can tell u is that, for 200 users, suppose u have 100 simultaneous, this value is very low.

    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    

    Search for the word increase in cache.log.

    If u found it, increase those values, they are for a small network.

    Just in case.



  • @periko thanks very much for your input!

    I have increased the parameters to url_rewrite_children 50 startup=16 idle=8 concurrency=0 to and will monitor how squid and the internet browsing behaves.

    If necessary I'll increase a bit more. If even after that the problem persists, i'll keep looking into it.

    Regards!
    Andre.


Log in to reply