Delay when connecting via specific Interface.

TomT

Hi.

I've started getting a strange issue with connection delays via one Interface.
My pfSense is setup as follows:

WAN - PPPoE  to BT FTTC
LAN - 192.168.1.x
OPT1 - 10.10.1.x  - connected to switch which has 3 Wifi Access points connected (meshed)
OPT2 - 172.16.1.x
OPT3PIA - openVPN to PIA
OPT4 - openVPN for remote access

For devices connecting to the LAN they get an IP in the 192.168.1.x range and route direct via WAN
For devices connecting to OPT1 they get an IP in the 10.10.1.x range and default to using PIA for remote access. There are some devices in an 'Allow' list that use the WAN, not PIA as there gateway.

OPT2 / OPT4 are not relevant to this issue.

In the last few days I've noticed devices in the 10.10.1.x range (wifi) have a delay connecting to the Internet.

I've got a laptop connecting to the Wifi and running a traceroute there is a delay of about 6 seconds. It doesn't matter if the device is in the allow list or not. The same device connecting to the LAN (192.168.1.x) works instantly.

As a test I disconnected one of the Wifi APs from the switch and connected the laptop direct via ethernet. I get the same issue. It looks like something in OPT1 is causing this, but I don't know what.

I've been running with this setup for 18 months with out any real issues. I'm not sure what changed in the last week.

Any ideas what to check with this ?

Thanks

stephenw10

Check for IPv6 on the client, that can introduce weird connection delays if it's there but not passed.

Assuming it's not that though, do you see the delay on every connection attempt or just the first one?

When connecting to anything? Or something DNS related so direct IP connections are good?

Steve

TomT

Thanks for the reply.
I tested connecting to an IP Address and I get the same results, so I don't think this is DNS related.

Strange thing is my tablet that connects to the wifi via OPT1 has no issues at all.
The TV that connects to the switch in OPT1 has had issues with the guide and Amazon Prime not loading, however Netflix works fine, so I wondered if the switch was the issue.

OPT1 connects as follows:
OPT1 -> 10/100/1000 8 Port Switch
From the Switch are 3 Wifi AP's and TV.
I've been testing using my laptop on this switch.

This morning I disconnected OPT1 from the switch and connected OPT1 direct to my laptop. After doing this traceroute etc worked instantly. I then reconnected OPT1 back to the switch, connected the laptop to the switch again and now that is working fine as well...

So I wonder if disconnecting OPT1 from the switch has reset the connection between them and allowed them to work again ?

I do plan to change the network and get rid of OPT1, making it a flat network with all devices in the 192.168.1.x range, I think that will make it easier to fault find in the future.

I'll keep monitoring this for now and see how it goes.

Thanks

stephenw10

Could be an IP conflict with something else connected to that switch perhaps?

TomT

Hi
Thanks for the reply.

As far as I can see there are no conflicting IP Addresses.
The issue happened again last night and only affected devices on OPT1.
Strange thing was some devices worked (mobile, Laptop) and others failed (TV, YouView).

Each OPT1 device gets its IP Address via DHCP which includes the DNS addresses of my VPN Provider.
I found that devices routing via the VPN using the VPN DNS worked fine, but TV's etc that are using the VPN DNS but routing via the default gateway had started playing up.

Against the Static DNS entries for the devoces not using the VPN, I set the pfSense IP Address for DNS and now they seem to be working. pfSense is acting as a DNS resolver. So it appears that my VPN provider has stopped DNS access unless you are routing via them.

Thanks

stephenw10

Well that could definitely be true, why would they allow access to their DNS servers publicly?

That doesn't explain why you saw the delay to IP addresses directly though.

Steve