pFsense stops routing every day at random for 7-15 seconds the resumes.
-
Hello,
We have a plain pfSense instance latest version, NO nat only routing, 1GB memory, 1 vCpu, 16GB in a datacenter setting as a central firewall for the virtual machines in a Vcloud.We do not use any rules from LAN to WAN and a few rules to block traffic from WAN (from main Juniper router) to LAN (LAN = VM side)
The whole thing works but about every day, we have a big problem, the router stops all routing (LAN2WAN and vice versa) for about 7-15 seconds and then resumes. All pings stop from Vm's to outside and pings from internet to the router and webinterface is not reachable. Nothing in the log, except when dpinger is on then error send error 64 is shown, if dpinger is off, no errors to be found.
This breaks nagios and IPSEC.
We tried multiple vCpu, only one vCpu, Dpinger gateway monitoring on and off, E1000 or VmXnet3, but nothing changes the behaviour... There are no packages installed, just plain vanilla pFsense, only the Vmware Tools are installed latest version.
We have completely reinstalled twice now, and did not restore any rules. We manually created all rules anew.
What could be wrong? This is hurting... Any help would be extremely appreciated. Extra remark: according to the vCloud supplier no one else ever had the same problem.
We really hope we can get is resolved.
-
is there a specific hour of the day?
-
No it happens everytime at a different times of the day.
We now have another firewall (untangle) and that is stable so it has something to do with pfSense.
But we want to go back to pfSense offcourse! -
Error 65 is 'no route to host', so it means you have no route to the gateway at that time.
dhcp lease expired ? what are you using as monitor address? -
Well i use the gateway it self as target. But if i do not monitor and tell pfSense the gateway is "always up" and disable monitoring actions, the same happens.
Almost feels like the network card is rebooted or something... -
Now trying with 1CPU, 1GB memory, E1000 and deinstalled the VmWare tools package...
-
Its driving me nuts....
Connection drops completely and log only shows:
Mar 26 03:13:43
dpinger GW_WAN_2 XXX.XX.XX.XX: sendto error: 64 -
it looks like a gateway issue for sure, but it could also be a clock-drift issue
because of clock-drift it could be possible that pfsense does not renew it's dhcp lease in time.
be sure to turn off clock synch for your VM. also be sure to connect pfsense to a valid time server & check for errors
-
@heper thanks for the answer.
Pfsense is located in a datacenter setting with fixed ip of gateway, fixed wan ip address, pure routing to another subnet on the LAN side with fixed internet subnets. No nat no DHCP.
I will look into the time sync right now. <update> time sync was allready off. -
upgraded to 2.4.5 so hopefully the problem dissapears...
-
@voipuser said in pFsense stops routing every day at random for 7-15 seconds the resumes.:
upgraded to 2.4.5 so hopefully the problem dissapears...
Well it seems 2.4.5 cleared the problems, not had any disruption yet since: 2 days and 2 hours.
So far, much better!
