New pfsense router constantly drops the pppoe wan connection
-
Hi Guys,
I hope that someone can help me.
Because of a recent PSU failure of my current homebuild pfsense router i have desided to upgrade the router.
After research and be able to buy it for a realy good price i have bouth the way to powerfull SuperMicro A2SDi-4C-HLN4F
After setting everything up i notice that after a couple of minutes (between 1 and 5) the WAN connections drops for a second or 2 and then comes back.
This happens constant.I’m sure that there is no problem with the network cable or pppoe settings because when i place the cable back in the old router there is no issue!
Setup settings:
- Wan --> ix0.6 (getting internet trough vlan 6 and iptv trough vlan 4 of my internet provider, thats xs4all in the netherlands)
- Lan --> ix1
Can anyone point me in the good direction where to look to resolv this issue?
I’ve already tried the following:- Set Up manually the router based on the current working setup.
- Restore a backup of the working router and only changed the interface settings to the correct nic’s
- Default factory setup of pfsense.
- Tested every NIC with pppoe settings (all of them shows the same problem)
- All 4 nic's are working fine for just lan traffic. No timeouts with ping or iperf test.
If you need more information let me know.
Thanks in advance.
-
@G007 said in New pfsense router constantly drops the pppoe wan connection:
Hi Guys,
I hope that someone can help me.
Because of a recent PSU failure of my current homebuild pfsense router i have desided to upgrade the router.
After research and be able to buy it for a realy good price i have bouth the way to powerfull SuperMicro A2SDi-4C-HLN4F
After setting everything up i notice that after a couple of minutes (between 1 and 5) the WAN connections drops for a second or 2 and then comes back.
This happens constant.I’m sure that there is no problem with the network cable or pppoe settings because when i place the cable back in the old router there is no issue!
Setup settings:
- Wan --> ix0.6 (getting internet trough vlan 6 and iptv trough vlan 4 of my internet provider, thats xs4all in the netherlands)
- Lan --> ix1
Can anyone point me in the good direction where to look to resolv this issue?
I’ve already tried the following:- Set Up manually the router based on the current working setup.
- Restore a backup of the working router and only changed the interface settings to the correct nic’s
- Default factory setup of pfsense.
- Tested every NIC with pppoe settings (all of them shows the same problem)
- All 4 nic's are working fine for just lan traffic. No timeouts with ping or iperf test.
If you need more information let me know.
Thanks in advance.
Could it be a matter of power management in Bios that overrides the OS? Just a idea.
-
start from here https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-troubleshooting-network-cards.html#intel-ix-4-cards
check system logs if there is something
-
I have tried the tuning that are described in the docs but with no success.
I can't really stop the issue in the log but maybe you can see the error/problem
https://pastebin.com/wWGtGizy
@fireodo
Unfortunately I cannot find any settings in the bios that have to do with power management.Thanks both for your help so far
-
try to set speed duplex to a static value instead of auto
System Routing Gateways Edit
Disable Gateway Monitoring Actioncheck system log again after this, there was nothing useful on you previus log, only
pfSense package system has detected an IP change or dynamic WAN reconnection - *Static WAN address* -> *Static WAN address* - Restarting packages.maybe something happened before that is not on the log
also temporarily disable ipv6 from wan if you can -
What do you have under MTU and MSS for WAN? What ISP are you with?
-
@kiokoman
I will try to test this today.
But I don't think it makes a difference. The backup of the working old router is without ipv6 enabled.@VioletDragon
I use the default for both MTU and MSS (empty)
For MTU i have tried 1500 and 1492 with no succes
My ISP is: XS4ALL (in the Netherlands)
Connection is: FTTH with a fiber optic to ethernet converter (FTU/NTU) -
I have more or less the same type of connection, my ISP issues me a ONT combo, which I set on bridge mode and I use all of the defaults:
Since you mentioned a converter thing, does it use the code ONTs use to identify themselves to the network? My ONT even on bridge mode has to use it.
[I'll look up its name and get back.]
UPDATE
This is it:
-
@skilledinept
Thank you, but i can’t change anything in the converter. To my knowledge its just a dumb device that only converts the optical signal to ethernet.
And i know that there is the possibility to add the fibre cable direct in a router (my isp use some fritzbox with a spf interface)
-
@G007 said in New pfsense router constantly drops the pppoe wan connection:
NTU
I didn't see you posted the log earlier, my bad.
I noticed you seem to be using a static IP address on your WAN interface, has this always been like that?
Also, I compared the log to my own, and the only difference is the kernel message which I think is not normal for this kind of log.
pfSense kernel: nd6_dad_timer: called with non-tentative address fe80:a::ae1f:6bff:feb1:de94(pppoe0)Hardware problem maybe? Try virtualizing the firewall even if it's in its own server, most hypervisors are well-known by engineers and they'll know what to expect and how to proceed with a more uniform config presented by the virtualized layer. :)
-
@skilledinept
No problem!
Yes my ISP provide a static WAN IP :)
I don't think thats an issue because its a IPv6 address and my ISP provides also IPv6 access (i still don't use even with my current pfsense)The only thing i could think of is that the 4 nic's (Intel C3000) are not capable of handeling PPPoE correct.
If i take a look at the SG-5100 (same cpu and nic's as my supermicro: C3558) the only differents is that the SG-5100 uses an extra Intel i210 for the WAN and LAN nic.
The C3000 nics are the OPT ones -
I'm envious, my ISP stopped offering them, only way was with dedicated crazy expensive slow fiber (or much cheaper tunneling from a VPS).
NICs rarely fail or are incompatible, PPPoE is very old and you have a good card, recommended it seems. There's something in the middle not getting along then--I'm no programmer so don't believe a word from me--what I can say is that from experience, there's some firewall software that not pfSense but rhymes with it that used to be plagued with issues, and when it would not run baremetal, putting it on top of ESXi would fix it everything and you can always assigned the network card directly to the virtual machine so it still has full control over it.
Or… it just occurred to me: have another router in front of pfSense, something cheap (or virtualized) and have it perform a simpler role: dial up and forward everything to pfSense, full-cone NAT if possible but unless this is labeled "DMZ" cheap boxes never have the option, the good is that since you have a static IP it'll be much easier to assume control from pfSense. Assign your external IP address on a VIP facing the upstream router. If you can get the external cheap box to reach whatever your normal speeds are, you're done! :) Port forwards will get you straight-through ports if full-cone NAT is not an available option, it should work on every vendor, but y'know…
Good luck! :)
-
Thanks for the response.
I think there are only 2 options left
- Using indeed esxi and use pfsense as a vm instead of baremetal.
- Buy a rise card and an Intel based cheap powerfull nic
I don't think that using another router in front of de pfSense is a good idea because of the internet/iptv configuration
Both are coming from the FTTH on different vlans
Internet as PPPoE
and IPTV as DHCP
(and for watching tv we need to use routerd-mode: tvbox gets a normal ip for watching streaming services and only routes TV signal trough the WAN_IPTV interface with IGMP Unicast/Multicast)PS
Just to be sure i have also tried what will happen if i use the dev 2.5 version.
Wanted to know if was a driver version issue but sadly same issue :(Strange thing still is :
When I place the new pfSense behind the current one there is no issue with the WAN config as DHCP.
Testing speedtest is good without any issues
Direct connect the new pfSense on the NTU with the WAN config as PPPoE.
Lost of disconnect. Speedtest can't do the full test because of the disconnect or is a lot slower.It doesn't make any sense to me :(
-
I swear I was done but something caught my attention when I read the reply email, you say when using DHCP you have no issues. Have you tried this in the new box? If you have a static IP it doesn't necessarily mean you have to assign it yourself, that's what PPPoE/RADIUS sort of are for.
Do you get your usual IP when you use DHCP? There's a conversation that happens, the whole DORA thing… I've suffered with it plenty on bad Windows Server DHCP servers. I'm speculating here, but it could be that it was OK to ignore/skip DORA in the past but not so much anymore with your new hardware, not "activating" let's call it--will close the connection after a timeout, or something similar that would explain why you can connect but only for a brief period. I-don't-know, like I said, pure speculation! [Good] Hardware acting weird for no obvious reason though, 100% real.
I think it's call-the-ISP time.
…now I'm really done. Good luck!
-
Sorry but I think you mis understand me ;)
When I used DHCP on the new pfsense the config is:
NTU --[PPPoE]--> wan old pfSense --[DHCP] --> wan interface new pfsense --> LaptopThis way the speedtest from my laptop is quick and fast what i expect.
When I just use PPPoE on the new pfsense the config is:
NTU --[PPPoE]--> wan new pfSense --> LaptopThis way the speedtest from my laptop is poor and sometimes it even disconnect
Mayby someone from Netgate has a good idea?
-
Have you tried reinstalling a fresh image and configuring from scratch.
Having good performance in that scenario is enough to rule out hardware, besides it's extremely rare anyway.
PPPoE and DHCP connections are really binaries called by the system, maybe they got corrupted somewhere between the Internet and your drive. A bad config file can also make your life miserable, I recently had one; having preinstalled master to clone is super helpful because I'm sure I'm getting a known good system but when things sort of work if the worst bc you look in all the wrong places and break things that weren't broken. The config file is a good example of a cause of these issues. I managed to rescue sections of it though, like the aliases which is the biggest, only that section was enough for me to be thankful--it's seriously really big.
Snapshots are also useful when recovering in case you goo too far.Hopefully you fixed it by now.
