WAN traffic stops suddenly very often
-
Hi,
last few days I was searching for a solution, but all the suggestions didn't help me, so I decided to post this question on forum.I have a fresh installation of pfSense (2.4.5-RELEASE-p1) on 2 HP PCs (BIOS updated, Intel ME Firmare updated, but AMT disabled), dual port gigabit NIC (Intel PRO/1000 PT EXPI9402PTG2L20).
Very basic configuration:
1 x WAN static IP v4
1 x LAN
NAT
only simple rules to have access via https and ssh from both LAN and WAN, ICMP response on interfaces.Both units work completely separately (separate LAN IP, separate WAN IP). Every 1-3 hours in random times WAN traffic stops completely - cant ssh to WAN, can't https to it, can't ping, I can't even ping WAN gateway directly from pfSense.
In the logs presented via web GUI nothing at all, at the time this happens.I tried:
- disabling gateway monitoring
- disabling SMP
- enabled all 3 options:
Disable hardware checksum offload
Disable hardware TCP segmentation offload
Disable hardware large receive offload
Reboot helps - the unit works utouched for another 1-3 hours, than WAN traffic stops completely.
WAN interface is UP all the time.
The trick with disabling WAN interface and enabling it again doesnt help.The traffic is minimal. No VPN tunnels, nothing, VERY simple config.
Reinstalled pfSense twice, no change.Can anybody have suggestion? Have no idea what to do other than change pfSense to some other solution.
Best regards,
Andrzej -
Try running a packet capture on the WAN when this happens, do you see any incoming packets at all?
What does Status > Interfaces show for the WAN? Collisions or Errors shown?
Steve
-
Hi Steve,
thank you very much for your response.Status \ Interfaces (for WAN):
In/out errors 0/0
Collisions 0Packet capture on WAN Interface (.206 is the pfsense router, .201 is Gateway ):
23:11:52.487712 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:11:53.546473 ARP, Request who-has X.X.14.200 tell X.X.14.201, length 46
23:11:53.630587 IP X.X.14.206.5611 > Y.249.112.1.53: UDP, length 44
23:11:53.863405 IP X.X.14.206.16027 > Z.144.132.253.53: UDP, length 49
23:11:53.863480 IP X.X.14.206.9685 > A.127.112.23.53: UDP, length 40
23:11:55.505333 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:11:56.010539 ARP, Request who-has X.X.14.200 tell X.X.14.201, length 46
23:11:56.928131 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:11:58.879520 IP X.X.14.206.49193 > 8.8.8.8.53: UDP, length 40
23:11:59.905311 IP X.X.14.206.7761 > Y.188.48.59.53: UDP, length 40
23:12:00.027205 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:12:00.223237 IP X.X.14.206.39852 > 8.8.8.8.53: UDP, length 45
23:12:02.157216 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:12:03.354270 ARP, Request who-has X.X.14.200 tell X.X.14.201, length 46
23:12:04.695991 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:12:05.202445 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:12:05.938278 IP X.X.14.206.7660 > V.3.105.98.53: UDP, length 40
23:12:06.242591 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:12:06.811137 ARP, Request who-has X.X.14.205 tell X.X.14.201, length 46
23:12:07.440145 ARP, Request who-has X.X.14.200 tell X.X.14.201, length 46What really surpised me is, that when I left one unit in this unresponsive state it went back (https, ssh connectivity, ping responses) by itself after another approx 1.5h
No info in system logs, all of the sudden it went back, withouth reboot.
After another approx. 1h it went off again.Thanks for help,
Andrzej -
Are those packets being sent to the correct MAC address for the gateway (.201)?
-
Both units in:
Diagnostics \ ARP Table
show the same MAC (learned and expiring) for Gateway , I haven't change anything in terms of gateway.You see this setup "in general" works, but all of the sudden WAN communication stops, but as I learned it starts to work again after some time, by itself.
Really strange ...
Thanks for your help!
Andrzej