Losing Wan Connection

hackarre

Hello,

I’ve been using pfsense for a few months now and I’m currently experiencing a very annoying problem, I suddenly lose my WAN connection.

I currently have a a fiber connection that goes directly to my ISP router which is set as bridge mode. I then use an ethernet cable that goes to my pfsense box (a dedicated computer with a dual intel nic). This configuration has been working fine for some time but recently it loses wan connection randomly, it can work for a week and then it happens 2 times the same day. The issue is resolved as soon as I restart the ISP’s router.
When it happens the WAN Ip shows either as: 0.0.0.0 or n/a.

My logs used to be filled with: “arpresolve: can't allocate llinfo for xxxxx”, but digging a little bit in the forums I read that the issue should be solved in the beta, so I updated. It happened two more times after the upgrade, but the logs are no longer filled with these messages. See image attached.

I’m currently lost and I don’t know what else to do/try. Could it be an issue with the ISP router? Can I bypass it with something else?

Thanks in advance.!

stephenw10

I assume your WAN is configured as DHCP?

Check the dhcp logs for the dhclient entries.
If the WAN goes down but the interface stays up you should see the dhclient continually trying to get a new lease until it's able to reach a dhcp server. The bug that was fixed in 2.5 sometimes allowed it to stop trying so it never got an IP even when the WAN connection came back up.

Steve

hackarre

@stephenw10
I'm getting these messages. What is the "host" in this case?
Also it keeps failing until I reboot the ISP router and I keep getting the same WAN IP every time.

Thanks.

stephenw10

You want to filter that but the dhclient process only. The dhcpd entries are only the server responding to LAN side hosts.

'Host is down' is the client trying to renew the lease against the server the previously issued it but it's not responding to ARP. So then it gives up and starts broadcasting for any dhcp server but none respond so it fails out and restarts at ~6min intervals. It doesn't give up though it keeps trying.

The next thing would be to pcap on WAN for port 67 during that time and make sure it's axtually sending dhcp requests that look sane.

What does the ISP device show the line state as when this happens?

Steve

ThatGuy

I have seen this same problem with the ISP in our area. It just doesn’t happen to me but to every pfSense appliance our company sets up that uses a dynamic public IP from this same ISP. The ISP happens to be the dreaded "Carrier Grade NAT". For pfSense appliances that have a static IP from this ISP everything is fine. It’s only the devices receiving dynamic IPs from the ISP.

I’d bet you don’t have to power cycle your ISP’s modem. Next time this occurs, try simply unplugging the network cable to the pfSense WAN interface. Wait a few seconds, and then plug it back in. See if you get an IP on your WAN interface and can get out to the Internet. If this works, I can tell you how to setup a script that will automatically fix the issue when it occurs. It will ping out regularly and when it gets a few “Request Timed Out” it will disable the WAN interface in pfSense, wait a few seconds, enable the WAN interface and then it will get an IP from the modem/ISP.

Yes, this solution isn’t the best but I’ve spent countless hours trying to figure out the issue. I’ve “heard” that people who use other routing appliances don’t have this issue with the ISP. It seems to only be pfSense. Sounds odd to me but I’ve just lived with it.

hackarre, Who is your ISP?

ddave

@thatguy I have the same issue, either unplug WAN and replug or reboot the FW. Could you send me script please.

Thanks
Dave

ThatGuy

@ddave

This is the post you want from BennTech. And yes, it does work. https://forum.netgate.com/topic/16217/howto-ping-hosts-and-reset-reboot-on-failure