Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ICMP timeouts since 2.5.0

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 135 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pentangle
      last edited by

      Hi all,
      Having had several issues with multi-WAN since upgrading from a very stable 2.4.x (over several years) to 2.5.0, then through RC1 and last night's RC, I've noticed that I cannot reliably ping outbound from my second WAN connection to anywhere except the direct upstream gateway or the gateway monitor IP.

      It seems that with every change I make, you might as well toss a coin as to whether I can ping anywhere else. This is despite ICMP outbound over WAN1 being reliable (and reliable to the same endpoints).

      The endpoints we're talking about here aren't unknown - i.e. i'm using 1.1.1.1 as my gateway monitor so I can ping that reliably, but I can't ping it's sister IP of 1.0.0.1, neither can I ping 8.8.8.8 or 8.8.4.4 or half of the /27 IP address range I expose at my datacentre.

      The "changes" I refer to above include:

      • Enabling/Disabling floating firewall rules (I've been running FQ_CODEL floating rules and I know there's an issue with dropping ICMP with those enabled so I disabled them - still not working, re-enabled them - they worked, made another change - they stopped again)
      • Uninstalling/Reinstalling/Wiping/Reconfiguring pfBlockerNG (this is one of the very few packages I run, and knowing its capabilities I thought it might have been related to this, but apparently not, as any action with this package causes the same unreliable ICMP outcome).

      I've got a Windows VM sat going outbound on WAN2 and can confirm that it works fine, and can PING the same locations I can't when using the diagnostics menu in pfsense. I've also got about 10 VPNs endpointing onto WAN2 and they're all working fine.

      Any ideas what to try next?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.