Periodically loss of packets on OpenVPN and on WAN in general
-
Hello everyone,
I've an old problem in one remote site, where I have one Netgate SG-3100 (still on2.4.5-RELEASE-p1), with a single WAN, where during a week seems like there are some internet cuts (3 or 4 times are random moments), and I really dont know where is the problem. Between that Netgate and internet, I've an ISP router.
There are several persons working in that office, and never reported any issues with internet access, so I assume that could be just a low percentage of packets that are being lost, not enough for them to notice.
In this unit I have a UDP site-to-site VPN connection running 24/7, and there are backups being done almost all the time, but now outside that VPN.
What I have already done:
- Put those backups being done outside of that VPN.
- Ask my ISP to change their router for another one.
My next step it will be to reduce the size of backup jobs, to avoid those from restart a job with TB's of data, but it will not solve the problem...
This problem can be on internet connection it self, from router I doubt it because this is a another one (another model also), or something on this Netgate unit.
I was trying to check somewhere a log or enable notifications when are loss of packets in this VPN, but didnt found how to do it (one time where I had backup errors and warnings about backups, I went in that netgate and notice that there was some packets being loss).
From Zabbix agent that I've there, I am unable to retrieve loss parameter from that VPN interface, or even from WAN interface.
Any advice on how to solve or debug this?
Thanks in advance!
-
Some packet loss is normal. TCP relies on that for flow control and will use retransmissions to recover. UDP is expected to handle the loss, either ignoring it, or the app has to provide it's own means of recovery. The others will not see the loss if they are only running apps that use TCP.
As for where the problem is, you have to do some isolation. A few years ago, I had a problem with my ISP. I was getting brief interruptions to my Internet and home phone, but TV wasn't affected. After much testing on my part, I was able to prove the problem was outside my home and they found an intermittent problem with the cable in front of my condo. One of the things I did was use a Linux shell script to periodically ping my ISP's gateway and record the failures.
I have found pfsense is rock solid, so that leaves something upstream. Your ISP may be able to check your modem for failures or errors.
-
@jknott I know the difference between UDP and TCP. I have started to isolate traffic.
You gave me an idea. I will get a raspberry pi, and will connect it to ISP router, and will record any interruptions, to see if it occurs at the same time of my netgate.
I've being using pfsense for the pass 5 years (VMs and netgate boxs from small to medium sizes like 7100 series) and never encounter any issue like this, but you know, sometimes after a while we start questioning all the parts.
