WAN connection "drops" after a variable amount of time

  • I have pfSense 1.2.3 running on a Pentium P4 3.0 GHz machine with 1 GB of RAM.  The 2 NICs on the box are a 3COM (LAN) and a RealTek (WAN).  My memory usage never seems to go above 8% and my CPU usage never seems to go above 5% according to the UI.

    Every so often (every 10-20 hours) I "lose" the WAN connection, or so it seems.  According to the status in the UI, the connection is up and there don't appear to be any problems noted.  Also, the system logs don't appear to report any issues when this happens.  It just happened again 20 mins ago and the newest system log was from about 2 hours ago.  By "lose" or "drop" I mean that I cannot connect to the internet (can't ping, download, etc).  When this happens, releasing the IP/lease on my WAN and then reneweing via the UI always fixes things, until the next time.  For months (before I switched to a machine running pfsense) I was using a 2wire router my ISP supplied, and I never had this problem.  The problem only started when I switched to a pfsense box a few days ago.

    Any ideas?

  • anyone?

  • Rebel Alliance Developer Netgate

    What kind of WAN? Cable? PPPoE?

    Kind of odd that it loses touch, but some more information would really be needed to say for certain what might be going on.

    Before anything else though, you should probably power off your CPE (the modem, not the pfSense box) for a minute or so and power it back on, then reconnect and see if the problem happens again.

    The results of a packet capture on WAN when you have the problem would also be helpful.

  • Thanks for your reply.  I hope someone can help me get to the bottom of this as I am very new to pfSense.

    The WAN is DHCP.  Also, there is no "modem" involved as I am on a PON.  The WAN port on my pfSense box is connected directly into the ONT outside my house.

    Regarding "packet capture", I'm not sure I know what is involved to complete this.  Does pfSense offer something along those lines?  What are you looking for specifically?

    Again, thanks for replying…

  • Rebel Alliance Developer Netgate

    Packet capture is in the GUI under Diagnostics > Packet Capture. You can make captures there, then download them, and although they can't be attached to threads here on the forum, you could upload them somewhere else and link to them here so people can look them over.

    I was mainly looking to see if traffic was only leaving WAN, and not coming back, or if there was traffic coming back but had other issues, and anything else out of the ordinary.

  • Oh!  I see.  I will be sure to do that the next time this happens and will update this thread with the results.  Thanks again.

  • I think I figured out a formula to reproduce this, and I also have packet captures during one of the outages.  I just went two days without any issues, then I disconnected the network cable between my WAN NIC and my ONT (network connection/source) this evening to test out something.  When I reconnected the WAN NIC to the ONT, I was unable to browse the internet from any computers on my network.  I was also unable to ping or do anything from my pfsense box, so I was truly disconnected from the internet even though the WAN interface status looked fine/healthy.  I thought back and realized that is was likely that each of the outages happened either immediately after I disconnected the WAN NIC cable from my ONT, or some hours after doing so.  As usual, clicking "release" then "renew" on the WAN interface in the pfsense UI fixed the problem.  Does this shed any light on the situation?

    Here is a link to two packet captures I ran on my WAN interface during the most recent outage: http://www.mediafire.com/?4prpw0b8aucm2cj

  • I tried to reproduce this using a different NIC as my WAN interface and I was able to reproduce it using the formula I described.  This definitely appears to be an issue w/ pfsense.

  • I can't be the only one having this problem.  This really appears to be a pfsense issue.  I even tries using a different NIC - same problem.  Are there any developers watching these forums?

  • Rebel Alliance Developer Netgate

    Yes, we monitor the forums, and I already replied once earlier.

    For whatever reason, dhclient may not be firing when you reconnect the WAN interface. Most real-world WAN failures are not going to be when a cable is unplugged, but when there is a loss on the ISP side, so the NIC doesn't lose link in those cases. That would explain why nobody else has the issue, they don't go unplugging their WAN cables willy-nilly :-)

    Try it on 2.0, see if the same thing happens.

  • Ah, I didn't realize you were a developer.  You said ""DHCP client may not be firing".  I'm not sure what you mean by "firing", specifically.  Can you expand on that?

    I can certainly understand that MOST real-world WAN failures don't involve losing the physical link, but it does happen.  In my case, if the ONT is power-cycled or if the ONT is being worked on - both cases would result in this issue.  Also, if a tech unplugs the cable from the Ethernet port on the ONT to check bandwidth using his meter, this will also happen.  These are all situations that do present themselves from time to time.

    I didn't realize 2.0 was out yet.  Where can I find this?

  • Rebel Alliance Developer Netgate

    dhclient needs to run on an interface in order to obtain an IP address, it's possible that when it's plugged back in, it doesn't restart to get a new IP address.

    2.0 is still in beta, but any bugs will only be fixed in 2.0. There won't be any more 1.2.x releases.

    You can try it out with a firmware update, livecd, etc, here: http://snapshots.pfsense.org/

  • Cool.  I'll give that a shot ASAP.  If the issue remains, where is your bug tracking system?  Do users have access to it for posting defects, or should I simply reply to this thread?

  • Rebel Alliance Developer Netgate


    Anyone can post bugs there, the more details the better.

  • Thanks again.

Log in to reply