Apinger "again"

  • Hi all!

    Sorry to bring back the apinger issue, but as a newbie I got a few questions or put it a different way I need help/advise!

    OK - used pfSense a few years back, then for hardware reason moved to other firewalls (ipFire, endian, astaro) now I am back with pfSense 2.0 and I have to say I am very happy with been back.

    Now my ISP (cable) is not the best in the world (which ISP is by the way?) and unfortunately due to none competition he is not doing a lot about his poor service/performance. Lately the connection has become very unstable where the cable modem reboots several times a day and the quality is poor and not to speak about latency. One of the reasons to come back to pfSense is that I found the other FW ended in a "dead" state due to the connection issues mentioned where only way to result was a release/renew of the WAN connection. Easy for me to fix, but not for wife when I am on the road as we run a small business from home office.

    So as a result my logs are filled up with entries from apinger as the below snapshot shows…

    Jun 13 09:37:27 check_reload_status: Reloading filter
    Jun 13 09:37:17 apinger: ALARM: WAN( *** delay ***
    Jun 13 09:36:26 check_reload_status: Reloading filter
    Jun 13 09:36:16 apinger: alarm canceled: WAN( *** delay ***
    Jun 13 09:36:09 check_reload_status: Reloading filter
    Jun 13 09:35:59 apinger: ALARM: WAN( *** delay ***
    Jun 13 09:35:08 check_reload_status: Reloading filter
    Jun 13 09:34:58 apinger: alarm canceled: WAN( *** delay ***
    Jun 13 09:34:52 check_reload_status: Reloading filter
    Jun 13 09:34:42 apinger: ALARM: WAN( *** delay ***
    Jun 13 09:33:51 check_reload_status: Reloading filter

    ...understand on other messages here that there is a way to adjust the "sensitivity" of the apinger, but I am not 100% where and how. Also, as "evidence" I do not want totally to "remove" this "monitoring". For this I kindly ask for your help/input!

    Also, where can I find the systems logs?  :-[

    My configuration is:

    2.0-RC2 i386 sun jun 12 11:48:35 EDT 2011
    Intel Atom D510, 2MB Ram, 40Gb SSD, 4 Gb LAN Ports

    Many thanks and sorry for this long post...


  • I feel your pain in the worst way believe me. I had a similar problem for the last few weeks with RC2 except this is a site to site full-time business.

    If you are authenticating via PPPoE on your WAN to your modem I would be very concerned with your connection at this point. I am pretty sure that there are bugs with the PPPoE portion of pfsense. I have taken my modem out of bridged mode and the modem is now doing PPPoE authentication itself. The modem's DHCP has handed me its first internal natted address. I've been up since I made the change on Saturday.

    I am literally praying that this stays solid.

    Look at my posts.

  • Hi root2020,

    Thanks for sharing!

    I made a small mistake in my post as I am using DHCP via a Cable Modem connection.

    I also posted a reply to c.zaborowski's post at:

    Where I said the issue could be related to when the Cable Modem issues a new IP and for some reason this is not detected by pfSense and other FWs I been using like astaro and endian had the interface as dead which could only be resolved with a restart of the interface, guess something similar to pfSense's Release/Renew under WAN Interface…

    BR// Steen

  • Netgate Administrator

    You can set the thresholds for latency and packet loss in:
    System -> Routing -> Gateways -> Edit gateway -> Advanced.
    The default is low threshold 200ms, triggers the delay warning and high theshold 500ms, triggers the alarm.
    There is some confusion over these settings however. Could just be me  ::)


  • Hi and thanks for your reply and sharing the "confusion" link!

    Think not only you who is "wondering" about ;o)

    I tried to change the settings from/to:

    Alarm down: 10s > 15s
    Alarm delay: low (alarm off) 200ms, high (alarm on) 500ms  > 300ms / 600ms
    Alarm loss: low 10% high 20% > 20% / 30%

    No change, still get the log flooded with a message every 30s… :'(


  • Netgate Administrator

    If you add the gateways widget to the dashboard it gives a near real time value for the ping time.
    What values are you getting?
    You could change the machine that gets pinged for a closer one.


  • Hi Stephen,
    Thanks will do, but as per other post http://forum.pfsense.org/index.php/topic,36643.msg194874.html#msg194874
    then its 1s (added a switch between Cable Modem and pfSense a laptop with wireshark where I see its 1s or less) and I have changed to ping another address, but I really really need to get the ping time changed, I tried to add 60s to apinger.conf but that had no effect.

  • Netgate Administrator

    You have a RTT of 1s? (1000ms)  :o

    Here I am seeing ~25ms on one wan and 6-7ms on the other.

    What did you change in apinger.conf?


  • Hi,

    There might be something I not fully understood.

    The log from wireshark shows the ping from apinger at each seconds, see attached file.
    Also look for record 5161, 5212 and 5243 they are the reason for me to have stopped ICMPs from leaving the box, mainly because I am not 100% what it means "5161","2011-06-13 18:29:29.539365","","","ICMP","174","Destination unreachable (Host administratively prohibited)". I got a bit surprised when I started to see "prohibited" messages.

    For apinger the only "hand" change I did were to try to change rrd interval to 60s, but that did not change the ping frequency - guess wrong place to do.
    I would think a minute or two will be fine and will limit the flood of pings, but how to change the frequency?



    [apinger.conf SH.txt](/public/imported_attachments/1/apinger.conf SH.txt)
    [Capture pfSense 13 June 2011 01 SH.txt](/public/imported_attachments/1/Capture pfSense 13 June 2011 01 SH.txt)

  • Hello,

    Really really need to get help to change the apinger frequency - anyone please.  :'(  :-[

    Thanks Steen

  • Netgate Administrator

    Why do you need to change the frequency? If you have the thresholds set appropriately for your connection you will only get anything in the logs when the latency/packet loss changes to something higher?


  • Hi Stephen,

    Not worried over my logs, but I do not feel comfortable by hammering out a ping every each second, my ISP is already making noise over this.
    Secondly my connection is not the more better, so often the connection is down or gives very poor response.
    For me a ping each one minute or two will be good, but I cannot find the place to change the ping frequency. Tried in the aping.conf, but whatever I did don't seams to have any effect.

    I tried to change here:
    target default {

    How often the probe should be sent

    interval 1s
    to, 60s, 120s, 180s but no change the ping frequency.

    The rest of aping.conf looks like this:

    How many replies should be used to compute average delay

    for controlling "delay" alarms

    avg_delay_samples 10

    How many probes should be used to compute average loss

    avg_loss_samples 50

    The delay (in samples) after which loss is computed

    without this delays larger than interval would be treated as loss

    avg_loss_delay_samples 20

    Names of the alarms that may be generated for the target

    alarms "down","delay","loss"

    Location of the RRD

    #rrd file "/var/db/rrd/apinger-%t.rrd"
    alarm delay "WANdelay" {
    delay_low 400ms
    delay_high 1000ms
    alarm down "WANdown" {
    time 30s

    BR// Steen

  • Heh when 1 ping every 1secs is too much?
    You push packets into that network at a much faster speed and the uplink is suppose to handle!

  • Yes, agree…
    But my uplink is often <128Mbps, and it have high latency and disconnects often, modem reboots, etc., etc., I am trying to work with the ISP (who basically don't give a damn due to lack of competition in my area), and for this I do not want to ping him too often. Using VisualRoute I try to show him his latency in his network, and connection (Up/Down) that often are 50/60% less than what I subscribe/pay for.
    So if and there is a possibility from what I have read I would like to change the ping frequency.

    BR// Steen

  • Netgate Administrator

    I assume you mean 128Kbps?  ;)

    Can you ping your cable modem instead?


  • oops  ::) :o :-[ forgot the 0.

    Yes, I can, but the Cable Modem changes address whenever the modem reboots, so I would have to manually to look up and change.
    Pinging the GW is great, but for a period I would like to send the pings less often that is all.

  • @seh2000:

    […] but I do not feel comfortable by hammering out a ping every each second, my ISP is already making noise over this.

    Check this post: http://forum.pfsense.org/index.php/topic,35531.msg183946/topicseen.html#msg183946

    It works for me. Pinging over a 3G connection every second including every DNS request going to every backup WAN
    generates some traffic over the 3G connection.

  • Hello Veni,


    Just what I been looking for!

    Tried 60s first when confirmed to be sent each 60s then I changed to 5s!

    BR// Steen

  • @seh2000:

    […] I changed to 5s!

    I forgot to mention that you need to reset this value every time after you do an update/upgrade of pfSense,
    because that file will be overwritten with the one downloaded.

  • Hi Veni,

    Thanks, I already found out the "hard way", but many thanks for coming back!

    Take care - Steen

Log in to reply