Random Disconnect Issues

bgbearcatfan

Hopefully this is where i should post my problem at.

Recently got my pfsense box up and running using the latest version: 1.2-BETA-1

The past couple days i noticed that the people on our network have been experiencing issues with their instant messengers randomly disconnecting, then reconnecting within the next few seconds.  So i decided to pay attention to my messenger and experienced the same thing.  So at first i figured it was specific to aol aim messenger. However a few times, i was able to test getting out to websites during the connection drops, and that failed as well, so it seems all connectivity drops anywhere between 20-40 seconds at a time.  I check the instant messenger status logs, and match them up with the pfsense logs, and the timestamps match up perfectly.  Here is what the pfsense logs are returning:

May 27 03:03:56 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:56 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:52 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:52 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:51 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:51 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:48 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:48 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:47 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:47 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:45 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:45 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:44 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:44 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:43 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:43 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:42 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:42 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:40 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:40 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:39 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:39 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:38 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:38 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:33 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:33 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:31 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:31 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:29 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:29 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:29 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:29 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:26 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:26 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:26 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:26 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!
May 27 03:03:24 kernel: arp: 72.49.xxx.xxx is on re2 but got reply from 00:13:1a:ff:1c:1a on re3
May 27 03:03:24 kernel: arp: 00:08:54:47:15:c4 is using my IP address 72.49.xxx.xxx!

During that exact time period, 03:03:24 - 03:03:56, all connectivity drops.

My current pfsense setup is:

Lan - 10.1.1.0
Wireless - 172.20.1.0
Wan - 72.49.xxx.xxx
OPT1(Wan2) - 72.49.xxx.xxx
OPT2(Wan3) - 72.49.xxx.xxx

All Lan and Wireless network connectivity is routed through OPT2(Wan3).

Let me know if you need any additional info.
Any help or suggesstions is much appreciated.

Perry

If aol aim messenger is equal to aim talk ( i don't use it myself :) ) you need to forward port 5190 tcp

AIM Talk 5190
AIM Video IM 443,1024-5000,5190 443,1024-5000,5190

from http://portforward.com/cports.htm

bgbearcatfan

Hi,

Thanks for the response.  No they aren't using the talk feature just plain old text conversations.  However, it is definitely more than just a instant messenger problem, since everything drops, including ftp transfers, website navigation, etc.

Perry

ok. that can be some faulty hardware. I've experienced that kind of problems with both a faulty isp modem and a wireless AP (broadcast storm).

See if you can't track/narrow it down with ping.

I've used following approach before.
Ping www.google.com from pfsense.
On clients you run konst pinger http://www.visualsoftru.com/pinger.asp
log the result to a file and schedule vmailer http://www.virdi-software.com/vmailer/ to send it to your email so it can be examined.

bgbearcatfan

I was guessing a hardware problem as well.

Just put in a ticket to my isp to have the modem replaced.  I will give you all an update if that corrects the issue.

Thanks for the responses Perry.

cmb

The messages you're seeing are indicative of having multiple interfaces plugged into the same broadcast domain, which is not good. It looks more like you have some sort of misconfiguration than a hardware problem, IMO, though it could be a combination of both.

bgbearcatfan

Well i'm not sure what it could be.  I don't have anything like traffic shaping, or load balancing or anything enabled.. All internal traffic is routed through the wan3 (opt2) interface.  It's the basic pfsense setup besides the two additional wan connections… Is it a problem to have multiple wan connections coming from the same default gateway?

cmb

Oh, re2 and re3 are probably both WAN interfaces of yours aren't they? That changes things, and makes me lean towards hardware issues again.

bgbearcatfan

Yes, exactly.  To be more descriptive:

xl0 - WAN

re0 - LAN

re1 - Internal Wireless

re2 - WAN2

re3 - WAN3

bgbearcatfan

A bit of an update.

I'm kinda of leaning away from it being a modem issue..  Last night i plugged my laptop directly into the modem using the usb connection, and it did not disconnect at all, while at the same time leaving my desktop connected normally to pfsense, and the connection dropped about 12 times..

cmb

Doesn't mean there isn't an issue with the Ethernet on your modem that isn't an issue with USB.

Are all your WAN interfaces going to the same DSL modem? Does this affect traffic regardless of which WAN it is directed to?

bgbearcatfan

Good point..

The disconnections happened regardless of which wan interface i routed traffic through..  I'll leave this alone until the new modem comes in..  thanks again

cmb

So they are all 3 going to the same DSL modem? Couldn't you just one use WAN if you only have one ISP? I'm curious if the problem would go away without a multi-WAN setup.

bgbearcatfan

well the multiwan setup is so that i can host a couple websites, and keep them all on the default port 80, instead of having to do something messy like www.secondwebsite.com:90, etc.,  That was my main reason for moving from an ipcop environment to pfsense.  Right now, since everyone is gone, i plugged my desktop directly into the modem via a cat53 cable, so this will tell me if it's a modem issue or not.

Perry

Are your wan ip's dynamic? most multi ip setup from one provide there would be only one physical line to pfsense with multi ip's that one can assign with virtual ip in pfsense.

The reason i said you should ping from pfsense was to check the line out but still keep every thing connected.

bgbearcatfan

Ok,

After all last night, and early into today, i have not had one single disconnect issue when plugging directly into the modem, using both the usb port, and the ethernet port, so the modem appears to be functioning correctly.

As for your question Perry, yes, the wan ip's are dynamic.  I have been unable to get logged into the gui while the connection dropped to see if pfsense can still ping out, but i will keep trying that.

sullrich

Upgrade to a recent testing snapshot: http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/updates/

bgbearcatfan

Alright i just upgraded to the lastest snapshot.  Will keep you all updated.

Thanks again for all the great support.  None of you all have to do this, so thanks again.

bgbearcatfan

Ok,

I just upgraded to the most recent testing snapshot available, and still getting the same thing as before.  Did i miss a step in configuring pfsense for a multiwan setup?  I figured i could just add the two additional wan interfaces, and then route the traffic how i want using firewall rules.

bgbearcatfan

Thought i would give an update, hopefully someone has a few more ideas for me to try.  I took out the two nics that i was using for my multiple wans, and installed pfsense again using one interface for the lan, one for the wan, and one for my wireless network.  After 2 days of this, i haven't had one disconnection issue.  So the problem only occurs when running multiple wans.

Perry

I've changed my setup at home so i got 2 dynamic ip's from the same modem going to the pfsense box. Atm i do get a lot of those arp messages but no disconnect so fare. From what i can find on the web it shouldn't be a problem.

To get rid of the messages look here http://freebsdhowtos.com/102.html
Replace your wan nic's ( intel is best ).

That is what i would do at this point.

bgbearcatfan

Yah, i don't mind the messages haha.  One thing i did realize was the two wan nic's i was using were both realtek gigabit nic's.  So i'll throw in a couple 100Mb intel cards see if that fixes the issue.

bgbearcatfan

Well after i swapped out all of my wan nic's with 10/100 Mb intel nics, i still experienced the same issue..
The problem is definitely somewhere within my pfsense box.

When i plug into the unmanaged switch in front of the pfsense box, i am able to lease public ip addresses from isp without a problem, and experience 0 disconnect issues.

When i run pfsense with a single wan interface, still behind the unmanaged switch, i all experience 0 disconnect issues.

As soon as i put two additional wan interfaces in, i start experiencing d/c issues.  One thing im not sure if i mentioned or not was that i had to set both my lan and wireless interface to send all traffic through my opt3 (WAN3) interface, since the default routing would float between the 3 different wan interfaces, although i doubt that will help you out any…

I dunno, im out of ideas... Anymore ideas?

Also, might i mention, i tried installed the most recent snapshot released yesterday (june 4th).

Perry

Still no disconnect here. http://www.mail-archive.com/support@pfsense.com/msg09832.html uses the same modem as i.

If you have a spare router you could add it in front of pfsense

+–---router1---- wan2
                            |
modem-----switch---+---------------- wan
                            |
                            +-----router2---- wan3

Else i only see a move to static ip's

bgbearcatfan

May i ask how your setup is for your multi-wan setup?  Does your modem have multiple ethernet ports or do you have a router or switch in front of pfsense?

Perry

Got a hub in front
                          +–-wan
                          |   
modem ---- hub---+---wan2

bgbearcatfan

Does it sound possible that:

The hub i have in front of my pfsense box works fine if i plug clients directly into it?  They get public ip addresses without disconnect issues.

So could the hub be too crappy to be able to handle what im trying to do with pfsense?

Perry

Well hub sucks :) but I wouldn't bet that much on it to be the problem. How many clients do you have in you lan?

What does your system show in status -> interfaces
wan
In/out errors  0/0
Collisions 220

wan2
In/out errors  0/0
Collisions 638

Did you test with a router in front?

bgbearcatfan

Agreed, dumb switches suck, but since we only have dynamic addresses coming it, it has to do for now…

For all three interfaces:

In/out errors:  0/0

Collisions:  0/0

i have approximately 20 clients on our lan/wireless.

I believe we have an old linksys router laying around somewhere, that i could hook up in front of it.  I'll do that later tonight after everyone gets off..

Thanks again Perry

cmb

I'm beginning to wonder if there are issues with multiple interfaces plugged into the same broadcast domain.

Just to make 100% sure I understand what's happening, bgbearcatfan, you have multiple WAN interfaces all plugged into the same switch, right? And if you only use 1 WAN you have no problems, but if you bring up those multiple WAN's, you have issues with it disconnecting, right?

bgbearcatfan

You got it!

GO BEARCATS! haha…

cmb

Ok, I'm going to attempt to replicate this problem because it seems you're not the first that's having it.

@bgbearcatfan:

GO BEARCATS! haha…

;D  For context for others, this is in reply to a PM. Bearcats + he's coming from uc.edu IP space, I PM'd him that he's lucky we'll support a UC fan.  :)  pfsense "headquarters" (where the two founders live) is in Louisville, and we're both louisville.edu fans. For those out of the loop on US college athletics, Cincinnati and Louisville have a rivalry dating back before any of us were alive, especially basketball, and (American) football.  :)

bgbearcatfan

Haha, but since you all made such a wonderful product, i suppose us uc fans can forgive you haha.

Hey let me know if you want me to test anything for you.  Tonight i just threw a different hub in front of the firewall, a bit higher quality one, so we'll see if it returns the same results..  Again let me know if u need anything from me mate.

bgbearcatfan

Quick update.  As of yesterday around 11 p.m. or so, we have had no disconnect issues, since replacing the unmanaged switch (glorified hub, blah).  It's still to early to say the problem has been resolved, but, normally we would have experienced atleast 15 disconnects within that time frame… Doesn't make much sense to me, but yah...

An additional update, i am still seeing those kernel: arp: messages in the system logs but i am working remotely this afternoon so i can't tell if they are disconnecting though or not, can let you know later this evening.

bgbearcatfan

Well the new switch seemed to make a difference at first, but then back to it's old tricks again.  I'm gonna try throwing a cheap router in front of pfsense tonight to see if that helps at all or not.

Sorry to bug you all with all these posts,,,i'm sure your getting annoyed.  After throwing a router in front of the pfsense box, i'm still getting the same results… So i am all out of ideas... Let me know if anyone else has any ideas or input on this.

zhivko.neychev

I have the same problem but I am only wit 2 interfaces (le0->WAN and le1->LAN).
kernel: arp: 192.x.x.x is on le0 but got reply from 00:0c:29:da:90:a2 on le1

I don't have problem with chat software such as: kopete, game and skype but I have issue with loading of lots of web sites.
When I try to open www.dir.bg (as an example) my status bar of my browser load to 80% round and so freeze.

This is my configuration.
My box is Opensuse 10.2 in which there is VMware server.
On this VMware server there are 2 machines - pfsense and Windows XP. NIC adapters on these machines are bridged into the Opensuse 10.2 adapter on the same vmnet switch.

pfsense is the router who have 2 adapters le0->WAN(the same subnet with main outgoing router of the company) and le1->LAN(the same subnet with internal network).

My real box with Opensuse and virtual Windows XP use pfsense for router and DNS.
The interesting is that Windows XP doesn't have any problems with Internet but linux does.
I'm sure there is no hardware problem, no DNS problem but I don't know where is the problem. This is my situation. Pleas help if you can. Thanks in advance!

Perry

Still no disconnect even with same subnet and gateway. If you could post or pm me your firewall and nat -rules i'll clone your setup :)

bgbearcatfan

Alright, we are swamped at work right now so i will try to find a free minute, or i'll post my setup later this evening..

I will add that even with leaving all the rules set to the default routes, and not installing any additional packages, i still got the disconnect issues.

bgbearcatfan

Well right now, i have nothing setup on the firewall, simply the default rule for the lan connection.  No packages installed or anything.  No port forwarding rules, or special traffic shaping rules, etc.  Basically the default install of pfsense.  The dns forwarder is enabled for the wireless interface, as is dhcp relay, but thats it…

cmb

I haven't had a chance to setup a replica of your environment yet but will soon (hopefully tonight, but no promises).

Keep posting back with updates when you have them.