Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    WEIRD ping behavior on pfsense 2.1.3 - ESXi 5.5u1

    General pfSense Questions
    1
    1
    1085
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      l4zz4r0 last edited by

      Dear All,

      I've got a weird issue with my pfSense VM (ESXi 5.5U1 host) :

      I followed pfsense documentation article about installing pfsense on ESXi.

      I've 3 NIC (lan, static IP wan, dmz). and at the beginning all seems to me working right (good throughput speed, NAT, Openvpn etc).

      But I discovered that when I try to ping WAN GW from web interface or even from shell ping packets start with a huge delay.

      Same behavior trying to ping anything from the fw vm (Lan IP, External IP, DNS IP, 8.8.8.8

      Other icmp type (traceroute) works with no delay at all.

      Echo Request & Echo Reply from WAN IP GW go and come with right timing and delay, but every ping request start with a delay :

      eg :

      ping WAN_GW_IP
      PING WAN_GW_IP (WAN_GW_IP): 56 data bytes
      64 bytes from WAN_GW_IP: icmp_seq=0 ttl=64 time=5.373 ms

      then it hangs for about 4 to 5 seconds then :

      64 bytes from WAN_GW_IP: icmp_seq=1 ttl=64 time=4.083 ms

      other 5 seconds then :

      64 bytes from WAN_GW_IP: icmp_seq=2 ttl=64 time=4.083 ms

      and so on . . .

      As side effect : obviously APINGER don't work correctly, I had to stop GATEWAY MONITORING, for a lot of reload requests (VPN, FW RULES etc . . ).

      I've noticed that ping seems to work correctly when I reload FW rules (it works for the time rules being loaded, then stop working correctly again).

      Already tried to tcpdump icmp request and all seems ok.

      UPDATE : tcpdump run from nternal lan host (10.10.0.15) while pinging from pfsense lan gw ip (10.10.0.254) :

      tcpdump -ni eth0 icmp and host 10.10.0.254
      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
      listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

      15:13:28.902147 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 0, length 64
      15:13:28.902214 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 0, length 64

      15:13:45.114724 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 1, length 64
      15:13:45.114790 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 1, length 64

      15:14:02.308370 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 2, length 64
      15:14:02.308423 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 2, length 64
      15:14:23.864931 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 3, length 64
      15:14:23.864999 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 3, length 64
      15:14:52.628042 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 4, length 64
      15:14:52.628109 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 4, length 64
      15:15:02.679425 IP 10.10.0.254 > 10.10.0.15: ICMP host 173.194.35.48 unreachable, length 36
      15:15:08.866422 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 5, length 64
      15:15:08.866488 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 5, length 64
      15:15:14.365213 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 6, length 64
      15:15:14.365261 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 6, length 64
      15:15:35.941256 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 7, length 64
      15:15:35.941307 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 7, length 64
      15:16:02.532726 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 8, length 64
      15:16:02.532782 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 8, length 64
      15:16:17.911306 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 9, length 64
      15:16:17.911371 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 9, length 64
      15:16:42.425018 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 10, length 64
      15:16:42.425073 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 10, length 64

      look at tcpdump timestamp. Lan client respond quickly, but huge interval from one echo request and another echo request.

      weird.

      Any ideas ?

      Thanking in advance,

      Finest regards

      Paolo

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy