PfSense cron jobs & apinger



  • Hello all,

    Simple question here. What is the best method to set up a cron job that runs every minute (for example) that stops and restarts the apinger service? (or just restarts the apinger service).

    In the interest of saving us a lot of discussion, I would like to just know the answer.

    For the curious, here is why. I have on the WAN port of pfSense a Mikrotik router connected (the LAN side of that Mikrotik router) that is running as a L2TP client to a VPN provider. If I turn OFF the L2TP client, the pfSense apinger service runs fine. If I turn ON the L2TP client, pfSense thinks the gateway is down, even though it is not. I have tried many many different configurations. I have tried setting up that WAN's monitoring IP to the gateway to the LAN of the MikroTik (in this case, the default which is 192.168.88.1 for MikroTiks), the WAN IP address of the MikroTik, well known IP addresses on the internet such as 4.2.2.1 or 8.8.8.8.

    The only thing that doesn't keep pfSense from thinking that WAN gateway is down is 1) turn off gateway monitoring or 2) turn off the L2TP client.

    Strangely enough, instead of L2TP, if I use PPTP as a client, apinger does not have a problem with this. With the VPN client turned off or running, I can ping from computers on the LAN side of pfSense to the anywhere (LAN or on the internet) and any host that doesn't filter ICMP will respond. Only apinger thinks the WAN is down (I assume it can't ping for some reason with L2TP running). I have yet to find a good explanation for this and/or a work-around or an explanation and a proper way to take care of this.

    The only thing that seems to work is if I stop and start the apinger service. Since I can't monitor the system 24/7 on my own, I would like to set up a cron job that stops and starts the apinger service.

    Unless anyone has a guaranteed fix on how to allow apinger to properly work with my L2TP client, please help me with my cron job / apinger service request for help.

    Thank you all,

    Rizwan



  • So I found my answer (partially). There is a package available for pfSense to configure cron jobs.

    Now, how to stop and start the apinger service?



  • I found a way to do this outside of pfSense configuration. I would still like to know if what I am after is do-able with pfSense.

    So the dirty way I found to do this is:

    Create a cron job that runs:

    pkill -15 apinger | ping -c 5 localhost | /usr/local/sbin/apinger -c /var/etc/apinger.conf

    Breakdown:

    a) pkill -15 apinger

    Kill the apinger process. pkill is included with pfSense. I am not sure if I need the "-15" but I included it anyway to be sure the program gets the TERM signal.

    b) ping -c 5 localhost

    Give the system or apinger some time to clear apinger/itself out of memory (not sure if this even matters after a pkill signal)

    c) /usr/local/sbin/apinger -c /var/etc/apinger.conf

    Start the apinger process using its configuration file /var/etc/apinger.conf

    I think I will schedule this cron job every 5 minutes to fix the issue I have described with L2TP.

    If there are more clean/elaborate solutions to deal with my L2TP problem please let me know!

    Rizwan



  • Hi,
    Looks like a L2 problem.

    Did you set any Hardware offloadings under Advanced->Networking ? MOst of the time you'd better disable any off-loadings.
    Did you spoof a MAC adress (Interfaces->Your_L2TP_interface ?