2.2.1 seems to bring links down after idle period
Recently upgraded my 2.2 install to 2.2.1. I've been having some issues ever since.
I have a pfsense box with one WAN link, and 5 LAN links (all bridged together as the LAN interface in pfSense). Whenever there is little active network traffic, e.g. when everyone leaves the house, it seems that pfSense is bringing links down. This is showing up in 3 ways:
My NAS manages my dynamic DNS. It has a direct wired link to the pfSense box. My dynamic DNS provider sends me an email 0.5-1 hours later saying that the NAS has not checked in recently to verify my IP.
I have an Ubiquiti AP connected directly to the pfSense box. It's default behavior (not sure if configurable) is that is brings all of its WLANs down when it loses its uplink, and blinks its light once every several seconds to indicate this. This is exactly what I am seeing, no WLAN and blinking light.
OpenVPN is set up on my pfSense box. Clients connecting get stuck waiting for the pfSense box to reply to connection requests.
What is interesting is that it seems like any active device wired directly to the pfSense box will wake it up (or prevent it from bringing links down; apparently my NAS pinging my dynamic DNS provider is not active enough/frequent enough). if I connect my laptop directly to the pfSense box via ethernet, everything wakes up again – WAN link re-established, uplink to the AP re-established and it starts broadcasting its WLANs again. I can also turn on the TV or game console, which are both wired directly to the pfSense box, to achieve the same thing.
I haven't found any smoking guns from internet searches or poking through the logs. I did note that apinger starts complaining about the WAN link being down about the time this happens; RRD quality graphs have no data from these periods of inactivity. Per some comments on the forums, I tried changing some WAN Gateway Monitoring settings, providing a secondary IP, increasing the polling interval, and increasing the dead time. These do not seem to help. I just disabled monitoring of this gateway entirely to see what happens. But this still seems like a symptom, not a cause (no reason it should take down the link to my wireless AP for example just because there's no WAN link). I also tried to find and verify any power saving settings; PowerD is enabled and currently set to hiadaptive (previously was set to adaptive) on AC power. I never set anything to have the pfSense box itself go to sleep, and it doesn't seem to be.
Are there any settings I haven't found related to this or anyone seen a similar issues? I've been putting off just re-installing 2.2.1 from scratch because I don't want to deal with reconfiguring everything, but since I'm also getting some errors from Snort now, and it seems DansGuardian didn't uninstall completely and complains every night that it can't update ClamAV, and I had to go in and symlink libpcreposix.so.0.2 to libpcreposix.so.0 to make Privoxy happy again after the upgrade... might just be the best thing to do?
Thanks in advance!
and 5 LAN links (all bridged together as the LAN interface in pfSense
Yeah, dude. Stop this bridging nonsense, get a switch and you won't have whacky issues. Did you also bridge the OpenVPN for good measure? :o ::) Hmmm, also see Snort plus some proxy. Must be a joy to be behind this box. Yuck. Definitely outta this thread.
If you want someone else to look, you should describe what is actually the WAN and post some logs about how it disconnects. (The whole description sounds like you have dial-on-demand PPPoE or something like that.)
Sorry for the delay, too much going on recently. Once I had a chance to do some more digging, turned out it did seem to be some kind of power settings, with the box "sleeping" after short periods of idle time. The box is headless, but none of the lights indicated this and it was extremely fast to come back up after sleep. I never found any settings for this in the GUI, and disabling powerD didn't help, so I just installed from scratch since I was seeing other issues anyway. It's resolved now. I hope this was abnormal (new user to pfSense and the first time I've upgraded; I hope most upgrades go more smoothly than this).
doktornotor, thanks for the reply, I guess. I'm new to pfSense and not a networking expert. Maybe it's not an ideal setup, but I'm willing to learn, and open to constructive feedback. To answer your questions, WAN is a cable modem, no PPPoE or anything going on. I went the bridge route because it made sense for the hardware I had at the time and I figured I could add a switch later if needed. I've read it's not ideal, but haven't seen downsides mentioned other than performance, which is not affecting me for now; if you have more to add, or why you think this issue would be at all related to the bridge, please do so, so others can learn. Snort was something new to play with since I haven't had the opportunity before, which I may not keep. I like the proxy because not all of my devices can run Privoxy natively.