One dpinger gateway status offline



  • I have two gateways set on my pfense and both gateways are monitored with dpinger. One gateway is my ISP (cable modem with IP from dhcp) and the other one is a VPN connection.

    The VPN gateway (monitoring 8.8.4.4 ) shows RTT - 122ms, 2ms - RTTsd, 0.0% Loss and Online - Status correctly as expected.

    However my ISP gateway (monitoring 8.8.8.8 ) is shows RTT - 0ms, 0ms - RTTsd, 100.0% Loss and Offline - Status, it shows this regardless of monitor IP and even when the connection is working fine, this problem started when I upgraded from 2.2.6 to 2.3 alpha few weeks ago.

    Only info I can find about dpinger is under System -> Gateways

    ISP gateway:

    send_interval 250ms loss_interval 1250ms time_period 30000ms report_interval 0ms alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr ***.***.***.*** identifier "WAN_DHCP "
    
    

    VPN gateway:

    send_interval 250ms loss_interval 1250ms time_period 30000ms report_interval 0ms alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.4.4 bind_addr ***.***.***.*** identifier "WAN2_DHCP "
    

    Is there something wrong in my setup or with dpinger?



  • Shouldn't the VPN be checking a PC at the other end instead of Google?



  • Is that VPN connection OpenVPN?

    I'm not aware of any issues along those lines, but not sure I've done much with dpinger with dynamic gateways on OpenVPN assigned interfaces yet. It seems to be the working one though. That's the one I'd expect to not work if anything.

    What do you get for the following commands:

    route -n get 8.8.8.8
    
    ps auwwx|grep dpinger
    


  • Yes it's OpenVPN connection.

    route -n get 8.8.8.8

       route to: 8.8.8.8
    destination: 8.8.8.8
        gateway: ISP Gateway IP
            fib: 0
      interface: re0
          flags: <up,gateway,host,done,static>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
           0         0         0         0      1500         1         0</up,gateway,host,done,static> 
    
    
    root    86472  0.0  0.2  15004  2304  -  Ss    1:42PM   0:00.03 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B **ISP_IP** -p /var/run/dpinger_WAN_DHCP_**ISP_IP**_8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP_**ISP_IP**_8.8.8.8.sock -C /etc/rc.gateway_alarm -s 250 -l 1250 -t 30000 -A 1000 -D 500 -L 20 8.8.8.8
    root    86631  0.0  0.2  15004  2280  -  Ss    1:42PM   0:00.03 /usr/local/bin/dpinger -S -r 0 -i WAN2_DHCP -B **VPN_IP** -p /var/run/dpinger_WAN2_DHCP_**VPN_IP**_8.8.4.4.pid -u /var/run/dpinger_WAN2_DHCP_**VPN_IP**_8.8.4.4.sock -C /etc/rc.gateway_alarm -s 250 -l 1250 -t 30000 -A 1000 -D 500 -L 20 8.8.4.4
    
    

    Hope this helps.



  • That all looks correct. Do a packet capture on WAN filtered on host 8.8.8.8, all else at defaults. Let it run for about 10 seconds and stop it. What does that show?



  • It is all like the following:

    06:03:37.002800 IP MY-IP > 8.8.8.8: ICMP echo request, id 20936, seq 23535, length 8
    

    With the following exception happening once during the 10sec period:

    06:03:43.916388 IP MY-IP.43911 > 8.8.8.8.53: UDP, length 43
    06:03:43.941188 IP 8.8.8.8.53 > MY-IP.43911: UDP, length 88
    


  • Huh, so apparently 8.8.8.8 replies to DNS from that WAN, but not ping. Or maybe something upstream of you is blocking it. If you go to Diag>Ping and choose source WAN and try to ping 8.8.8.8 do you get a reply? Do you get a reply pinging 8.8.8.8 from hosts on the LAN going out via that same WAN?



  • Ping works from Diag>Ping as expected and it also works perfectly from any of the hosts on the LAN.

    Also tried changing the 8.8.8.8 to 8.8.4.4 which works on the VPN interface but I get the same problem.



  • Ok, put it back to 8.8.8.8, and repeat that same packet capture on WAN. Leave it running for about 10 seconds to catch the monitor pings, then go to Diag>Ping and ping from source WAN. Then stop the capture, download the pcap file and either attach it here, or can email it to me (cmb at pfsense dot org) with a link to this thread.



  • Just sent the .cap file as email, thank you.



  • Working with shopro and dennypage we tracked this down to this.
    https://redmine.pfsense.org/issues/5830


  • Netgate

    Denny has updated dpinger (to version 1.5).

    I expect that Renato will update the code in pfSense soon.  You should have a version of pfSense software v2.3 (still BETA) that has the fix within a few days.



  • This option's been added to the gateway advanced settings. System>Routing, edit your gateway, specify something > 0 in the "Data Payload" field. Confirmed that works, and should definitely fix your issue shopro given the troubleshooting we've been through to narrow down and verify the issue.



  • Working like a charm. Thank you!  :)



  • Good to hear. Thanks Denny!



  • You're welcome.