One dpinger gateway status offline

shopro

I have two gateways set on my pfense and both gateways are monitored with dpinger. One gateway is my ISP (cable modem with IP from dhcp) and the other one is a VPN connection.

The VPN gateway (monitoring 8.8.4.4 ) shows RTT - 122ms, 2ms - RTTsd, 0.0% Loss and Online - Status correctly as expected.

However my ISP gateway (monitoring 8.8.8.8 ) is shows RTT - 0ms, 0ms - RTTsd, 100.0% Loss and Offline - Status, it shows this regardless of monitor IP and even when the connection is working fine, this problem started when I upgraded from 2.2.6 to 2.3 alpha few weeks ago.

Only info I can find about dpinger is under System -> Gateways

ISP gateway:

send_interval 250ms loss_interval 1250ms time_period 30000ms report_interval 0ms alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr ***.***.***.*** identifier "WAN_DHCP "

VPN gateway:

send_interval 250ms loss_interval 1250ms time_period 30000ms report_interval 0ms alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.4.4 bind_addr ***.***.***.*** identifier "WAN2_DHCP "

Is there something wrong in my setup or with dpinger?

brianc69

Shouldn't the VPN be checking a PC at the other end instead of Google?

cmb

Is that VPN connection OpenVPN?

I'm not aware of any issues along those lines, but not sure I've done much with dpinger with dynamic gateways on OpenVPN assigned interfaces yet. It seems to be the working one though. That's the one I'd expect to not work if anything.

What do you get for the following commands:

route -n get 8.8.8.8

ps auwwx|grep dpinger

shopro

Yes it's OpenVPN connection.

route -n get 8.8.8.8

   route to: 8.8.8.8
destination: 8.8.8.8
    gateway: ISP Gateway IP
        fib: 0
  interface: re0
      flags: <up,gateway,host,done,static>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0</up,gateway,host,done,static> 

root    86472  0.0  0.2  15004  2304  -  Ss    1:42PM   0:00.03 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B **ISP_IP** -p /var/run/dpinger_WAN_DHCP_**ISP_IP**_8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP_**ISP_IP**_8.8.8.8.sock -C /etc/rc.gateway_alarm -s 250 -l 1250 -t 30000 -A 1000 -D 500 -L 20 8.8.8.8
root    86631  0.0  0.2  15004  2280  -  Ss    1:42PM   0:00.03 /usr/local/bin/dpinger -S -r 0 -i WAN2_DHCP -B **VPN_IP** -p /var/run/dpinger_WAN2_DHCP_**VPN_IP**_8.8.4.4.pid -u /var/run/dpinger_WAN2_DHCP_**VPN_IP**_8.8.4.4.sock -C /etc/rc.gateway_alarm -s 250 -l 1250 -t 30000 -A 1000 -D 500 -L 20 8.8.4.4

Hope this helps.

cmb

That all looks correct. Do a packet capture on WAN filtered on host 8.8.8.8, all else at defaults. Let it run for about 10 seconds and stop it. What does that show?

shopro

It is all like the following:

06:03:37.002800 IP MY-IP > 8.8.8.8: ICMP echo request, id 20936, seq 23535, length 8

With the following exception happening once during the 10sec period:

06:03:43.916388 IP MY-IP.43911 > 8.8.8.8.53: UDP, length 43
06:03:43.941188 IP 8.8.8.8.53 > MY-IP.43911: UDP, length 88

cmb

Huh, so apparently 8.8.8.8 replies to DNS from that WAN, but not ping. Or maybe something upstream of you is blocking it. If you go to Diag>Ping and choose source WAN and try to ping 8.8.8.8 do you get a reply? Do you get a reply pinging 8.8.8.8 from hosts on the LAN going out via that same WAN?

shopro

Ping works from Diag>Ping as expected and it also works perfectly from any of the hosts on the LAN.

Also tried changing the 8.8.8.8 to 8.8.4.4 which works on the VPN interface but I get the same problem.

cmb

Ok, put it back to 8.8.8.8, and repeat that same packet capture on WAN. Leave it running for about 10 seconds to catch the monitor pings, then go to Diag>Ping and ping from source WAN. Then stop the capture, download the pcap file and either attach it here, or can email it to me (cmb at pfsense dot org) with a link to this thread.

shopro

Just sent the .cap file as email, thank you.

cmb

Working with shopro and dennypage we tracked this down to this.
https://redmine.pfsense.org/issues/5830

jwt

Denny has updated dpinger (to version 1.5).

I expect that Renato will update the code in pfSense soon.  You should have a version of pfSense software v2.3 (still BETA) that has the fix within a few days.

cmb

This option's been added to the gateway advanced settings. System>Routing, edit your gateway, specify something > 0 in the "Data Payload" field. Confirmed that works, and should definitely fix your issue shopro given the troubleshooting we've been through to narrow down and verify the issue.

shopro

Working like a charm. Thank you!  :)

cmb

Good to hear. Thanks Denny!

dennypage

You're welcome.