Gateway - Send to Error 65
-
That "Advanced DMZ" mode looks like a reasonable compromise. Especially if it results in them acting less like ^#%$s.
Did you do all of the configure, reboot, configure, reboot steps exactly as they recommended?
Have you done as hard a reset as you can to that modem?
I assume the R3000 mentioned in that document is substantially-similar to the T3200M you have?
You have access to the ISP device and can freely check its status?
You have access to set the MAC address used for the "Advanced DMZ" mode as described on page 7? That is the actual hardware address for the WAN port and is not spoofed or anything?
You can connect a laptop (with a MAC address DIFFERENT from the "Advanced DMZ" MAC) and get an address from the LAN side of the T3200M and get good DHCP, etc and things work? Can you check the web interface of the modem from there?
Yes on all.
I don't see anything that might be incompatible. Should work fine if it does what that doc says it does.
This does not make a lot of sense to me:
Request who-has h75-100-91-105.mdtnwi.dsl.dynamic.tds.net tell h75-100-91-105.mdtnwi.dsl.dynamic.tds.net, length 28
Unless that is the DMZ modem that has 75.100.91.105 asking its LAN for the ARP for the same address and looking for a response from the WAN interface. Looking at the full pcaps with MAC addresses, etc would shed light there.
I suspect that is what it's doing based on that document's mention of needing the WAN interface to respond to ARP requests.
Honestly, if I were having the troubles you are, I would already have a managed switch between the modem and the WAN port and be running packet captures on a mirror port there.
Don't have one handy. Can get one from work if needed, but I honestly think I'm waving the white flag on this until my new modem comes.
I am unsure how to instruct you in starting a packet capture on pfSense that will give you what you need. Maybe something like this:
Get everything configured as they describe for "Advanced DMZ" mode.
Disconnect patch from pfSense WAN to modem.
Disconnect power from modem
Diagnostics > Packet capture, Select WAN, don't filter anything, and set the packet count to something like 100000. Start the capture.
Reconnect the modem patch cord to the WAN port
Power on the modem
Do whatever testing you want and, after a bit, stop the capture and download it. You can open that straight away in wireshark. See what's there. Feel free to post it here if there is nothing you don't want seen. I can send you a nextcloud link to upload it to me if you'd rather since PMs don't allow attachments.
Thank you for this! I think I'm at my wit's end with it, and my wife is nearing the end of her patience with it as well, so I'm probably not going to do this right now. If I'm unable to get things working with the Vigor130, this is a thing I will do. This whole thing is a further reminder that I should probably take a networking course. I know enough to be a linux sysadmin and I can farm weird stuff out to the network services group, but things like this are outside my zone. I'll bug my boss to send me to one. Thank you again for all of the help - everything looks like it should all be working fine and then it's just not for completely unknown reasons so it's probably made my posts a bit cranky sounding, so to speak.
-
So, an update here. I ended up returning the Vigor 130 after working with Draytek support. I couldn't get anything better than almost exactly 1/2 of my expected download speed (12.5mbit rather than 25mbit) no matter what firmware I used. So. Bleh.
I went for a while just using the ISP modem, but I really am unhappy with some stuff, so I'm trying Bridge Mode again, except this time I've formatted and reinstalled my pfsense box with my config tucked away somewhere else. My goal is to see if I can get it working with a fresh install just in case something was screwy. So far all I've done is set a couple static DHCP IPs, turn on static DHCP mapping for the DNS forwarder, and one NAT rule to forward WAN ssh to an internal linux box. And reset the password. That's it - I've done pretty much nothing else. I want to see if it works with a fresh install.
If I still have the same issue where every 3 or 6 hours, things die for several hours, I'm going to try connecting directly to a linux box (from bridge mode again) and see how that goes. If that goes well, then there must be some sort of issue with pfsense. If it doesn't, well, then there's an issue with bridge mode on the modem (this is a replacement T3200M since for some reason they sent me one un-asked) or with something else that's going to end up outside my control.
I'm not very optimistic. I really miss having pfsense but I'm just not sure it's in the cards. It works well enough if I just have the pfsense box hooked up to the router in DMZ mode (the advanced DMZ never worked when I tested it) except for the whole double-nat thing which wreaks some havoc with things like PS4 and probably P2P if I ever used it. We'll see what happens for now, I'll report back. Sorry for going silent - I really was hoping Draytek would figure something out since it held the connection just fine, only at half speed for unknown reasons.
-
Additional update: I give up with pfsense as the gateway. I've done a compromise of sorts, I have my pfsense box just with the LAN interface active, and it's doing my DHCP and DNS. The T3200M is just doing routing. I lose some stuff, like bandwidthd and the ability to see what's using my bandwidth, but I don't have a double NAT and I'm not just randomly losing the ability to contact the gateway every 3-6 hours like clockwork. I haven't tried a non-pfsense host on bridge mode but I think I just give up at this point. At least my LAN hostname resolution isn't terrible with the pfsense box doing that. I might split that off to another linux host like my NAS or something, but this works and I'm just so tired of this.
I don't know where the fault lies. None of it ever made a lot of sense with how it was manifesting and I never did get around to packet captures. Thanks again for the help. This will work well enough I guess.
-
@shortspecialbus Sorry to necro an old thread, but I have the same ISP and am having the exact same issue! It seems to be related to the DHCP lease time. Right around the time when there is 10% lease time remaining, I have the same issue. A release/renew or modem reboot fixes the issue, however.
Did you ever come up with a solution? You're the only person I've found having the exact same issue! Created an account just to reply :-)
-
@toaday Unfortunately, no. In my case, DHCP release/renew wouldn't work either - only a reboot would. I have no idea why. I gave up on this and just accepted that I had to use TDS's lousy router (not in bridge mode), and I just have pfsense running as a DHCP server effectively at this point. For what it's worth, I purchased a couple different modems that theoretically met TDS's specifications, but even working with the modem developers and having them try to write custom firmwares, we were never able to get better than half-speed or so. (edit: scrolling up I seem to have already chronicled this, it's been a while and I forgot) I have no idea what TDS does, but it seems to be completely proprietary.
What I have now is working well enough and I don't really want to go through the frustration again, so I just accept it. I will say "good luck!" and I suppose if you ever figure out an actual fix, I'd for sure be interested if you posted it here. Seriously though, good luck!
-
@toaday Did you ever have any luck with this? I'm trying something new now (not with pfsense) and while I had the same old issues with bridge mode failing as soon as the lease gets near expiration, I may have gotten Advanced DMZ mode to work, although I'd like to give it a full day or two of testing to be sure.
Sorry to necro this old thread again, but as toaday and I are the only people on the planet who've ever run into this issue and I have no other way to get a hold of them, I'm using the thread ;)
-
@shortspecialbus no worries! Feel free to google my username and we can collaborate on this. The solution for me was to switch to a static ip.
-
@shortspecialbus and @toaday, I am from Kenya and have the same exact issue although I have two fibre links from two different ISP's, WAN 1 link always gets the error then my pfsense box stops working. I have had the problem for about 3 months now, tried changing the whole fibre but still having the same issue with the WAN 1 link. Mine goes for around 24hrs, then ceases to work. Although I noticed that when my pfsense stops working the ISP router still has internet, today I am going to try and change the LAN IP of my ISP modem to see if it will change anything. Will keep you updated
-
This post is deleted! -
Check out this thread:
I have a Carrier Grade NAT provider and I would lose connection at least once every couple of days. The only way to fix it was to reboot pfSense OR unplug the WAN cable, wait a few seconds, and the plug it back in. Alternatively I could go into pfSense, disable the WAN, Apply Settings, and then Enable the WAN and Apply Settings.
The thread I linked above is a script that does all this automatically. It pings out and when too many pings are lost it disables then enables the WAN which usually fixes it. It if doesn't work after a few attempts it will automatically reboot your pfSense box.
It even creates a log file so you can go back and see when it happens.
-
@thatguy Hello there, thanks for your help, although I do not understand where the code to be copy-pasted is, could you guide me please since I am still a noob at programming.
-
This post is deleted!