pfSense gateway repeatedly going offline

[rancid-lemon]

I'm having a problem with my internet connectivity with pfSense, my WAN interface keeps going offline after a set of actions that regularly appear in the logs.

 

My WAN interface remains up at all times, it has a public IP via DHCP from my ISP, via a bridged modem. I think this repeating offline/online cycle is affecting my line speed and I can't reach anywhere near my lines capability. Description of problem below, can anyone advise what is going on or how to troubleshoot this?

 

This is a screenshot of the log showing the actions that appear to coincide with the WAN gateway going offline. I'm not saying this is the cause, just that this happens repeatedly at the same time, not sure if cause or effect, or I suppose, if even unrelated to the gateway going offline.

 

And this is what the gatway log shows for the WAN going offline. Note the times of the instances match those of the set of actions in the system log.

 

Any help appreciated, this is doing my head in!

 

rancid

[+BudMan MVC]

if your wan goes offline, or the monitoring system thinks it does because of high latency then yeah it can reset the states and disconnect you..  This can be a problem if your starting to load up your pipe and your buffer bloat causes your latency to go way up.. So monitor thinks your gateway is offline and resets all the states.

 

You can turn that function off here

 

System / Advanced / Miscellaneous

 

Other option is to disable gateway monitoring.. But that is not good idea.  Other option is work with traffic shaping to prevent buffer bloat increasing the latency to your gateway IP your monitoring, etc..  Another option is to change the monitor values to really really high latency doesn't count as your gateway being offline so the states flush.. The quick easy fix is to just uncheck that box

 

That function is really for when you have more than 1 wan, and you want to use say your 2nd wan when 1st goes down then yeah you would want to flush all the states on that 1st gateway so your clients create new connections via the 2nd failover gateway, etc..  But in a 1 wan configuration that option really has no use, not really a reason to reset your states..  And as you can see if monitoring thinks your connection is down because your latency exceeds a specific threshold wack go all your sessions

 

 

[rancid-lemon]

That sounds logical, only problem is that box is unchecked already!

 

Also, not sure if it is related to loading the pipe up, it seems to be more time based, as in every half hour it does this, regardless of what I am doing.

 

Any thoughts?!

[+BudMan MVC]

clearly dpinger is giving you a warning about your connectivity - showing 20% packet loss, etc.  So maybe your wan connection is just sucks?  Did you contact your isp?

 

Just because the interface is up doesn't mean your not having line issues..

 

What does your quality graph look like.. Also you have ipv6 on your wan - are you using it?  If not you could try turning off ipv6 on pfsense wan..

 

see last night I had a bit of a problem for a bit.. Connection just went belly up for a bit.. Interface never went down.. But pinging to gateway that dpinger monitors wasn't answering.. See normally I get about 10ms response time to my gateway..

 

Here is same graph for my ipv6 tunnel.

 

 

you can see same exact time having a problem with it.. This rides on top of my ipv4 connection, so not just gateway wasn't answering ping, etc..

 

Here is my connection to my vps via a vpn connection..

 

You can see same exact time some sort of issue!!  It has some minor connection issues later while you don't see those on the other graphs for normal ipv4 wan, my ipv6 tunnel, etc..  So what does your quality graph look like when you say you have these problems?

 

if I zoom in

 

You can see I was offline for a few minutes.. I was not actually on then so didn't notice it..

 

From log you can see showed same alarms as you, and then they cleared once the packetloss dropped below threshold..

 

Normally my connection is rock solid stable - but as of late they have been having some minor hiccups now and then.. It think its prob related to the gig rollout that is coming to chicagoland from comcast.. I have my name on list.. Going to be freaking sweet!!!