https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162013-09-03T09:36:07ZpfSense bugtrackerpfSense - Bug #3179: Gateway failure not properly detected in certain cases using a monitor IP outside of the WAN's subnethttps://redmine.pfsense.org/issues/3179?journal_id=123432013-09-03T09:36:07ZShahid Sheikhshahidsheikh10@yahoo.com
<ul></ul><p>I can provide some input on this issue as well.</p>
<p>On 2 of 8 of my firewalls I have this problem happen consistently. On remaining 6 problem usually shows up after default gateway fails over once.</p>
<p>I have WAN and OPT1 interfaces. Default GW is on WAN. The monitor IPs are not on the same respective subnets. Doing a packet capture on the OPT1 interface does not show any of the ICMP packets. On the WAN interface I see ICMP packets to both monitor IPs of WAN's GW and OPT1's GW. The source IP for the ICMP destined to monitor IP of OPT1's GW is the IP address of the OPT1 interface. But the packet itself is being sent out by the WAN interface.</p>
<p>My workaround right now is to add static routes for the monitor IPs.</p>
<p>Another observation is the unexpected behavior when a DNS server set to be queried through one GW is also being used as a monitor IP for another GW. Setting it as a DNS with a specific gateway enters a static route.</p> pfSense - Bug #3179: Gateway failure not properly detected in certain cases using a monitor IP outside of the WAN's subnethttps://redmine.pfsense.org/issues/3179?journal_id=123472013-09-03T11:00:43ZJim Pingle
<ul><li><strong>File</strong> <a href="/attachments/845">oddicmp.cap</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/845/oddicmp.cap">oddicmp.cap</a> added</li></ul><p>Attaching a capture file that shows the ICMP actually is going out the right interface and is experiencing loss. But at the time apinger reports 0.0% loss on that WAN.</p>
<p>So the static routes do help certain scenarios, but not all.</p> pfSense - Bug #3179: Gateway failure not properly detected in certain cases using a monitor IP outside of the WAN's subnethttps://redmine.pfsense.org/issues/3179?journal_id=123522013-09-03T11:49:43ZErmal Luçieri@pfsense.org
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li></ul> pfSense - Bug #3179: Gateway failure not properly detected in certain cases using a monitor IP outside of the WAN's subnethttps://redmine.pfsense.org/issues/3179?journal_id=123632013-09-03T13:45:24ZJim Pingle
<ul></ul><p>It now appears as though apinger sees the gateway as down but does not report nor graph the result as expected.</p>
<p>If you change the 'down' time to a value longer than the number of samples required for calculation (e.g. 30) the graph is correct.</p>
<p>So the problem appears mostly if the down time is at the default value of 10 (or less) since it uses 10 samples for calculation.</p> pfSense - Bug #3179: Gateway failure not properly detected in certain cases using a monitor IP outside of the WAN's subnethttps://redmine.pfsense.org/issues/3179?journal_id=124682013-09-09T16:32:10ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>this particular issue is fixed, the issue with 10 vs. 30 seconds with packet loss still exists but isn't a regression. I'll open a separate ticket on that.</p>