OPNsense Forum

Afternoon everybody,

Occasionally my ISP will have a problem and the WAN will drop out. When it comes back online, opnsense doesn't seem to automatically pick it back up and requires a reboot.

I've seen similar questions suggesting to set certain DHCP setttings on the WAN interface, but I am using a static IP so am in a different situation.

Is there a setting to allow it to try and re-establish connection, or is a reboot the only way to solve this?

---

Version: OPNsense 24.1.7_4-amd64

Am I allowed to bump this post after a few days?

Appreciate any help.

Please check for messages in dmesg.
OPN has a service that you'll find on the dashboard: "dpinger" and that is the Gateway monitor (WAN_DHCP).

Interfaces > WAN: what settings do you have there?
The only problem I can imagine you have is a not well supported NIC for WAN interface, like realtek ones.
Also it would be good to know your setup, do you have a modem in front of the firewall for instance.

Thanks for the reply, cookiemonster.

> Please check for messages in dmesg.

I checked the `Audit`, `Backend`, `Boot`, and `General` log sections and the only thing that I could see that seemed related was this log (there are a lot of them around the time the internet dropped):

```
action rfc2136.reload.wan not found for user root
```

> OPN has a service that you'll find on the dashboard: "dpinger" and that is the Gateway monitor (WAN_DHCP).

I searched and looked for "dpinger" on the dashboard, but it doesn't show. I don't even see it as a plugin or a service. Not sure what I'm missing.

> Interfaces > WAN: what settings do you have there?

Enable: checked
Lock: checked
Identifier: wan
Device: em4
Description WAN

Block private networks: checked
Block bogon networks: checked
IPv4 Configuration Type: Static IPv4
IPv6 Configuration Type: None
MAC address: blank
Promiscuous mode: unchecked
MTU: blank
MSS: blank
Speed and duplex: Default (no preference, typically autoselect)
Dynamic gateway policy: unchecked

Overwrite global settings: unchecked

IPv4 address: <my static IP>
IPv4 gateway rules: <my WAN gateway>


Thank you again for your time

Ah I just checked the WAN Gateway settings:

Disabled: unchecked
Name: WAN_Gateway
Description: blank
Interface: WAN
Address Family: IPv4
IP Address: <my gateway IP>
Upstream Gateway: checked
Far Gateway: unchecked
Disable Gateway Monitoring: checked
Disable Host Route: unchecked
Monitor IP: blank
Mark Gateway as Down: unchecked
Priority: 255


Is it because Gateway Monitoring is disabled?

> Also it would be good to know your setup, do you have a modem in front of the firewall for instance.

I also forgot to answer this,

Yeah, unfortunately I have to have the ISP router in front of opnsense. The ISP router is in modem mode, though.

> The only problem I can imagine you have is a not well supported NIC for WAN interface, like realtek ones.

It is a intel NIC :)

gateway monitoring will not cover a link event loss...

Does it come back when you unplug and plug the cable?

Does it come back when you set

# ifconfig igbX down
# ifconfig igbX up

(given igbX is your WAN device)


Cheers,
Franco

Hey franco, thanks for helping!

QuoteDoes it come back when you unplug and plug the cable?

The cable of the opnsense router? Yes - once the WAN comes back up, rebooting opnsense fixes the problem. I am hoping there's a way to fix it without needing to reboot.

QuoteDoes it come back when you set

I can definitely try this the next time the WAN goes down. Thankfully it doesn't happen _that_ often.

> The cable of the opnsense router? Yes - once the WAN comes back up, rebooting opnsense fixes the problem. I am hoping there's a way to fix it without needing to reboot.

Not rebooting, just removing the WAN port cable and plugging it back. If that works the ifconfig down/up likely works too but I want to be sure about all cases first.


Cheers,
Franco

Ah I see ok. Do you mean do that when the WAN connection goes down, or try it when it isn't a problem to see if it comes back up?

When it's down and you would normally reboot.


Cheers,
Franco

Got it, thank you for the time.

I'll have to wait until it goes down again, unless there's any merit to fabricating the scenario by switching the ISP router off/on?

For a few months I've also been chasing this issue. These two posts are probably in the same vein, and suggests scripts that will reload the interface when the WAN drops:

https://forum.opnsense.org/index.php?topic=18300.0
https://forum.opnsense.org/index.php?topic=11928.0


This problem started for me when I switched ISPs. Been using pfSense then OPNsense for years, and switched from a fiber ISP (with modem/router combo unit) to a cable ISP (modem only). I know you said you have a modem/router in modem-mode, so perhaps that is equivalent to my setup.

Since switching to cable, every 1 to 3 days the WAN goes down, but the interface shows UP and has a valid IP. I tried both a TC4400 and a Hitron CODA56 modem, but the issue exists with both.

I run OPNsense as a virtual machine under Proxmox. Because the VM is connected to a bridge interface, OPNsense cannot tell if the physical link goes down between the modem and the server NIC. You didn't mention if you use a VM or not, but this is my hypothesis about why this happens to me. I suspect the physical link must drop briefly, and the modem refuses to provide WAN access until the router requests a new lease over DHCP.

[Edit] Of course, you said you have a static IP, but perhaps the reload is the common thread?

If I go into Interfaces>Overview>WAN and click Reload, the WAN link comes back every time. This is more or less what Franco said to try below. A reboot will also accomplishes this.

While using a script to check the link and trigger a reload every minute would work (see forum posts linked above), I've been hoping for a more elegant solution  ::)

Quote from: canadidan on June 15, 2024, 03:51:03 PM
I've been hoping for a more elegant solution  ::)

Use PCIe pass through for the WAN interface so OPNsense can notice the link dropping.

Thanks for the links @canadidan

QuoteI run OPNsense as a virtual machine under Proxmox. Because the VM is connected to a bridge interface, OPNsense cannot tell if the physical link goes down between the modem and the server NIC. You didn't mention if you use a VM or not, but this is my hypothesis about why this happens to me. I suspect the physical link must drop briefly, and the modem refuses to provide WAN access until the router requests a new lease over DHCP.

For me, opnsense is running on bare metal - I could have done it on a VM, but seeing as it the one thing giving me internet access I wanted it to be as simple as possible.

QuoteIf I go into Interfaces>Overview>WAN and click Reload, the WAN link comes back every time. This is more or less what Franco said to try below. A reboot will also accomplishes this.

I will try this next time for sure. If it works, perhaps I'll have to look at using one of the scripts!

My internet is down right now, but I don't see a reload button under Interfaces > Overview. I know there are some UI issues on mobile, so may be because of that?

Update - my WAN went down again this morning.

I tried disconnecting and reconnecting the ethernet cable - the internet did not come back up.

I don't have a reload button on Interfaces>Overview>WAN - so I couldn't try this method.

Lastly, I tried running `ifconfig em4 down` and `ifconfig em4 up` and that did bring it back up, thankfully without a reboot.

@franco - does that help to identify what's going wrong at all? Is my only option to run a script that will run  `ifconfig em4 down` and `ifconfig em4 up` when it notices a problem?

Thanks in advance!

Bring up a slightly old thread because this one nearly perfectly matches my situation. There are lots of threads about this issue but no real good solution.

I've been using opnsense on a protectli firewall vault device behind a cable modem for almost 2 years. Any time the internet goes down, which on average is once a week but sometimes many nights in a row (maintenance?), opnsense fails to restore a WAN connection. It will show up and an IP address but no traffic will flow.

The very quick fix is to restart the Gateway Monitor (WAN DHCP) service. I used to restart the firewall, physically reconnect the ethernet cable, which all worked, but required a relatively lengthy or physical process. Restarting the Gateway Monitor (WAN DHCP) service restores connection instantly.

I really wish opnsense could handle this automatically. With all the reports of this issue I've see the last couple years, this should have been dealt with a long time ago. Until a couple months ago this was a remote, un-manned location that required sending someone out to every time there was an outage. That's unacceptable.

A previous thread (https://forum.opnsense.org/index.php?topic=18300.0) provided a script that could be called by cron at short intervals (e.g. every minute) to check the WAN interface and toggle it down then up to renew WAN DHCP.
Code it suggests (thanks @ooker):

Quote from: ooker link=msg=83143

Code Select Expand

#!/bin/sh
gatewayIP=$(netstat -4rn | grep default | awk '{print $2}')
wanInterface="em0"

echo "Gateway: $gatewayIP"
echo "WAN Interface: $wanInterface"
if [ -z $gatewayIP ]
then
  echo "NO Gateway"
  #Bring the interface down then up to renew the WAN DHCP
  ifconfig $wanInterface down
  ifconfig $wanInterface up
else
  # if return = 0 then host is reachable
  ping -c 1 $gatewayIP > /dev/null
  if [ $? -eq 0 ]
  then
    echo "Gateway Reachable"
  else
    echo "Gateway Unreachable"
    #Bring the interface down then up to renew the WAN DHCP
    ifconfig $wanInterface down
    ifconfig $wanInterface up
  fi
fi

Could something like this be used by those of us home-users who have less-than-stable ISP connections?

Ari

For monitoring WAN connection, there's another option of a script to call by cron offered here:
https://gist.github.com/mdeweerd/035129a6f90979ba39ec8377e99922f5 (https://gist.github.com/mdeweerd/035129a6f90979ba39ec8377e99922f5)

In case not familiar with how to accomplish the above:

• Open an SSH connection to your OPNSense (https://techexpert.tips/opnsense/opnsense-remote-access-ssh/).
• Choose the option to open the Shell (should be 8, IIRC)
• Create the file: at the shell prompt enter the following commands:
      sudo mkdir /usr/local/bin/scripts
      sudo touch /usr/local/bin/scripts/opnsense_ping_check.sh
      sudo vi /usr/local/bin/scripts/opnsense_ping_check.sh
      [edit the script text to IP addresses you choose (I used 1.0.0.1 and 8.8.8.8) and the interface for your WAN (mine is igb0)]
      [copy the script text, paste the text of the script into the Putty window (this might be a mouse-right-click)]
      [save the file and exit vi by typing :wq and pressing Enter]
  
• Now back to the shell prompt, enter the following commands:
      sudo chmod +x /usr/local/bin/scripts/opnsense_ping_check.sh
      sudo /usr/local/bin/scripts/opnsense_ping_check.sh
  
• [exit the shell by typing exit and press enter]
• [exit the SSH window by typing exit and press enter]
• Back in the OPNSense web UI, go to System --> Settings --> Cron
      Click the + to add a Cron job
      Set Minutes to */5 and set the other time intervals to * --- this will cause the Cron to execute every five minutes
      On the Command drop-down, select the "ping_check" option
      Give it a description
      Click Save

Done. Hope that helps someone (and hope it works for me!)