Gateway Monitoring

Started by supercm, February 08, 2022, 01:24:02 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 16, 2022, 07:06:52 PM #15
I will try changing the time to 5 seconds to see if it makes a difference.
February 16, 2022, 07:12:28 PM #16 Last Edit: February 16, 2022, 07:14:00 PM by supercm
I just got another failure from the second node. It shows in the UI that the interface is offline.

Ping from the interface is successful and no changes to the routes.

I disabled monitoring and re-enabled it and it shows as online.
February 16, 2022, 07:21:34 PM #17
Firewall : Settings : Advanced : Disable State Kill on Gateway failure .. please tick this
February 16, 2022, 07:36:34 PM #18
That is not a valid option under Advanced.
February 16, 2022, 07:37:09 PM #19
Really?
February 16, 2022, 07:51:31 PM #20
These are my options


IPv6 Options   full help
Allow IPv6    Allow IPv6
Network Address Translation   
Reflection for port forwards   
Reflection for 1:1   
Automatic outbound NAT for Reflection   
Bogon Networks   
Update Frequency   
Monthly
Gateway Monitoring   
Skip rules    Skip rules when gateway is down
Multi-WAN   
Sticky connections    Use sticky connections
Source tracking timeout
Shared forwarding    Use shared forwarding between packet filter, traffic shaper and captive portal
Disable force gateway    Disable automatic rules which force local services to use the assigned interface gateway.
Schedules   
Schedule States   
Miscellaneous   
Firewall Optimization   
normal
Firewall Rules Optimization   
basic
Bind states to interface   
Disable Firewall    Disable all packet filtering.
Firewall Adaptive Timeouts   
start   end
Firewall Maximum States   
Firewall Maximum Fragments   
Firewall Maximum Table Entries   
Static route filtering    Bypass firewall rules for traffic on the same interface
Disable reply-to    Disable reply-to on WAN rules
Disable anti-lockout    Disable administration anti-lockout rule
Aliases Resolve Interval   
Check certificate of aliases URLs    Verify HTTPS certificates when downloading alias URLs
Dynamic state reset    Reset all states when a dynamic IP address changes.
February 16, 2022, 09:44:36 PM #21
Ah, was removed with 22.1 so it seems OK then
February 17, 2022, 02:59:44 PM #22
Same issue here, ended up disabling monitoring till I can roll back to 21.7...
February 25, 2022, 08:10:34 PM #23
Any other recommendations on how to solve this issue? It seems to be constant with most of my interfaces.
February 25, 2022, 08:14:20 PM #24
Can you post the logs please?
March 09, 2022, 07:35:19 PM #25
Here you go
March 11, 2022, 12:57:54 AM #26
I seem to have similar issue https://forum.opnsense.org/index.php?topic=27433.0
I have two WANs, both doing gateway monitoring. One is having the problem. The other seems fine. When it happens, the interface that is affected shows double ICMP replies of the dpinger pings.
Code Select
tcpdump -n -i cxl1 icmp
...
23:51:43.962528 IP 98.51.182.15 > 4.2.2.3: ICMP echo request, id 33608, seq 0, length 8
23:51:43.981125 IP 4.2.2.3 > 98.51.182.15: ICMP echo reply, id 33608, seq 0, length 8
23:51:43.981169 IP 4.2.2.3 > 98.51.182.15: ICMP echo reply, id 33608, seq 0, length 8

March 11, 2022, 06:34:18 AM #27
Quote from: darp12345 on March 11, 2022, 12:57:54 AM
I seem to have similar issue https://forum.opnsense.org/index.php?topic=27433.0
I have two WANs, both doing gateway monitoring. One is having the problem. The other seems fine. When it happens, the interface that is affected shows double ICMP replies of the dpinger pings.
Code Select
tcpdump -n -i cxl1 icmp
...
23:51:43.962528 IP 98.51.182.15 > 4.2.2.3: ICMP echo request, id 33608, seq 0, length 8
23:51:43.981125 IP 4.2.2.3 > 98.51.182.15: ICMP echo reply, id 33608, seq 0, length 8
23:51:43.981169 IP 4.2.2.3 > 98.51.182.15: ICMP echo reply, id 33608, seq 0, length 8


Is this a virtual machine? Usually its fine to only monitor the primary line as there is no action when both are down
Print
Go Up Pages 1 2
User actions