Gateway Monitoring changes monitor IP on ISP failure

CJ · January 01, 2023, 09:17:05 PM

Gateway monitoring has been working well, but I discovered a problem with it's choice of monitoring IP.

When my connection is up, it monitors my ISP gateway and everything works correctly.

When my connection goes down, the gateway and monitoring IPs change to the IP of my cable modem, which causes the gateway to be marked as online as the cable modem responds to all pings.

When the connection comes back up, the gateway and monitoring IPs change back to the ISP gateway.

I currently have the ISP gateway manually entered into the monitor IP field but is there a way to list certain IPs or ranges as not valid for monitoring? Or some other way to keep it from reverting to the cable modem?

Thanks.

chemlud · January 01, 2023, 10:04:52 PM

You should configure the monitoring IP under System -> Gateways -> Single (e.g. 1.1.1.1).

Is your WAN DHCP? Do you get a private IP on WAN when the connection to ISP fails? Under Interfaces -> WAN you can reject DHCP leases from the private IP of your modem.

Shoresy · January 02, 2023, 04:06:27 AM

Which IP are you using for each of your Gateway monitor IP's in System > Gateways > Single? You should be using different monitoring IP's for each gateway, something such as a public DNS server IP (8.8.8.8 for Google DNS).

CJ · January 04, 2023, 05:58:51 PM

Related to this, I just discovered that you can't set your monitoring IP to the gateway IP. The form accepts it but going back to edit the gateway shows an empty monitoring IP field.

Quote from: chemlud on January 01, 2023, 10:04:52 PM
You should configure the monitoring IP under System -> Gateways -> Single (e.g. 1.1.1.1).

I didn't want to set a monitoring IP because my connection is via DHCP and I don't want to bind to a specific IP in case the gateway changes.

Quote from: chemlud on January 01, 2023, 10:04:52 PM
Is your WAN DHCP? Do you get a private IP on WAN when the connection to ISP fails? Under Interfaces -> WAN you can reject DHCP leases from the private IP of your modem.

Thanks. I was pretty sure there was an option like that but I couldn't find it. Now I just need to test that I can still get to the status page of the cable modem even if the lease is rejected.

Quote from: Shoresy on January 02, 2023, 04:06:27 AM
Which IP are you using for each of your Gateway monitor IP's in System > Gateways > Single? You should be using different monitoring IP's for each gateway, something such as a public DNS server IP (8.8.8.8 for Google DNS).

I only have one gateway and that's what I was using to monitor. Hence the problem with it changing to the cable modem IP and not recognizing that the gateway is down.

I don't want to use anything beyond the ISP gateway for monitoring because that introduces additional variables and my concern is primarily from me to my ISP.

CJ · January 04, 2023, 06:14:42 PM

It looks like there's an issue in the UI. Based on the help text, man page and this thread, https://forum.opnsense.org/index.php?topic=25318.0 I should be able to put a CIDR notation into the rejection field.

However, whenever I attempt to use anything other than a single IP, I get the following error.

"A valid alias IP address must be specified to reject DHCP Leases from."

CJ · January 17, 2023, 07:55:09 PM

The good news is that OPNsense doesn't fail over to the modem anymore after adding it's IP to the exclude range.

The bad news is that when the connection goes done I lose access to my modems status and troubleshooting page.

Any suggestions for being able to access it while monitoring the proper ip?

tong2x · January 18, 2023, 04:34:44 AM

it is NOT advisable to use your ISP gateway as monitor, because there could be cases wherein you have "full" connection to your ISP but there backbone is down or there external access outside is down. in which case their gateway will respond to your pings.

you should set known "good" internet IP, usually public DNS IP address
8.8.8.8, 1.1.1.1 or 9.9.9.9 and their secondary IPS
these IPs will rarely go down, and will ensure that your ISP has "Internet" connection to ping them.

CJ · January 19, 2023, 03:52:29 PM

Quote from: tong2x on January 18, 2023, 04:34:44 AM
it is NOT advisable to use your ISP gateway as monitor, because there could be cases wherein you have "full" connection to your ISP but there backbone is down or there external access outside is down. in which case their gateway will respond to your pings.

you should set known "good" internet IP, usually public DNS IP address
8.8.8.8, 1.1.1.1 or 9.9.9.9 and their secondary IPS
these IPs will rarely go down, and will ensure that your ISP has "Internet" connection to ping them.

How many times has this happened to your ISP where their external links went down but your last mile connection was still up? Because I can not recall a single instance of this happening to me.

As I already mentioned, I'm much more concerned about the status of my last mile connection which is why I don't want to use any ip that transits outside of my ISP.

chemlud · January 19, 2023, 04:14:01 PM

Quote from: CJRoss on January 19, 2023, 03:52:29 PM
Quote from: tong2x on January 18, 2023, 04:34:44 AM
it is NOT advisable to use your ISP gateway as monitor, because there could be cases wherein you have "full" connection to your ISP but there backbone is down or there external access outside is down. in which case their gateway will respond to your pings.

you should set known "good" internet IP, usually public DNS IP address
8.8.8.8, 1.1.1.1 or 9.9.9.9 and their secondary IPS
these IPs will rarely go down, and will ensure that your ISP has "Internet" connection to ping them.

How many times has this happened to your ISP where their external links went down but your last mile connection was still up? Because I can not recall a single instance of this happening to me.

As I already mentioned, I'm much more concerned about the status of my last mile connection which is why I don't want to use any ip that transits outside of my ISP.

That's not the meaning of gateway monitoring. Do you want to communicate with your ISP gateway or with the interwebs?

CJ · January 19, 2023, 06:26:58 PM

Quote from: chemlud on January 19, 2023, 04:14:01 PM
That's not the meaning of gateway monitoring. Do you want to communicate with your ISP gateway or with the interwebs?

Did you mean to reply to tong or me?

Having had my ISP replaced twice now due to damage causing intermittent connection issues, I'm very concerned about it. Additionally, I can't talk to the interwebs if I can't talk to the ISP gateway.

chemlud · January 19, 2023, 08:29:21 PM

Quote from: CJRoss on January 19, 2023, 06:26:58 PM
... I can't talk to the interwebs if I can't talk to the ISP gateway.

...that's why you monitor 1.1.1.1 or 9.9.9.9. End of story.

CJ · January 20, 2023, 04:47:15 PM

Thank you for that kind, insightful, and thoughtful reply that fully addresses all of the risks and concerns regarding my situation. It will be helpful in making my decision.

tong2x · January 26, 2023, 10:16:55 AM

going back...

QuoteWhen my connection goes down, the gateway and monitoring IPs change to the IP of my cable modem, which causes the gateway to be marked as online as the cable modem responds to all pings.

maybe pictures of before and after
and the case where it change to a modem/local IP

Gateway Monitoring changes monitor IP on ISP failure

CJ

January 01, 2023, 09:17:05 PM

chemlud

January 01, 2023, 10:04:52 PM #1

Shoresy

January 02, 2023, 04:06:27 AM #2

CJ

January 04, 2023, 05:58:51 PM #3 Last Edit: January 04, 2023, 06:10:56 PM by CJRoss

CJ

January 04, 2023, 06:14:42 PM #4

CJ

January 17, 2023, 07:55:09 PM #5

tong2x

January 18, 2023, 04:34:44 AM #6

CJ

January 19, 2023, 03:52:29 PM #7

chemlud

January 19, 2023, 04:14:01 PM #8

CJ

January 19, 2023, 06:26:58 PM #9

chemlud

January 19, 2023, 08:29:21 PM #10

CJ

January 20, 2023, 04:47:15 PM #11

tong2x

January 26, 2023, 10:16:55 AM #12