[SOLVED] - Lost WAN communication every 9 minutes

Started by bruch05, January 14, 2019, 09:40:08 PM

Previous topic - Next topic
January 14, 2019, 09:40:08 PM Last Edit: February 08, 2019, 09:10:25 PM by bruch05
Hello,

I'm Christophe from Paris. We use OpnSense 18.7.10 for a Charity Association.
I need your help.

Configuration 1 :

Provider GW <- FO-> PON <-Eth-> WAN If - OpnSense - LAN IF  <-Eth-> SW Gb  <-Eth-> NAS, Laptop     
83.243.124.254         83.243.124.66/32 (DHCP)        192.168.1.1                               192.168.1.x/24        

The Far Gateway is activated on WAN If due to /32.

Every 9 mn the Provider GW is unavailable. Just a SAVE and an APPLY on WAN interface parameters panel (or physical disconnect/reconnect) restore the data flow. No event in system.log relative to this failure.

To confirm that issue is under OpnSense, I've tested directly with a laptop connected to the FO PON and i haven't issue. (Down : 890Mb/s, Up : 950Mb/s)

All the parameters like LRO, TSO, EEE are correctly set. I've performed a test with another NIC, and i got the behavior.

Following some researchs :

- opnsense-revert -r 18.7.9 suricata' and reboot. Despite this, the bad behavior still remains. The Service Intrusion Detection is not enabled.
- opnsense-revert -r 18.7.7 unbound. The issue is always present.

Configuration 2 :

Provider GW <-FO-> PON <-Eth-> WAN If - BOX - LAN If  <-Eth-> ==>   
83.243.124.254         83.243.124.66/32            192.168.0.1                                                         
                                DHCP

==> WAN If - OpnSense - LAN IF  <-Eth-> Switch Gb  <-Eth-> NAS, Laptop
        192.168.0.254/24     192.168.1.1                               192.168.1.x/24
        BOX DMZ to this address

I've an issue with Configuration 1 and not with Configuration 2. From my point of view, the /32 on OpnSense Wan Interface could be the root cause !?. Any idea to debug the WAN If activity ?

I would like to implement the configuration 1 to avoid to pay the Box rental.

Best regards and thank you by advance for your advises
Christophe






Hi, the only thing I see at first glance:

==> WAN If - OpnSense - LAN IF  <-Eth-> Switch Gb  <-Eth-> NAS, Laptop
        192.168.0.254/24     192.168.1.1                               192.168.1.x/24
        BOX DMZ to this address


192.168.0.254/24 and 192.168.1.x/24 overlap?!?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

Hello,

Thank you for your reply.  :)

You speak about an potential issue on configuration 2, but this configuration works without trouble.
I've the issue with the configuration 1 with /32 on wan if.

Any idea ?

Thx
Christophe

What modem hardware are you using?  I'm running an Arris DG1670A cable modem and I'm seeing some weird behavior (disconnects, choking, etc.) as well and I'm wondering if there is a correlation.
Later...
Richard

Hello,

Thx for your reply.

This is a PON huawey Fiber to Ethernet.
Connected to a laptop directly, the connection is reliable.
Connected to OpnSense, the connection is unstable...

I've post a question to my internet provider. I let you know if i've found a solution.

Regards
Christophe

Hello,

This behavior is due to ARP table not refreshed enough time.

The solution is to set this tunable parameter "net.link.ether.inet.max_age" to 300 seconds to avoid the ARP problem.

regards
Tof

Great!  Were you able to modify your system and have the problems go away?  How did you find out this was the problem?  Is there a log file somewhere that is spitting out errors?

You say to set the tuneable parameter "net.link.ether.inet.max_age" but I'm not able to find that in the OPNSense GUI anywhere.  I looked in the System:Settings:Tunables but there is nothing like that in my list.  Is this something you have to edit on the OS itself?  If so, what file should be edited?

Thanx!
Richard
Later...
Richard

You can add it as a custom a tunable in the GUI. The list provided is just a list of frequently needed ones.


Cheers,
Franco

Ah, yes, I see it now.  Thank you for the information.

How were you able to determine that this was the cause of the problem?  Was it something in the log files?
Later...
Richard