The pfSense Store

Author Topic: dpinger used to monitor vpn gateway connections - blocked  (Read 241 times)

0 Members and 1 Guest are viewing this topic.

Offline gwaitsi

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
dpinger used to monitor vpn gateway connections - blocked
« on: September 07, 2017, 07:57:27 am »
I have two VPN connections with ExpressVPN.
If the monitor address is set to google, they should with 50% packet loss

from my linux pc, if I use linux traceroute, I get the following results

- I believe this is a UDP traceroute
traceroute to google.com (172.217.23.174), 30 hops max, 60 byte packets
 1  10.x.x.x (10.x.x.x)  35.904 ms  35.882 ms  35.873 ms
 2  hosted-by-i3d.net (31.204.154.1)  35.864 ms  35.853 ms  35.843 ms
 3  100ge.cr0-br3.smartdc.rtm.i3d.net (109.200.218.166)  35.830 ms 100ge.cr1-br3.smartdc.rtm.i3d.net (109.200.218.246) 

- I believe this is an ICMP traceroute
traceroute -I to google.com (172.217.23.174), 30 hops max, 60 byte packets
 1  10.x.x.x (10.x.x.x)  26.314 ms  26.318 ms  26.316 ms
 2  * * *
 3  * * *

If i understand this correctly, it seems that hosted-by-i3d.net (31.204.154.1) does not pass ICMP

Are there any other options/way i can monitor the vpn connection to enable failover of the vpn connection.


Offline luckman212

  • Hero Member
  • *****
  • Posts: 726
  • Karma: +59/-0
    • View Profile
    • @luckman212 - github
Re: dpinger used to monitor vpn gateway connections - blocked
« Reply #1 on: September 29, 2017, 10:50:50 pm »
Here are some other anycast dns servers you can try for monitors... see if any of them are more reachable/reliable than 8.8.8.8....

Oracle-Dyn
216.146.35.35
216.146.36.36

HurricaneElectric
74.82.42.42

Level3
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
« Last Edit: October 02, 2017, 09:59:34 pm by luckman212 »

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 557
  • Karma: +74/-4
    • View Profile
Re: dpinger used to monitor vpn gateway connections - blocked
« Reply #2 on: October 02, 2017, 07:37:35 pm »
Just a note to luckman212... Verizon and Level 3 have no affiliation with each other. Those IP addresses you posted belong to Level 3.

Level 3 was recently acquired by CenturyLink, in an effort to increase business/enterprise services. Verizon has nothing to do with them.

Offline luckman212

  • Hero Member
  • *****
  • Posts: 726
  • Karma: +59/-0
    • View Profile
    • @luckman212 - github
Re: dpinger used to monitor vpn gateway connections - blocked
« Reply #3 on: October 02, 2017, 10:00:04 pm »
Thanks for the info
I corrected my post...