pfSense Support Subscription

Author Topic: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP  (Read 497 times)

0 Members and 1 Guest are viewing this topic.

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
I have 3 WANs, each WAN has static outer IP address, given by provider.

The topology is following:



When I have no money on provider2 or I have any other problems with it, I can't ping IP2 from inside my LAN and from AWS hosting.

Nevertheless, monitoring of this gateway indicates green.

I.e. I have FALSE POSITIVE detection.

An opposite is happening with provoder3. If I have everything OK with it, and I can ping IP3 from inside my LAN and from AWS hosting, apinger reports it is down.

I.e. I have FALSE NEGATIVE detection.

All gateways are cofigured as parts of one Load_Balancing_Group at tier 1.

provider1 is configured as default and works ok.

How it can be?
« Last Edit: January 03, 2018, 01:01:22 pm by dims »

Offline ccmks

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +1/-0
    • View Profile
Re: Monitor is false detecting one of my WANs as down
« Reply #1 on: January 02, 2018, 05:15:50 pm »
What are the monitor IP you use?

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: Monitor is false detecting one of my WANs as down
« Reply #2 on: January 03, 2018, 03:00:59 am »
Outer IP of my provider. I can ping it from outside at the very same moment when apinger reporting it's down.

Offline rudger_wolvram

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +2/-0
    • View Profile
Re: Monitor is false detecting one of my WANs as down
« Reply #3 on: January 03, 2018, 12:53:11 pm »
I had as similar problem with ATT, you couldn't ping their gateway IP from the same network (WAN interface IP) but you could from outside that subnet.
I had to set up my monitor IP to 8.8.8.8 because it's google, they can handle the traffic, it's up pretty much all the time, and it monitors through the ISP gateway.
Downside to this method, your interface response time reporting is skewed higher because you're hitting an actual internet host instead of the first hop.

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: Monitor is false detecting one of my WANs as down
« Reply #4 on: January 03, 2018, 12:58:50 pm »
I can ping IP3 from everywhere. Their router has WEB-interface, and it has PING page there. So, I tried to ping from:

1) workstation inside LAN

2) pfSense command line

3) provider's router.

Ping works from everywhere.

Only apinger thinks interface is down, by unknown reason, probably BUG.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9607
  • Karma: +1090/-309
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #5 on: January 03, 2018, 01:02:52 pm »
Probably NOT a bug. Try pinging the monitor IP address from the firewall itself. Diagnostics > Ping or ping from the ssh/console shell.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #6 on: January 03, 2018, 01:04:58 pm »
If by "firewall" you mean pfSense box, that I can ping from it. See above.

Offline rudger_wolvram

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +2/-0
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #7 on: January 03, 2018, 01:28:11 pm »
Wait, what version of pfsense are you on?
apinger was removed from pfsense somewhere around 2.3.x and replaced with dpinger. I'm on 2.4.2 and can't find apinger or dpinger (unless dpinger is the underlying pinger for gateways) packages.
You may be using a package that shouldn't even be there.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9607
  • Karma: +1090/-309
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #8 on: January 03, 2018, 02:05:44 pm »
Yeah if you have a version that uses apinger, the solution is to upgrade. 2.4.2_1 is current.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #9 on: January 04, 2018, 12:24:26 am »
I am using `2.3.2-RELEASE (amd64) `

I don't see 2.4.2_1 as upgrade option. It writes `Latest Base System 2.3.3_1`

If I enable unstable and experimental releases, it writes `2.3.6.a.20180103.1249`

The date is yesterday.

Are you really pfSense guys, people?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9607
  • Karma: +1090/-309
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #10 on: January 04, 2018, 12:29:26 am »
2.3.2 does not have apinger, it has dpinger. I don't recall any issues with it since then.

You should upgrade anyway. Take a configuration backup and give it a go. The reported version from there does not always match what you end up with, unfortunately.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #11 on: January 04, 2018, 12:33:23 am »
Ah, I found newer version on site. Updater just doesn't see it...

Offline dims

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #12 on: January 04, 2018, 12:34:46 am »
I don't beleive it will work. If this is not recognized as a bug or problem, then unprobably it was solved...

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9607
  • Karma: +1090/-309
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #13 on: January 04, 2018, 12:35:34 am »
Quote
Are you really pfSense guys, people?

Insults? Really?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9607
  • Karma: +1090/-309
    • View Profile
Re: Monitor is FALSE detecting one of my WANs as DOWN and another WAN as UP
« Reply #14 on: January 04, 2018, 12:38:55 am »
I don't beleive it will work. If this is not recognized as a bug or problem, then unprobably it was solved...

That is because it is probably not a bug or a problem. You have a unique situation and you need to figure out what to monitor so you get the results you are looking for.

Sometimes when an ISP administratively shuts down a circuit for things like "no more money" they still respond to pings for some close addresses, sometimes they hijack DNS or forward all port 80 "you're out of money" page, etc.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM