WAN Connectivity Issues after upgrade to CE 2.7.2

Networking & Firewalls
1

I posted this over in the Netgate Forums and thought I’d also check with folks here if anyone else knows of a solution.

Ever since upgrading to pfSense 2.7.2 CE from 2.6.0 CE, the WAN interface will lose connectivity until pfSense is rebooted. My fiber modem never goes offline and there have been no outages with my ISP. No hardware changes have taken place with the firewall. It is not virtualized.

Looking at the logs, I saw this before I rebooted the firewall:

Feb 22 08:01:31 	rc.gateway_alarm 	54098 	>>> Gateway alarm: WAN_DHCP (Addr:x.x.x.x Alarm:1 RTT:1.046ms RTTsd:.259ms Loss:21%)
Feb 22 08:01:31 	check_reload_status 	438 	updating dyndns WAN_DHCP
Feb 22 08:01:31 	check_reload_status 	438 	Restarting IPsec tunnels
Feb 22 08:01:31 	check_reload_status 	438 	Restarting OpenVPN tunnels/interfaces
Feb 22 08:01:31 	check_reload_status 	438 	Reloading filter
Feb 22 08:01:32 	php-fpm 	70525 	/rc.openvpn: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP'
Feb 22 08:01:32 	php-fpm 	70525 	/rc.openvpn: Gateway, NONE AVAILABLE
Feb 22 08:01:32 	php-fpm 	70525 	/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed IP addresses. Reloading endpoints that may use WAN_DHCP.
Feb 22 08:01:32 	php-fpm 	26777 	/rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP

I have adjusted the WAN monitoring setting in System / Advanced / Miscellaneous > State Killing on Gateway Failure to Do not kill states on gateway failure to see if this helps based on other forum posts.

If anyone has any insights on why this his happening or is a known bug with 2.7.2, would appreciate a reply. Thank you.

2

Have you tried turning off gateway monitoring? Also what NIC?

3

Hey Tom. No, I haven’t disabled Gateway Monitoring yet under System / Routing / Gateways / WAN. I should have no issue doing this as it’s only a single ISP setup.

WAN interface is using the onboard Intel i210 based NIC. I also have an Dell branded Intel i350 4 port NIC installed which is just being used for LAN interfaces currently. Both are on the compatibility list for FreeBSD 14.

The only things I’ve changed so far on the advice of one of the Netgate folks in the Netgate Forums was set a more stable monitoring IP, so I’m using 1.1.1.1 for that. Their other suggestion was turning on Disable Gateway Monitoring Action so that Gateway events will still be logged but no action will be taken. So far, 24 hours have passed with no issues. Have checked the logs and no additional failures or oddities.

I would be happy to hear if you have any thoughts on the above or other thoughts generally.

Thanks.

4

Thought I’d close this one out. This turned out to be ISP instability upstream that just happened to coincide with my upgrade. I still left the settings that got suggested by Tom and the ones from the thread in Netgate’s forums set to:

  • System / Routing / Gateways / WAN > Turned on Disable Gateway Monitoring Action
  • System / Advanced / Miscellaneous > State Killing on Gateway Failure to Do not kill states on gateway failure

If not wanting to turn off the action, setting a stable monitoring IP to something like 1.1.1.1 was recommended.

2 Likes