I watched this in May and started getting a better grasp on my gateway logging. Fast-forward two months and I was able to see in the logs that there were increasingly periods of packet loss at seemingly random times. I was able to narrow the problem down and get Comcast to send out a tech. Ended up that the cable line coming to the exterior of my home was beginning to fail - I just caught it very early. Comcast buried a new line a few days later and now it's been over a week without the same alerts showing up in my logs. All of your videos are helpful but just wanted to say an extra thanks for the payoff of this one. I am a school counselor and having a solid connection is more important than ever right now in my world of remote work. Thanks, Tom and team!
Having braved pfSense because of your tutorials I consume everything you post on it. The system failure happening at the same time every day reminds me of an accountant who was complaining that they couldn't use their dot matrix printer to print (checks I think) during the afternoon. The sun was hitting the paper out sensor and forcing the printer offline. Decades ago but time of day reporting is so valuable.
You definitely do not want to monitor the next hop gateway even if it is outside of your premises. You want to monitor the IP configured under you opn/pfsense firewalls DNS settings, whether that be cloudflare/quad9/google/etc. The reason for that is that if you only monitor your gateway, 1 or 2 hops from your firewall, that won't tell you if they have an upstream issue, an issue within the ISP network or a peering issue. Generally running multiple links for failover or load balancing you are going to want to have separate DNS providers running over different links. If there is latency or connectivity issues anywhere between you and your preferred DNS provider, fail over to another link and/or DNS provider. Otherwise you are just monitoring 1 point in your connection to the internet.
Looking for guidance and possible examples... So I have ISP on x.x1.1 -> DMZ on x.x.2.1 -> pfsense on x.x.3.1 If I'm on the DMZ am able to ping or access any device on both dmz and ISP, but If am on pfsense I can't ping/access any device from ISP or DMZ. Am assuming I need to add firewall rules etc.. I'm seeking guidance or a tutorial that will guide me through a similar process setup. Thanks.
There's no mention in this video or even in the docs what happens on a single WAN setup when the monitor fails. I just switched to pfsense and in my old router I had a script running that pinged Google DNS and when it failed it renewed the DHCP lease. Does gateway monitoring do that or does it just send notification?
It should be mentioned that pinging some routers is problematic since it might require special packet processing in the (weak) router cpu instead forwarding fabric (which could also lead to packet loss)
Any ideas on what could cause RTTsd fluctuations/ what to research to solve the issue? Having gaming problems lol. My RTT (12-14ms) but my RTTsd (2.5 -20ms) even when the network dosnt have traffic flowing. The variance on the RTTsd is pretty constant. I didn't used to have issue on earlier 2.4.x builds. Tried switching modems, isp diagnostics, different pfsense builds, system tunables etc. I dont experience these RTTsd spikes with ping tests on the modem itself.
I have a case where the ICMP packets do not work. First of al the WAN i am using in bridge mode uses PPPOE bridging. In pfsense on the gateway page in have a DHCP6 and PPPOE secetion for this specific wan, for the monitoring IP's are set to the gateway ip's giving about by the PPPOE session. Is there anything i can do to fix this?
Hi, I have a video request/suggestion, wondering if you can make one for OPNsense. I have been finding your pfsence videos extremely helpful, but also finding the baked in monitoring features of OPNsense looks and feels superior to pfsense's ntopng etc. Would love to hear your thoughts.
In Status>System Logs>System>Gateway, I get WAN_DHCP 10.0.0.1: sendto error: 65 (this is a pfSense VM on virtualbox sitting behind my main firewall at 10.0.0.1
Only 1 issue with your videos: you talk too fast and a lot of words are not understandable by me or by the auto subtitle. Please, slow down just 5% and try to pronounce every at least technical word correctly. Love ya
Omg your isp agreed to look into the issue and assumed responsibility when you provided them with concrete evidence that it was their equipment failing 0.0 …. Not pointing any fingers here but Bell Canada for business you should learn a thing or two from this…bastards
I'm adding a second gateway (Starlink as primary, AT&T as secondary) and this tutorial rocks, plain and simple. Thanks!
I watched this in May and started getting a better grasp on my gateway logging. Fast-forward two months and I was able to see in the logs that there were increasingly periods of packet loss at seemingly random times. I was able to narrow the problem down and get Comcast to send out a tech. Ended up that the cable line coming to the exterior of my home was beginning to fail - I just caught it very early. Comcast buried a new line a few days later and now it's been over a week without the same alerts showing up in my logs. All of your videos are helpful but just wanted to say an extra thanks for the payoff of this one. I am a school counselor and having a solid connection is more important than ever right now in my world of remote work. Thanks, Tom and team!
Having braved pfSense because of your tutorials I consume everything you post on it. The system failure happening at the same time every day reminds me of an accountant who was complaining that they couldn't use their dot matrix printer to print (checks I think) during the afternoon. The sun was hitting the paper out sensor and forcing the printer offline. Decades ago but time of day reporting is so valuable.
Would be nice to have a “Skip Intro” button like Netflix. Triple tapping forward works also. Great vids Tom.
There is plugin called sponsor blocker for that kind situations.
You definitely do not want to monitor the next hop gateway even if it is outside of your premises. You want to monitor the IP configured under you opn/pfsense firewalls DNS settings, whether that be cloudflare/quad9/google/etc. The reason for that is that if you only monitor your gateway, 1 or 2 hops from your firewall, that won't tell you if they have an upstream issue, an issue within the ISP network or a peering issue. Generally running multiple links for failover or load balancing you are going to want to have separate DNS providers running over different links. If there is latency or connectivity issues anywhere between you and your preferred DNS provider, fail over to another link and/or DNS provider. Otherwise you are just monitoring 1 point in your connection to the internet.
Looking for guidance and possible examples...
So I have ISP on x.x1.1 -> DMZ on x.x.2.1 -> pfsense on x.x.3.1
If I'm on the DMZ am able to ping or access any device on both dmz and ISP, but If am on pfsense I can't ping/access any device from ISP or DMZ.
Am assuming I need to add firewall rules etc.. I'm seeking guidance or a tutorial that will guide me through a similar process setup.
Thanks.
There's no mention in this video or even in the docs what happens on a single WAN setup when the monitor fails. I just switched to pfsense and in my old router I had a script running that pinged Google DNS and when it failed it renewed the DHCP lease. Does gateway monitoring do that or does it just send notification?
How do you figure your next hop would you just ping Google or something and take the first hop outside of your network?
It should be mentioned that pinging some routers is problematic since it might require special packet processing in the (weak) router cpu instead forwarding fabric (which could also lead to packet loss)
Hi Where do i seen the users activity as a proxy monitor, Like the Classic WinProxy but on PFSense, want to see what users are doing in my network.
Any ideas on what could cause RTTsd fluctuations/ what to research to solve the issue? Having gaming problems lol.
My RTT (12-14ms) but my RTTsd (2.5 -20ms) even when the network dosnt have traffic flowing. The variance on the RTTsd is pretty constant. I didn't used to have issue on earlier 2.4.x builds.
Tried switching modems, isp diagnostics, different pfsense builds, system tunables etc. I dont experience these RTTsd spikes with ping tests on the modem itself.
Hi, do you have any video of pfsense as a openvpn client and reach pfsense lan from others openvpn client?
I have a case where the ICMP packets do not work. First of al the WAN i am using in bridge mode uses PPPOE bridging. In pfsense on the gateway page in have a DHCP6 and PPPOE secetion for this specific wan, for the monitoring IP's are set to the gateway ip's giving about by the PPPOE session. Is there anything i can do to fix this?
Hi, question how to access pfsense gui. Tried connecting to switch and to my lan port still no lack, any advice?
Hi, I have a video request/suggestion, wondering if you can make one for OPNsense. I have been finding your pfsence videos extremely helpful, but also finding the baked in monitoring features of OPNsense looks and feels superior to pfsense's ntopng etc. Would love to hear your thoughts.
I don't use it so I don't review it.
@@LAWRENCESYSTEMS No problem, I went to your forums after posting that and saw you sort of covered it off there.
In Status>System Logs>System>Gateway, I get WAN_DHCP 10.0.0.1: sendto error: 65 (this is a pfSense VM on virtualbox sitting behind my main firewall at 10.0.0.1
Hello, i cannot even ping to a client behind pfSense from WAN (Same WAN as pfSense.)
Can you help me?
Hello, what to do if the Internet constantly disappears on it? connection type static ip
Only 1 issue with your videos: you talk too fast and a lot of words are not understandable by me or by the auto subtitle. Please, slow down just 5% and try to pronounce every at least technical word correctly. Love ya
My english is pretty bad but I can understand everything Tom says in the videos. You can't also try with RUclips playback speed of 0.75
Or speed up vids when reviewing something familiar.
Omg your isp agreed to look into the issue and assumed responsibility when you provided them with concrete evidence that it was their equipment failing 0.0 …. Not pointing any fingers here but Bell Canada for business you should learn a thing or two from this…bastards