What's new
Symbianize Forum

Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.

All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

Issue with PFSense

hellogarry

hellogarry

 
 
Symbianize Chieftain
Advanced Member
Messages
1,394
Reaction score
74
Points
78
Space Stone
Mind Stone
Power Stone
Reality Stone
Soul Stone
Time Stone
Good day, may problem po ako sa pfsense...
Ang setup po namin ay 2 pfsense server and 3 WANS.

PFSense 1 - Dual Wan (Dynamic IP) - W/ Loadbalancing (DHCP Disabled) - Used for local computers.
PFSense 2 - Single Wan (Static IP) (DHCP Enabled) - Used for Wifi only
Both PFSense box are inside the same subnet.

Ang problema ko po ay sometimes may mga pc na nawawalan ng internet sa PFSense 1 (local computers namin), at kadalasan Okay naman lahat... parang may rotation po na nawawalan ng internet for some reasons. Okay lang sana kung lahat ng computers ay nawawalan ng internet and problema unti lang so di ko sure kung saan nag mumula ang problema.

Tapos pag nilipat ko sila sa PFSense 2 nagkakameron sila lang internet.

So ang naiisip kong dahilan ay ang Loadbalancing ko sa PFSense 1... di ko sure kung ang nagkakaissue ba ay ang DNS n2... pa tulong naman po.
 
1. Masyado kumplekado setup mo pero out na ako jan
2. This might have something to do with ARP or routing. Anong gamit mong DNS, local ba or public?
3. Magandang test e, ping mo local subnet IP pag nawalan ng net ang isang PC to know more about the issue. For sure, may conflict sa subnet mo.
 
szxa21 said:
1. Masyado kumplekado setup mo pero out na ako jan
2. This might have something to do with ARP or routing. Anong gamit mong DNS, local ba or public?
3. Magandang test e, ping mo local subnet IP pag nawalan ng net ang isang PC to know more about the issue. For sure, may conflict sa subnet mo.
Click to expand...

Google DNS po gamit ko sa General Setup > DNS and sa Monitor IP po ng mga gateways ko ay si WAN1 ay 8.8.8.8 and si WAN2 is 8.8.4.4 (Google DNS din po).

As for pinging... pag nawalan po ng internet ung ibang client namin, tinatry ko i ping:
Client to Gateway = No Issue.
Gateway to Client = Timed out.

Tinry ko rin po idisable si firewall ni client and still no internet.

At and nawawalan po ng internet ay magkakalayo ng IP... example: (xxx.xxx.1.52 and xxx.xxx.5.8) so sure po ako na walang kumuha ng IP.
 
napaka complicated ng setup nyo po sir pero puede naman cguro lahat ng ISP mo sa isang pfsense server lng, baka sa load balancing configuration or routing gateway yan sir. try mo din reboot ang server after changes.
 
Last edited:
Confirmed routing nga issue. Ano subnet mask na gamit mo sa server na may DHCP? Ilan din lease time ng clients for DHCP?
 
szxa21 said:
Confirmed routing nga issue. Ano subnet mask na gamit mo sa server na may DHCP? Ilan din lease time ng clients for DHCP?
Click to expand...

Standard, di ko po chinage ung DHCP lease time settings so 1 hour - 2 hours siguro..

xxx.xxx.0.1/20

xxx.xxx.0.1 - 50 -> For Access Points and other devices.
xxx.xxx.1.1 - 254 -> For Local Computer

xxx.xxx.10.100 - 12.254 -> For DHCP

Ginagamit din namin ung 5.1 - 5.80 para sa isa pang lab namin.


Additional Information:

So na encounter ko ulit si problem 2 days ago..
So ang ginawa ko nag ping ako kay google using 2 clients..
isang nawawalan ng internet at isang di nawawalan ng internet. (The test was done after our internet recovered, bali nun may internet na ulit ung both clients).

Eto ung test.
Client A (Di nawawalan ng internet) -> Can ping google.
Client B (Nawawalan ng internet) -> Obviously timed out ang pag ping sa google.

Test (While nagana ung internet in both clients).
Ang ginawa ko ay pag pinull out ko si WAN1 sa NIC ni PFSense 1, nawawalan ng internet si Client A. Pero meron si Client B.
And then, pag pinull out ko si WAN2, si Client B naman ang nawawalang ng internet at si Client A ang meron.

So pwede kayang issue si WAN2 at di ko lang nahahalata na nawawalan talaga siya ng internet at di nag fafailover ung pfsense ko?
Pero gumagana naman ang loadbalancing ko.. so diba dapat wala na issue si failover if ever?

BTW, salamat sa pag tulong :) (sana maresolve ko na to, if ever kelangan ko tangalin ung loadbalancing ko...)

izanagi128 said:
napaka complicated ng setup nyo po sir pero puede naman cguro lahat ng ISP mo sa isang pfsense server lng, baka sa load balancing configuration or routing gateway yan sir. try mo din reboot ang server after changes.
Click to expand...

Oo nga po eh, dpat po kc separated kasi, pag may nag download sa local namin affected ung mga access point kaya pinag hiwalay... and pag nag add naman ako limitation madami magrereklamo... :|
 
Last edited:
Sir may diagram ka po ba ng set up mo?

2 PF sense

PFsense server 1 = 2 WAN (local PC)

PFsense server 2 = 1 WAN (Wireless Access points)

Tapos isang Subnet lang ito? parang may mali. parang loop na sya.
 
still not resolved :|
 
may network diagram kaba? Pfsense 1 Lan > Pfsense 2 Wan > Pfsense Lan AP

ganyan ba set up mo sa AP mo?
 
check mo firewall mo baka block yong dns... ganun talaga yong pfsense if naka run thru virtual box / VM nag loloko ang dami issue para ma solve out yan hanap ka old pc wag laptop gawin mo bootable.
 
Try to escalate your problem with the OSI Layer troubleshooting.

baka Layer 1 yung issue, Try to check the LAN cable or Try mo check yung Ethernet/ Gigabit port from PFsense server mo baka may issue na anong PFSense gamit mo bare-metal ba yan o Virtual type? you should use Bare-metal type setup a dedicated Server para kay PFsense there's alot of rumors and issues for VM's pangit kasi gamitin if you have a large scale of network.

Gawa ka Ethernet/ Gigabit loopback to check your NIC ports.

Like this:
View attachment 371608

pag good yung physical. proceed ka Layer 2, check also your medium- Switches, ano yan manage? or unmanage? make sure trunk ports are consistently connected to the router ports or from your PFSense. baka naman kasi sa throughput ng ports nya kaya nag ba-bottleneck na - check also the number of concurrent users sa network mo. baka hindi mo na Proper size up. you can also use Link Aggregation if supported.

pag good yung Data Link. and you see no issue you can now proceed to Check the Layer 3 baka dyan na yung issue check routing table or the next hoop baka mismatch yung routing ni Pfsense and trace host/subnets connection. regarding port services check mo rin, check also your MTU path discovery baka nagkaka IP fragment na or mismatch MUT/MTU. check also your security baka binablock yung ICMP services kaya di maka pag PING.

Check your IP's/Subnetmask - baka naman kasi malaki yung Broadcast ng network mo or try to reduce it use VLSM formula or check your default Gateway or VGW - virtual gateway.

Check DHCP Server baka hindi na nag po-pool out ng IP add. or the NAT need a proper configuration assigned from LAN to WAN setup.

Check you DNS resolver try use other secured DNS like 9.9.9.9 or 1.1.1.1 and also check the latency of your DNS resolver. you should apply same DNS for both ISP's. for consistency.


Editted:

For Load Balancing/ Failover / Redundancy;

Check also threshold and idle, sa pagkaka alam ko ginagamit na Load balacing Algorithm ni PFSense is Weighted Balance ata.
you should also put specific number of threshold in all WAN's or ISP's for every users requests from the internet bago nya point in every ISP's. for persistence you need to add also 443. lahat na kasi ng website gumagamit na ng 443 and not 80. -HTTP.



I hope you learn from it...
 

Attachments

  • Loopback.JPG
    Loopback.JPG
    30.7 KB · Views: 23
Last edited:
another solution sa mabagal na connection ng pfsense box sa naka vmware or vbox :

(windows 7) Open network & Settings >> Change adapter settings >> right clik lan 2 (pfsense output nic card) >> configure >>Advance >> under Property> Look for > Large Send Offload ip4/ip6/Ip4 checksum offload >> Disabled.

Bago mo gawin yan mag ping ka muna sa google at naka window: ping google.com -t after at before para ma compare mo agad. Pero if naka disabled na try mo enable ulit. Yong ping dati ng Pfsense ko ay nasa 300ms pagakatapos na ginawa ko neto bumalik sa original ping na walang pfsense 50-90ms.
 
TS Tanong ko lang

Loadbalancing o Gateway balancing yung gamit nyo?

Yung gateway balancing sa pagkaka alam ko TS e yun yung tier 1 parehas yung isp mo sa gateway group. And isa pa TS about dun sa pfsense 2, pci yung wifi adapter mo o gumamit ka lang ng wireless router to broadcast your wireless connection?
 
Tanong ko lang, ilang mb ba net mo? stable ba yan? kasi ganito yan, pag connection mo ay 6mps tapos may 5 units na nakaconnect. at ang load balancing mo ay guaranteed 1mbps per unit, eh may extra kang 1mbps. pero pag bumagal ang net mo lets say naging 4mbps eh dc na 1unit jan.
simplified example lang po.
 
Wow, thanks for the help guys. Nag sara na ung company due to the pandemic, kaya case closed na siguro siya hahahaha.
 
binasa ko pa naman lahat kase nag-aaral ako ngayon ng pfsense :)
 
You must log in or register to reply here.

Similar threads

verzion32
Help on IPv6 for PFsense LAN side
Replies
0
Views
334
verzion32
verzion32
walk16
installing 2 tenda O3 A.P.
Replies
0
Views
74
walk16
walk16
jesu11
Mikrotik Config [Sharing / Discussion]
Replies
4
Views
878
baserunner
baserunner
Z a c h a r y
  • Locked
[PHP] ICT Equipment Inventory
Replies
5
Views
429
mastergpl
mastergpl
X
  • Question
OTHERS Unlimited Data Plan - Smart, Globe, etc
Replies
2
Views
1K
blanket
blanket
Back
Top Bottom