Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
TheDrew's Avatar
Wizard
Join Date: Oct 2009
Location: British Columbia, Canada
Posts: 979
#1 (permalink)  
Old 04-17-2010, 04:26 AM
Question Flapping Internet connection

Hey everyone,

I've got a bit of a weird issue with my Astaro that has me stumped.

Background:
Recently we started testing the site to site VPN capabilities of the Astaro with an eye to expanding these units out to our branch offices. The branch unit is an Atom 330 w/ 2GB RAM that has been solid since we purchased it around six months back. The branch itself has maybe three PC's in sporadic use, a printer, and a Debit Machine, well within the capabilities of the little Atom. The unit has been running on a semi-commercial ADSL line for about 3 weeks before we started encountering problems.

The problem we are having is that throughout the day the unit will randomly lose it's connection to the internet. By 'lose', I mean that all traffic going beyond the confines of the office, either Internet or VPN, stops flowing. Once it drops the only way we can get traffic back is to power cycle the unit.

When this is happening the box stills appears to be up. I can ssh into the box and watch the system as it happens Webadmin says the link is up, the router & network card both show the link is active. There are no unusual spikes in system load, no errors show up, nothing. In short the box appears to be functioning perfectly, it's like test pings, DNS queries, everything goes out the external interface and stops dead.

I've replaced the impacted network card as I've seen them break in this exact fashion but even after replacing the card it's still doing this. And I highly doubt that I'd get two cards fail in exactly the same fashion. Even the cables were replaced 'just in case'.

I'd blame my ISP (Telus) as their method of allowing devices onto their network is somewhat odd, they require all devices behind their ADSL to 'register' the device MAC with their DHCP servers, and failure to register will cause exactly what I'm seeing. In this case however, I've been through the registration process, my ISP has confirmed it's done correctly, we're getting the IP we're supposed to, they can't see any issues with their gear, and the cheapo netgear router currently sitting in place of this Astaro unit has maintained a rock solid connection over the past week.

So what am I missing? The hardware appears fine. Astaro software appears fine. ISP's gear seems fine.
__________________
Andrew Kay, Owner
AGK Holdings / Softsolutions
"IT for the small business"
Astaro Partner since 2012

Verzeihe bitte meine Deutsch. Ich muss Google ‹bersetzer verwenden.
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,884
#2 (permalink)  
Old 04-17-2010, 08:10 PM
Default

This doesn't sound like anything I've heard of other than hardware. What happens if you just put Astaro loaded on an old PC in place of the little Atom?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Wizard
Join Date: May 2003
Location: Brunswick, Maryland, USA
Posts: 7,068
#3 (permalink)  
Old 04-17-2010, 09:54 PM
Default

Quote:
Originally Posted by TheDrew View Post
Hey everyone,

I've got a bit of a weird issue with my Astaro that has me stumped.

Background:
Recently we started testing the site to site VPN capabilities of the Astaro with an eye to expanding these units out to our branch offices. The branch unit is an Atom 330 w/ 2GB RAM that has been solid since we purchased it around six months back. The branch itself has maybe three PC's in sporadic use, a printer, and a Debit Machine, well within the capabilities of the little Atom. The unit has been running on a semi-commercial ADSL line for about 3 weeks before we started encountering problems.

The problem we are having is that throughout the day the unit will randomly lose it's connection to the internet. By 'lose', I mean that all traffic going beyond the confines of the office, either Internet or VPN, stops flowing. Once it drops the only way we can get traffic back is to power cycle the unit.

When this is happening the box stills appears to be up. I can ssh into the box and watch the system as it happens Webadmin says the link is up, the router & network card both show the link is active. There are no unusual spikes in system load, no errors show up, nothing. In short the box appears to be functioning perfectly, it's like test pings, DNS queries, everything goes out the external interface and stops dead.

I've replaced the impacted network card as I've seen them break in this exact fashion but even after replacing the card it's still doing this. And I highly doubt that I'd get two cards fail in exactly the same fashion. Even the cables were replaced 'just in case'.

I'd blame my ISP (Telus) as their method of allowing devices onto their network is somewhat odd, they require all devices behind their ADSL to 'register' the device MAC with their DHCP servers, and failure to register will cause exactly what I'm seeing. In this case however, I've been through the registration process, my ISP has confirmed it's done correctly, we're getting the IP we're supposed to, they can't see any issues with their gear, and the cheapo netgear router currently sitting in place of this Astaro unit has maintained a rock solid connection over the past week.

So what am I missing? The hardware appears fine. Astaro software appears fine. ISP's gear seems fine.
i've seen this. get your isp to send you another dsl modem. It's most likely flaking out. If that doesn't fix it have your phone lines checked. DSL is subject to the same issues as good old fashioned dialup(it's just a much faster form of it).
__________________
Owner: Emmanuel Technology Consulting
http://www.etc-md.com
My Installed Configs
Microsoft Partner
Sophos Silver Solution Reseller
Sophos Certified Architect - UTM
Reply With Quote
Gert Hansen's Avatar
Wizard
Join Date: Nov 2000
Location: Karlsruhe, Germany
Posts: 5,427
#4 (permalink)  
Old 04-17-2010, 11:30 PM
Default

Even if it sounds strange, lets check a few things on the ASG if that state is reached.

Have you taken a look in the dhcp client config file, maybe you find something interesting there. Another thing you can do is if the astaro is no longer online, do a tcpdump on the external interface and check if the astaro tries to send packets out.

Did you check the packetfilter log, if the system blocks the outgoing packages?

Thx gert
Reply With Quote
TheDrew's Avatar
Wizard
Join Date: Oct 2009
Location: British Columbia, Canada
Posts: 979
#5 (permalink)  
Old 04-18-2010, 11:36 AM
Default

Quote:
Originally Posted by Gert Hansen View Post
Have you taken a look in the dhcp client config file, maybe you find something interesting there.

Did you check the packetfilter log, if the system blocks the outgoing packages?
One of the first things I looked at when this started was the system logs. I've reviewed the DHCP logs along with other system logs(kernel, system, DNS, etc) which could give me some clues. From what I saw the box is running stable and within spec, exactly what I expect from the Astaro.

Quote:
Another thing you can do is if the astaro is no longer online, do a tcpdump on the external interface and check if the astaro tries to send packets out.
I haven't done a TCPdump but from what I saw of the tests I ran on the box while SSH'd into it, the unit should be spewing packets. I know it's not a substitute for TCPdump but when I was testing the external interface, the activity lights on both router & DSL modem start flickering when I broadcast pings to the web.

I will definitely test that though when I get the unit back to the office.
__________________
Andrew Kay, Owner
AGK Holdings / Softsolutions
"IT for the small business"
Astaro Partner since 2012

Verzeihe bitte meine Deutsch. Ich muss Google ‹bersetzer verwenden.
Reply With Quote
TheDrew's Avatar
Wizard
Join Date: Oct 2009
Location: British Columbia, Canada
Posts: 979
#6 (permalink)  
Old 04-18-2010, 11:47 AM
Default

Quote:
Originally Posted by William View Post
i've seen this. get your isp to send you another dsl modem. It's most likely flaking out. If that doesn't fix it have your phone lines checked. DSL is subject to the same issues as good old fashioned dialup(it's just a much faster form of it).
Hi WIlliam,

It's on my list for the next trip out there. I have a random spare unit of the same model the ISP issues that I can swap.

This'll also teach me not to skimp on the ADSL package I buy. Next package up is around $200/month more but I get a Cisco 8xx model DSL router w/ OOB management, true static IPs, and access to techs who actually know their stuff (no scripted, "have you done this?").
__________________
Andrew Kay, Owner
AGK Holdings / Softsolutions
"IT for the small business"
Astaro Partner since 2012

Verzeihe bitte meine Deutsch. Ich muss Google ‹bersetzer verwenden.
Reply With Quote
Wizard
Join Date: May 2003
Location: Brunswick, Maryland, USA
Posts: 7,068
#7 (permalink)  
Old 04-18-2010, 01:10 PM
Default

instead of cycling the astaro power cycle the dsl modem..that'll help narrow things down.
__________________
Owner: Emmanuel Technology Consulting
http://www.etc-md.com
My Installed Configs
Microsoft Partner
Sophos Silver Solution Reseller
Sophos Certified Architect - UTM
Reply With Quote
TheDrew's Avatar
Wizard
Join Date: Oct 2009
Location: British Columbia, Canada
Posts: 979
#8 (permalink)  
Old 04-18-2010, 01:42 PM
Default

Quote:
Originally Posted by William View Post
instead of cycling the astaro power cycle the dsl modem..that'll help narrow things down.
We have tried power cycling both. Power cycling the DSL modem does restore the connection for a little while but then it goes down after anywhere from 5min to 2hrs. Power cycling the Astaro also seems to work though it's hit and miss, and more often a miss.

To add insult to injury, every time I've been out there, the power cycle fixes the Astaro for the rest of the day. It then crashes the following morning after I'm back at head office.

I swear the thing hates me.
__________________
Andrew Kay, Owner
AGK Holdings / Softsolutions
"IT for the small business"
Astaro Partner since 2012

Verzeihe bitte meine Deutsch. Ich muss Google ‹bersetzer verwenden.
Reply With Quote
Wizard
Join Date: May 2003
Location: Brunswick, Maryland, USA
Posts: 7,068
#9 (permalink)  
Old 04-18-2010, 01:49 PM
Default

when you say crashes does the astaro box lockup or what is going on?
__________________
Owner: Emmanuel Technology Consulting
http://www.etc-md.com
My Installed Configs
Microsoft Partner
Sophos Silver Solution Reseller
Sophos Certified Architect - UTM
Reply With Quote
TheDrew's Avatar
Wizard
Join Date: Oct 2009
Location: British Columbia, Canada
Posts: 979
#10 (permalink)  
Old 04-18-2010, 03:57 PM
Default

Quote:
Originally Posted by William View Post
when you say crashes does the astaro box lockup or what is going on?
The failure I'm seeing is that the Astaro box will randomly lose connectivity to the Internet. When the connection 'crashes', I'm unable to get *any* response back from the web. DNS, pings, trace route, browsing all stop working. Throughout the whole failure, the Astaro box remains online, pingable, webadmin works, cpu/ram load is normal, link status stays up, etc.

In short the modem behaves in much the fashion you would expect if the DSL modem's link to the ISP was down. However, I can take a consumer grade NAT router (like my WRT54GL), attach it to the same DSL modem and it works without any glitches.
__________________
Andrew Kay, Owner
AGK Holdings / Softsolutions
"IT for the small business"
Astaro Partner since 2012

Verzeihe bitte meine Deutsch. Ich muss Google ‹bersetzer verwenden.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 05:21 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.