NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

simple1689's avatar
simple1689
Follower
Jun 16, 2016

Half of Pings Drop over IPSec Tunnel

Hi there!

 

Pull hairs over here, I have a IPSec Tunnel between two pFsense Firewalls. Pings to both Gateways without issue, pings to PCs on Remote LAN succeed without issue. When pinging the ReadyNAS on the Remote Network, half of the pings fail while the other half succeed. At this time, I cannot access the ReadyNAS on the Remote Network from the Main Network over VPN. There is no issue pining the ReadyNAS when on the same local subnet.

 

Local Nework: 192.168.10.x

Remote LAN: 192.168.30.x

 

(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 192.168.30.50

Pinging 192.168.30.50 with 32 bytes of data
Request timed out.
Reply from 192.168.30.50: bytes=32 time=147ms TTL=62
Request timed out.
Reply from 192.168.30.50: bytes=32 time=133ms TTL=62

Ping statistics for 192.168.30.50:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 133ms, Maximum = 147ms, Average = 140ms

C:\WINDOWS\system32>

 

 

Business Discussions
ipsec
packet loss
ReadyNAS
VPN

2 Replies

Replies have been turned off for this discussion
  • BrianL2's avatar
    BrianL2
    NETGEAR Employee Retired
    Jun 17, 2016

    Hi simple1689,

     

    Does your ReadyNAS get updates? Or at least connected to the internet properly? See if adding DNS 8.8.8.8 and Router Gateway will do wonders.

     

    Also, try this command and let us know what happens.

     

     ping NASIP -f  -l 1472

     

     

    Kind regards.

     

    BrianL

    NETGEAR Community Team

    • StephenB's avatar
      StephenB
      Guru - Experienced User
      Jun 17, 2016

      I don't see how DNS is the culprit for ping failures using the IP address.

       

      It would be useful to know the MTU of the path, since that often can be a problem with ipsec tunnels.  If there will be a lot of traffic from the NAS, you might set up the NAS to use that MTU.

       

      But this sounds like something different - the ping packets are small, etc.  Can you mirror the LAN port that the NAS is using, and capture a wireshark trace?  That seems the most path.

       

      The NAS is either

      -not responding to the ping

      -not receiving the ping

      -responding normally, but the reply is not delivered by the network.

       

      The first is least likely, but we should still rule it out.

       

      You can also ssh into the NAS, and try pinging the remote PC.  If the problem shows up there, you can run the wireshark trace on the PC.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More