NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
simple1689
Jun 16, 2016Follower
Half of Pings Drop over IPSec Tunnel
Hi there!
Pull hairs over here, I have a IPSec Tunnel between two pFsense Firewalls. Pings to both Gateways without issue, pings to PCs on Remote LAN succeed without issue. When pinging the ReadyNAS on the Remote Network, half of the pings fail while the other half succeed. At this time, I cannot access the ReadyNAS on the Remote Network from the Main Network over VPN. There is no issue pining the ReadyNAS when on the same local subnet.
Local Nework: 192.168.10.x
Remote LAN: 192.168.30.x
(c) 2015 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ping 192.168.30.50
Pinging 192.168.30.50 with 32 bytes of data
Request timed out.
Reply from 192.168.30.50: bytes=32 time=147ms TTL=62
Request timed out.
Reply from 192.168.30.50: bytes=32 time=133ms TTL=62
Ping statistics for 192.168.30.50:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 133ms, Maximum = 147ms, Average = 140ms
C:\WINDOWS\system32>
2 Replies
Replies have been turned off for this discussion
- BrianL2NETGEAR Employee Retired
Hi simple1689,
Does your ReadyNAS get updates? Or at least connected to the internet properly? See if adding DNS 8.8.8.8 and Router Gateway will do wonders.
Also, try this command and let us know what happens.
ping NASIP -f -l 1472
Kind regards.
BrianL
NETGEAR Community Team
- StephenBGuru - Experienced User
I don't see how DNS is the culprit for ping failures using the IP address.
It would be useful to know the MTU of the path, since that often can be a problem with ipsec tunnels. If there will be a lot of traffic from the NAS, you might set up the NAS to use that MTU.
But this sounds like something different - the ping packets are small, etc. Can you mirror the LAN port that the NAS is using, and capture a wireshark trace? That seems the most path.
The NAS is either
-not responding to the ping
-not receiving the ping
-responding normally, but the reply is not delivered by the network.
The first is least likely, but we should still rule it out.
You can also ssh into the NAS, and try pinging the remote PC. If the problem shows up there, you can run the wireshark trace on the PC.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!