I've been using Monowall for years and have been very happy with the quality of the "product". Unfortunately, last night my Monowall lost its PPPoE connection and apparently did not notice the lost connection for over an hour.
According to my
Nagios report, the connection went down at 2:07am. There are no suspicious Monowall log entries around that time and not surprisingly, no incoming firewall logs after 2:03.
At 3:27 Monowall detected the lost connection and began the connection reset sequence.
Jun 3 03:27:01 --IP removed-- mpd: [pppoe] LCP: no reply to 1 echo request(s)
Jun 3 03:27:11 --IP removed-- mpd: [pppoe] LCP: no reply to 2 echo request(s)
Jun 3 03:27:21 --IP removed-- mpd: [pppoe] LCP: no reply to 3 echo request(s)
Jun 3 03:27:31 --IP removed-- mpd: [pppoe] LCP: no reply to 4 echo request(s)
Jun 3 03:27:41 --IP removed-- mpd: [pppoe] LCP: no reply to 5 echo request(s)
Jun 3 03:27:41 --IP removed-- mpd: [pppoe] LCP: peer not responding to echo requests
Jun 3 03:27:41 --IP removed-- mpd: [pppoe] LCP: LayerFinish
Jun 3 03:27:41 --IP removed-- mpd: [pppoe] LCP: LayerStart
Jun 3 03:27:41 --IP removed-- mpd: [pppoe] LCP: state change Opened --> Starting
Jun 3 03:27:41 --IP removed-- mpd: [pppoe] LCP: phase shift NETWORK --> DEAD
. . .
Searching the forums, mailing lists and Google
turned up this info from Manuel:
m0n0wall uses LCP echos to detect if the PPPoE session has gone down;
AFAIR if it doesn't get a reply to 5 echos (which are sent every 20
seconds), it will try to re-establish the connection.
My questions are:
1) Where do these echo requests go.
2) How can I tell if LCP is actually checking every 20 seconds. In my case it seems as if it didn't check for over an hour.