@stephenw10

Yes, you are correct. That was impacting the system.

I first setup a test system in lab with same 2.6 config and performed a webgui update 2.6 to 2.7.0-DEVELOPMENT. On 2.7.0-DEVELOPMENT the system does not exhibit the issues described in first post.

On production machine I followed your instructions and applied patch "Disable pf counter data preservation to temporarily work around latency when reloading large rulesets (Redmine #12827)".

Issue appears resolved.

Thank you!

Or roll back to a snapshot in Proxmox if you have one.

Ok I managed to solve the issue. The problem was that in the VM Hypervisor (Proxmox) I accidentally enabled „ballooning“ memory (which means it will remove memory on the fly if it detects that the VM is not using it).
I disabled it and now it all works like a charm. I guess the GUI (and myself) was confused that the RAM was removed from the VM while running, therefore showing memory usage „of 11GB“ while in reality it only had way less memory at this point.

Basically because it's extremely low priority compared with many other things.

It doesn't look that hard to do though. Pull requests accepted.

You could use the firewall logs widget on the dashboard instead where it is configurable.

Steve

You don't want a static route here because pfSense would have an interface in that subnet not access it via some other gateway on the LAN. You would disable the other interface then add back that subnet as a VIP on the existing interface so both subnets now exist on that interface. Obviously you would need to remove that to be able to re-enable the other interface.

Steve

@stephenw10 Thanks for the info! I am hoping you can provide a cloud-based control panel at some point. Am now looking at using the Dynamic DNS function for each PfSense appliance as we have GoDaddy for Registrar and it will not cost me to try it. I'm thinking it will probably construed as 'too clunky', but I'm hoping it will be received as a 'usable' option for my small offices.

Thanks again to all who provided input!!

Even after installing and uninstalling again?

You can check the pkg log in /conf. Squid has a bunch of parts which makes it more susceptible to issues if part of the script fails for any reason. Failing twice would be unusual though.

Steve

@dobby_

Firewall > Traffic Shaper > Limiters

LW has a video explaining this also link text

The majority of VPN tunnels? Show as disconnected when they are actually up?

@stephenw10 So if I try to access 192.168.5.6 (an iDrac that sits behind the pfSense box) I get "192.168.5.6 took too long to respond." but I dont see the firewall logging anything like it did before (see below). The 5.6 address is perfectly accessable by a laptop sitting behind the pfSense box, and the laptop can access the external web just fine.

2022-10-18_16h18_17.png

@globus243 I've had a similar experience, which may or may not be related. Netgate 5100 locks up shortly after either 6 a.m. or 6 p.m. but not always on the same day of the week. Finally traced the problem to pfblockerng-devel updating its block lists. For some reason this results in "insufficient swap space," even though no swap space is shown in use. My wife first noticed this phenomenon because her Amazon Alexa console, which is connected wirelessly, shows "no network." I'm not competent to delve into what's actually happening, so I just reboot the firewall and everything is fine.

Mmm, those look like real upstream issues unless you have something that shows otherwise.

Steve

@steveits said in Spontaneous reboots.:

@aaronouthier said in Spontaneous reboots.:

After 5 minutes, when Internet was not restored, the power cord was pulled

try to avoid turning off power on any device with a file system, to avoid file system damage. The proper way to shut down pfSense is Diagnostics/Halt.

I am aware. I didn’t say I pulled the power. My roommate got impatient and did things his way…

that's a different problem than the spontaneous reboots...?

Yes, I was confused initially. I had thought the system was rebooting when the power was pulled. It wasn’t until the next morning and saw the logs that I realized that wasn’t the case. Also, since it wasn’t rebooting, it means I just lost access to the system, which means ssh and web access weren’t an option. I was attempting to access by ssh when the power was pulled, and I had already determined the web UI was not accessable.

@aaronouthier said in Spontaneous reboots.:

centigrade

Google will do the conversion/math for you: https://www.google.com/search?q=35+celsius+to+fahrenheit

I know how to do the conversion. What I consider to be hot, and what a computer chip considers hot, are 2 different things. My home doesn’t quite get to 25 degrees Celsius, for example. At 35 degrees, I’d be about dead…

—Aaron

Hmm, that's odd!

@johnpoz said in Specific app doesn't connect to its server when on my network, but does while off:

@scottlindner you don't need to do that, you can just set your packet capture to the IP of the phone. You could setup a reservation in your dhcp so the phone always get the same IP.

Ahhh.. I see it now. I'll do that the next time she is over. Thank you! I'll follow up here regardless. If I figure it out, I'll post what was wrong and the solution, and obviously if it doesn't make sense to me I'll be asking for more guidance.

Appreciate you guys!!

Multicast MACs are known on wifi mesh systems like that, yes.
https://docs.netgate.com/pfsense/en/latest/install/upgrade-before-2.2.html#microsoft-load-balancing-open-mesh-traffic

Steve

Not if it's a remote device. ARP is not involved there.

Steve