@stephenw10 I get by with a little help from my friends! Thanks again

@antonioremigio1 Hope gave them a bit of business end about - thought you said our IP wasn't blocked ;)

A lot of backend changes forced a longer development period. We are targeting October but that is dependent on new bugs found etc.

See the September newsletter.

Steve

Yeah, I'm probably out of date. Again!

Hmm, well that shouldn't happen!

You have to run the command several times in parallel? Or you ran it, quit, reran it etc?

That fills the state table very quickly for me with one process but doesn't crash it. I simply see logged:

Oct 1 21:14:47 kernel TCP syncache overflow detected; using syncookies for the next 15 seconds Oct 1 21:16:01 kernel [zone: pf states] PF states limit reached

The firewall stops responding during the flood and the gateway throws some errors because the pings fail.

That's a smaller device also running 2.7.2.

Steve

Well I'm not sure why it would ever release that. SWAP would only need to be cleared if it got close to exhaustion.

There are some tunable values but I'm not sure any of them would release used swap.

https://man.freebsd.org/cgi/man.cgi?query=tuning#SYSCTL_TUNING

@michmoor depending on your environment and traffic flows you could adjust those.. but its much less resources to just leave a state open then create a new one..

But depending on how many clients, what sort of traffic patterns, how many different connections they make.. You could run into a scenario where 24 hours might be too long and you run into state exhaustion. If that was the case you could adjust the default timeouts to try and mitigate such issues.

edit:
that being said normally when client is done with a conversation it would close the session with fin, fin,ack or even a RST.. Odd that its still open, but if the device is off and was removed from the network before it could close the session then yeah could stay open for 24 hours. Unless the other end closed it.

@420ow6jv953u i haven't had chance to try Steve's suggestion

@stephenw10 Thank you, I used your second suggestion going to system.php, scrolled down and was able to find and change location and language. I guessed that the button at the bottom submitted the changes and it camer up in English.

@Jake-Biker

You'd then have double TCP error correction and flow control, which could really mess things up. The only reason I'd use TCP is to get through a firewall that blocks everything but browsers on standard ports, such as at my local library.

Nice find. Thanks for the follow up. 👍

Do you see the new device on-line in the tailscale web interface?

The only thing I can really imagine there is that the crypto-routing for that new device is not valid so tailscale rejects it. I'm not sure why that would be though.

Hello everyone
In general, the cause of the problems was a physical malfunction of the computer.
I had a second computer that was completely identical to the problem one. I installed pfSense on it from scratch and transferred all the settings to it manually. I haven't installed any additional packages yet. Since then, there has not been a single unplanned reboot, the system is completely stable. It's been over two months. I plan to reinstall the necessary packages in the near future and continue monitoring.

After transferring the system to a new computer, I decided to experiment with the old one.
To begin with, I decided to completely reinstall pfSense with SSD formatting. I booted from the LiveCD and started the installation. I didn't even have time to rebuild the disk, as I received an error and a reboot. I thought that the SSD was faulty (although his SMART is fine), I replaced it with another one. The error was repeated. That is, it's not about the disk or RAM, because I changed it earlier. But in the end, after 3-4 attempts, pfSense was still installed. But after standing on for a while, the computer spontaneously rebooted. Then again and again. No settings have been made yet.
Next, I decided to try installing Windows 10 on my computer to test it. The installation freezes completely after the first step.
As a result, the ideas ran out, the computer was turned off and put away. Maybe I'll throw it away later.

Thank you all so much for your help!

The uboot version is updated during the upgrade process. The current version reports as:

Vendor: U-Boot Version: 2018.03-devel-1.2.0ROGUE2-01.00.00.02+ Release Date: Fri Feb 7 2020

So it seems you already have it.

@michmoor said in What Software for SG-3100:

Will the SG1100 support MIM ?

Yes. And the 2100. It builds for aarch64 just not armv7.

You should be able to install again from the webgui. Then remove it if you want. Or just leave it, the _17 version should be good.

Yup, pretty sure he could do that in his sleep! 😁

It’s a package you need cronjob I think

The ZFS layout changed. I forget exactly when but I think 23.01 was the first version using a compatible layout.