anyone got grafana template to share?

I found the malefactor: my p2p client resilio sync on my synology server. This is causing all the trouble with the new router. When I turn the sync off / stop the app it’s working like before. Shortly after turning it on, the whole network Stucks. I think it has something with UPnP to do.

Hi, I have the same problem: Aug 25 15:04:12 kernel pfr_update_stats: assertion failed. Aug 25 14:51:13 kernel pfr_update_stats: assertion failed. Aug 25 14:45:54 kernel pfr_update_stats: assertion failed. Aug 25 14:37:32 kernel pfr_update_stats: assertion failed. Aug 25 14:32:15 kernel pfr_update_stats: assertion failed. Aug 25 14:32:04 kernel pfr_update_stats: assertion failed. Aug 25 14:31:52 kernel pfr_update_stats: assertion failed. Aug 25 14:22:45 kernel pfr_update_stats: assertion failed. Aug 25 14:22:45 kernel pfr_update_stats: assertion failed. Aug 25 14:22:23 kernel pfr_update_stats: assertion failed. Aug 25 14:22:23 kernel pfr_update_stats: assertion failed. Aug 25 14:21:37 kernel pfr_update_stats: assertion failed. Aug 25 14:10:19 kernel pfr_update_stats: assertion failed. Aug 25 14:07:55 kernel pfr_update_stats: assertion failed. Aug 25 13:50:40 kernel pfr_update_stats: assertion failed. PfSense 2.3.4-RELEASE-p1 (amd64) installed on HDD, the only package that is installed is FTP_Client_Proxy. It is a Dell PowerEdge R310 with these network adapters: 2 embedded Broadcom NetXtreme II Gigabit Ethernet (firmware 08.07.26) Intel(R) Gigabit ET Quad Port Server Adapter The problem started with the update from 2.1.5 to 2.3.4_1 (via 2.3.4). The day before I updated the Broadcom firmware to the latest version by Dell, but I did not see this error until I updated pfsense. This was the secondary firewall of an HA firewall pair with pfsense 2.1.5 amd64 full install with package pfflowd. Not complex configuration, but we have many rules. We have 13 interfaces and an interface group, we use carp, pfsync, xmlrpc sync, vpn: more than 60 openvpn and 10 ipsec, lag, vlan, dhcp server, dns forwarder, ntp… I have 2 LAG (whith LACP): igb0,igb1 and igb2,igb3. One LAG is assigned to an interface, the other has some VLANs. One Broadcom is directly connected to the other firewall (sync). The primary firewall has carp disabled, I have disabled pfsync and xmlrpc sync in both firewall and I have tried to shutdown the primary firewall. I tried to disable the only floating rule that we have (deny rule). I have backupped the config and done a fresh install of pfsense 2.3.4, upgraded to 2.3.4_1 and imported the config, but The problem persists. EDIT: I started again primary firewall with 2.1.5 (with same Dell firmware updates of secondary firewall), it worked fine for serveral hours and the secondary firewall with 2.3.4_1 didn't log errors anymore, ok it was in backup state, so no virtual ip, no vpn and no one used it as a gateway, but it received broadcast traffic, traffic directed to its ips and dhcp server has continued working. When I turned off carp on the 2.1.5 firewall, the 2.3.4 came back primary and after few minutes the error appeared again. Any suggestion to fix this issue? Thanks in advance, Gianluca.

There were three crashes in that submission and they were all different: db:0:kdb.enter.default>  show pcpu cpuid        = 1 dynamic pcpu = 0x20ce5200 curthread    = 0xc7abbc80: pid 12 "irq277: em0:tx0" curpcb      = 0xebde2d40 fpcurthread  = none idlethread  = 0xc7711c80: tid 100004 "idle: cpu1" APIC ID      = 1 currentldt  = 0x50 db:0:kdb.enter.default>  bt Tracing pid 12 tid 100096 td 0xc7abbc80 kdb_enter(c147c716,c147c716,c16439c7,c1fb7994,1,...) at kdb_enter+0x3d/frame 0xc1fb7940 vpanic(c16439c7,c1fb7994,c1fb7994,c1fb79ac,c12e7b2b,...) at vpanic+0x13b/frame 0xc1fb7974 panic(c16439c7,1,1,1,ebde2bdc,...) at panic+0x1b/frame 0xc1fb7988 dblfault_handler() at dblfault_handler+0xab/frame 0xc1fb7988 --- trap 0x17, eip = 0xc12d2098, esp = 0xebde2004, ebp = 0xebde2bdc --- Xpage(ebde2c30,c0d3d449,c7abbc80,ebdd2000,c7ac8000,...) at Xpage/frame 0xebde2bdc choosethread(c7abbc80,ebdd2000,c7ac8000,217,c7abbc80,...) at choosethread+0x1f/frame 0xebde2be4 sched_switch(c7abbc80,0,109,c7a19a00,0,...) at sched_switch+0x139/frame 0xebde2c30 mi_switch(109,0,c147751b,55b,ebde2d40,...) at mi_switch+0x122/frame 0xebde2c68 ithread_loop(c7ab37d0,ebde2ce8,ff5fe9ff,4100100,40005,...) at ithread_loop+0x1b1/frame 0xebde2ca4 fork_exit(c0cd8220,c7ab37d0,ebde2ce8) at fork_exit+0xa3/frame 0xebde2cd4 fork_trampoline() at fork_trampoline+0x8/frame 0xebde2cd4 --- trap 0, eip = 0, esp = 0xebde2d20, ebp = 0 --- Fatal double fault: eip = 0xc12d2098 esp = 0xebde2004 ebp = 0xebde2bdc cpuid = 1; apic id = 01 panic: double fault cpuid = 1 KDB: enter: panic cpuid        = 1 dynamic pcpu = 0x20ce5200 curthread    = 0xc7ff2000: pid 12 "swi1: netisr 1" curpcb      = 0xebf25d40 fpcurthread  = none idlethread  = 0xc7711c80: tid 100004 "idle: cpu1" APIC ID      = 1 currentldt  = 0x50 db:0:kdb.enter.default>  bt Tracing pid 12 tid 100144 td 0xc7ff2000 kdb_enter(c147c716,c147c716,c16439c7,c1fb7994,1,...) at kdb_enter+0x3d/frame 0xc1fb7940 vpanic(c16439c7,c1fb7994,c1fb7994,c1fb79ac,c12e7b2b,...) at vpanic+0x13b/frame 0xc1fb7974 panic(c16439c7,1,1,1,ebf25a40,...) at panic+0x1b/frame 0xc1fb7988 dblfault_handler() at dblfault_handler+0xab/frame 0xc1fb7988 --- trap 0x17, eip = 0xc12d2098, esp = 0xebf25008, ebp = 0xebf25a40 --- Xpage(10211ac,c7a1d400,ebf25b58,1,10000000,...) at Xpage/frame 0xebf25a40 ip_output(c9562500,0,ebf25b48,1,0,...) at ip_output+0xb36/frame 0xebf25b00 ip_forward(c9562500,0,0,1,0,...) at ip_forward+0x3ea/frame 0xebf25b88 ip_input(c9562500,c7ff2000,ebf25c68,72714af,2710,...) at ip_input+0xba8/frame 0xebf25bf0 swi_net(e2b9d880,0,246,0,302b14,...) at swi_net+0x15f/frame 0xebf25c3c intr_event_execute_handlers(109,c7f92b00,c147751b,55b,c31a070d,...) at intr_event_execute_handlers+0xaa/frame 0xebf25c68 ithread_loop(c7f7ae40,ebf25ce8,c2dc38d5,8,0,...) at ithread_loop+0x80/frame 0xebf25ca4 fork_exit(c0cd8220,c7f7ae40,ebf25ce8) at fork_exit+0xa3/frame 0xebf25cd4 fork_trampoline() at fork_trampoline+0x8/frame 0xebf25cd4 --- trap 0, eip = 0, esp = 0xebf25d20, ebp = 0 --- Fatal double fault: eip = 0xc12d2098 esp = 0xebf25008 ebp = 0xebf25a40 cpuid = 1; apic id = 01 panic: double fault cpuid = 1 KDB: enter: panic cpuid        = 3 dynamic pcpu = 0x20ceb200 curthread    = 0xc7711640: pid 11 "idle: cpu3" curpcb      = 0xe2bb6d40 fpcurthread  = none idlethread  = 0xc7711640: tid 100006 "idle: cpu3" APIC ID      = 3 currentldt  = 0x50 db:0:kdb.enter.default>  bt Tracing pid 11 tid 100006 td 0xc7711640 kdb_enter(c147c716,c147c716,c16439c7,c1fb7994,3,...) at kdb_enter+0x3d/frame 0xc1fb7940 vpanic(c16439c7,c1fb7994,c1fb7994,c1fb79ac,c12e7b2b,...) at vpanic+0x13b/frame 0xc1fb7974 panic(c16439c7,3,3,3,e2bb6c28,...) at panic+0x1b/frame 0xc1fb7988 dblfault_handler() at dblfault_handler+0xab/frame 0xc1fb7988 --- trap 0x17, eip = 0xc12d2098, esp = 0xe2bb6008, ebp = 0xe2bb6c28 --- Xpage(1,e2bb6c78,c147e0b3,a3d,6dccb163,...) at Xpage/frame 0xe2bb6c28 sched_idletd(0,e2bb6ce8,6240b163,1b424163,30ad2163,...) at sched_idletd+0x1dd/frame 0xe2bb6ca4 fork_exit(c0d3f900,0,e2bb6ce8) at fork_exit+0xa3/frame 0xe2bb6cd4 fork_trampoline() at fork_trampoline+0x8/frame 0xe2bb6cd4 --- trap 0, eip = 0, esp = 0xe2bb6d20, ebp = 0 --- Fatal double fault: eip = 0xc12d2098 esp = 0xe2bb6008 ebp = 0xe2bb6c28 cpuid = 3; apic id = 03 panic: double fault cpuid = 3 KDB: enter: panic Even though they were all "double faults" the backtraces appear to be quite unrelated. To me, my first inkling in this case is to suspect the hardware over anything else. On the outside chance it's a driver issue, try moving up to a 2.4.0-RC snapshot.

Thanks for the reply. will wait for the update :D thx.

Applied and confirmed working. :)

Without knowing the boot error it's impossible to say what it might have been. As for that graph, that isn't a graph analyzing your traffic, only your log messages. If the only rules you have that log are block, or you didn't have any traffic that matched a pass rule with log set, then seeing 100% blocked on that graph is normal.

What are you expecting it to be booting from with its storage removed? You probably want to make a memstick or CD-ROM and boot that and reinstall to whatever storage you intend to run it from now.

Apparently, this unit is toast. I shipped it back for an RMA.

Wait for 2.4, or depending on the cause, 2.4.1. If it's stable with hw.igb.num_queues="1" there is no harm in running that way for now, except perhaps with lower throughput depending on the load.

Whatever you install has to use "COM2" as the serial console. There are several examples here: https://www.netgate.com/docs/rcc-ve-4860/install-guide.html

@jahonix: @jahonix: Is that your main workstation … ? Nope, I have separate PC as my main workstation, the thing that pisses me off is Windows 10 has constant update, so far I just set it on manual update but I don't know if MS will force and update if I keep ignoring that. Probably stupid question, but is there any way for VM inside Hyper-V to survive a windows update?

Are you sure you have not installed SquidGuard because sgerror.php as shown in screenshot is by SquidGuard. Ashima

thanks finally solved it. Just increased cpu and ram

@kpa: As far as I know it's a cosmetic bug in Unbound caused by chrooting it under /var/unbound. There is no real problem. Good to know!  Thank you!

Are those other routers all pfSense installs?

There is also no reason to connect that to the firewall in any way. It is a network printer. Devices on your network will contact it directly over the network, it is its own print server.

Alright, thanks!  Guess my wanting to read the directions first messed me up.  :D Thanks for the info.

@pglover19: @johnpoz: Especially since it seems your DMZ is all just VMs?  So how do you have that connected to your vm host?  Assume it has its own nics for the physical connection to the dmz switch.. So your using how many ports on this switch?  Seems overkill for a few ports, etc. I have decided not to use the extra Juniper EX3300 as my DMZ switch. Will save it for my home lab setup in the future. I found a Juniper EX2300-C switch on EBay last night at an incredible price. The price was so good I purchased 3 of the switches. The unit is fabless, 12 ports and all ports are POE. Will use 1 as my DMZ switch. Attached is a drawing using the EX2300-C switch as my DMZ switch as well as using one of the EX2300 as a POE+ switch connected to my internal LAN network. The EX2300-C has 12 POE+ ports. Please let me know if you agree with how I have the EX2300-C connected to the EX3300 switches. I am trying to avoid any hairpins. [image: Drawing7.jpg_thumb] [image: Drawing7.jpg]