There have been problems that somehow the PID file for an OpenVPN instance can get updated with a new PID but the new process dies because the old process is still there, or some similar timing interaction. In that case the dashboard code is trying to query the OpenVPN status of a PID that does not exist - so it shows down. But actually the OpenVPN instance is happily running with some other PID and users are happy.
As you report, if you kill all the processes then start them 1-by-1 it all goes green. That is because the PIDs in the PID files now match the PIDs of the running processes.
Actually you will probably find that from a user point of view all OpenVPN instances were working fine.

If someone can pin down the sequence of events that causes this, then it can be fixed some day :)

none of these suggestions are working, I'm going to try a fresh 2.2 install and restore my conf and see what happens.

Thanks to the quick reply!

I have noted after your message that the page loads with the port 8002. But then gets lost when trying to load on the port 8000.

EDIT:
Your post showed me the right direction. Indeed I had a mis configured Form in one of my Log in Pages.
I had the complete address including the port 8000 as a target instead of just the variable.

This however seemed to work till the last Version but the upgrade process seemed to not light this.

Thanks for your help!

After creating the nat rule,  you do not need a firewall rules to wan on high port.

You can also listen only on loopback and then nat it from wan 80 .

@BBcan177:

If you are only using the country blocking features of pfBlocker then those lists do not require conversion as they are already in cidr format.

I would disable pfBlocker. Then confirm if /var/db/aliastables is clear of all pfBlocker files. If not, delete any remaining files.

Then enable pfBlocker and reboot to see if it's still slow.

I have developed a new package called pfBlockerNG which is currently being reviewed by the devs.

BBcan177 - Any timeline from the devs on pfBlockerNG making it into the packages?  I have been waiting for this to hit mainstream since last year when talking to you.  Looks as if it may be the best fix for us PFblocker user folks. Thanks again for your hard work on it.

Ash,

@Accounts:

Traffic Shaper: Limiter…I had both an In and Out set under this. I had them both set via a Firewall rule. I had no traffic going via that rule after the upgrade to 2.2. I removed the In limiter and just set the Out and it started passing traffic and limiting correct.

Hmm.  The UI doesn't seem to allow an Out limiter without an In limiter set …

See some interesting behavior with the Queues however… after the primary crashed and restarted, it appears traffic shaping isn't either being reported correctly or it's not working. Normally about 50% of our traffic is VOIP:


Is this a full install to a HD or Nano? Is it 64bit?

Steve

WTF.  Someone should seriously disable the http version of that page, especially when it has anything to do with entering a password - always enforce/encourage good security practices guys!  Despite the fact of it simply being a mailing list, people (sadly) tend to reuse legit passwords and usernames all the time.

https://lists.pfsense.org/mailman/listinfo/announce

Answering my own post here…

It seems that the synchronization of limiter rules are causing the problem in version 2.2. I haven't tested it yet but it sounds reasonable. The topic has also been discussed here:

https://forum.pfsense.org/index.php?topic=87541.0

…and a bug report has been filed here:

https://redmine.pfsense.org/issues/4310

Please note i am using transparent proxy

It only occurred initially after installation.  After enabling it through the web gui it then showed up in the console correctly as an option to disable.  Didn't try it but believe it would probably work now.

The web gui would give the standard message about creating keys and delaying ssh start up.  But never did get the success message until enable ssh in via the web gui.

Think it was probably some part of the system seeing it as enable and another as disabled.  So out of sync.

No not really concerned about it.

@lowprofile:

Are you running raid? Software or hardware?

RAID mirror : why ?

The root issue is what I added to the 2.2 upgrade guide here.

Either enable active LACP on your switch, or disable strict mode as noted there. We'll change the default back to its previous setting for 2.2.1.
https://redmine.pfsense.org/issues/4308

Steve - thanks for saving me some time searching by finding that first. :)

Yeah having a broken manually-edited config will do that. :) Glad you found the issue, thanks for the follow up.

"give 3 cores and 12gb to pfsense and 1 core and 4gb to the cloud."

You have that switched I think..  What is the speed of the connection??  How many vpn connections?  Pfsense sure and the hell does not need 3 cores and 12GG of ram ;)