@Pizzamaka said in unbound stops and won't start again + high cpu:

What still puzzles me is why starting unbound through UI does not work whereas running pfblocker update does start unbound.

Not 100% sure, but it could be that when killed unbound leaves behind its PID file in /var/run/. A shell script could potentially just unilaterally delete any existing unbound PID file before attempting to restart it. That's just a guess on my part, though, as I have not looked at the code in the pfBlockerNG scripts.

When you attempt to restart the DNS Resolver from the GUI, do you see anything in the pfSense system log at that time mentioning a PID file for unbound? If you do, that would validate my guess.

Hmm, OK. Significant.

Yes. In almost every case when using igc.

@artenpie thanks for confirming!

deleted my rules

Which rules - the same rules, or all rules on all interfaces?

It shouldn't make a difference, but are there existing rules in /cf/conf/config.xml which use an interface that doesn't exist?

Are you able to reproduce this starting from a fresh configuration? If so, would you provide exact steps?

No idea what triggered it? Nothing logged at that time?

So before it asks you to reboot? Like:

Screenshot from 2024-11-15 19-22-31.png

Does the VPN eventually connect and start passing traffic by itself?

What do the log show?

@stephenw10 No, I have the RAM-disk enabled and I don't see anything before.

@marcosm said in Kea DCHP error:

could be in a 2.8 release

Not sure if my 4100 can use 2.8, I'm using 24.03.
I'm planning to switch to 24.11 RC next week.

@SteveITS Good to know, I have to tell this to a specific admin at a customer. He has the dashboard open for longer periods of time sometimes ...

A clean install from the net installer? Or upgrade from 24.03?

When you say the first image do you mean the first pkg? Like [1/32]?

@marcosm Thankyou, I can confirm the RC version has resolved this isssue

installed the RC right now, HAproxy starts OK now. Thanks.

@jimp I felt brave, this time with MIM enabled. And you were right. I managed to log-in with chromium, after clearing some saved information. With FF I had no luck so far but now I had two ways to access pfSense and re-enable https. Thank you.

Wait for RC or apply the patch on the referenced redmine link, then install/uninstall the package.

I posted about this earlier.. and was sent here:

https://forum.netgate.com/topic/190824/cpu-load-on-1100/2

It appears you are right on about the Wireguard widget!

@patient0 Thanks for the suggestion.

I just removed all the widgets, other than system information, one at a time and CPU usage dropped to around 1%. Seems all the widgets are culpable.

Ted

The CPU usage increase may be this:
https://forum.netgate.com/topic/190824/cpu-load-on-1100

Unless you've switched to Kea, the DHCP Relay status text should remain the same.

Then it sounds like you are adding rules that accidentally bypass the Limiters.

Nothing has changed in 24.11 in that regard. But this seems more like a config error than a bug in Limiters.