pfSense Plus software version 22.05 is now available for upgrades!

Rockyuk

I upgraded from 22.01 to 22.05 and I now have 100% CPU usage for the last day. When I disable pfBlockerNG it goes back to normal. As soon as I re-enable it the CPU goes back to 100% it was working fine on 22.01, what is the best way to diagnose why pfBlockerNG is now using 100% CPU usage?

Thanks

Rockyuk

jimp

Reminder: If you have issues, start a new thread in an appropriate category (e.g. General pfSense Questions).

This thread is an announcement and not intended for diagnosing problems.

reberhar

@rockyuk I don't know why you are at 100% cpu usage with pfBlocker. For me it was the downloading and installing of the UTI adult category. I watched the processes on TOP and they pretty well told the story. Dropping to the command line and running

top -aSH

helps to understand the processes that are using up the cycles.

Roy

mark.dodrill

Upgrade from 22.01 to 22.05 on my SG-1000 was successful (only Bandwidthd package installed). It always takes 15+ minutes to reboot and come back up, but it's working.

Mark

rredecker

I have upgraded main Router and two of my smaller router to 22.05. With this in mind I ran a test on a small router first. The upgrade went perfect and the upgrade did install perfectly. Now for the problem. If you run openvpn's new version on both router for a site to site vpn I can not get them to stay up at all. They connect fine then drop. I currently run it as TCP. but here is what I have tried all while taking down smaller sites all day yesterday to try to fix this issue.

• I change the connection to UDP instead of TCP (added the firewall rule)
• I changed the SHA to SHA512
• I created a TLS KEY for HMAC Auth and Shared that between the 2
• I removed all Encryption Algos except AES-256-GCM on both for main and fall back
• I remove DH
  And it still will not stay connected...

However if you run 21.05 to 22.05 it will work fine.

Thank you

reberhar

@rredecker

So what are your Ping settings set at?

I lost my network periodically and had to change my ping setting

Ping settings
Inactive
Causes OpenVPN to exit after n seconds of inactivity on the TUN/TAP device.
Activity is based on the last incoming or outgoing tunnel packet (not control or keep-alive packets).
A value of 0 disables this feature.

WARNING: Use with caution. When triggered, the client process will exit and it will not automatically restart.
Ping method
keepalive helper uses interval and timeout parameters to define ping and ping-restart values as follows:
ping = interval
ping-restart = timeout
Interval
Timeout

reberhar

@reberhar cut and past didn't get it. I am at 10 and 300

brians

@reberhar You can also set a service watchdog (install package) to keep the openvpn service running if disconnects. This has been an issue with OpenVPN site to site for a very long time - when disconnects seems it never reconnects by itself again.

reberhar

@brians Yes you are right. It is a pain in the neck when you must rely on tunnel and it is not there. The ping change is a little easier.

crosscheck

This post is deleted!