-
I decided to upgrade earlier today...it went without a hitch. Running 2.6 with two Realtek ethernet controllers, a RTL8111K and a RTL8111H in a Lenovo ThinkCentre M90n IoT dual NIC system.
-
Eventually it started dropping my wireguard connection on/off and eventually it locked up the LAN so i couldn’t log in. I went back to no Suricata which still works just fine.
-
@mxczxakm
It seems to me that there are several problems mixed in here, some sort of defective or incompatible hardware is mixed with incomplete/missed suricata settings. -
@w0w said in realtek-re-kmod missing in pfSense 2.6 repository?:
@mxczxakm
It seems to me that there are several problems mixed in here, some sort of defective or incompatible hardware is mixed with incomplete/missed suricata settings.Ok, thanks, I’ll keep digging. I think I’m going to move away from this Zima board again, too underpowered.
-
The issue is still the Realtek NICs. I found an article exactly to my board & issue. He ended up switching to an Intel NIC via PCIe to fix this issue in the end.
https://www.martinrowan.co.uk/2022/05/installing-pfsense-2-6-on-zimaboard/
Also of note:
https://forums.serverbuilds.net/t/demystifying-intel-pro-1000-quad-port-nics/2401 -
@mxczxakm
https://be-virtual.net/pfsense-arpresolve-cant-allocate-llinfo-for-x-x-x-x-on-emx/
Example of similar issues on Intel em driver...and realtek also...
There are two, at least, different solutions provided, one is to disable ARP daemon, whatever it means, and the second is to use dumb switch on this port, which is getting those messages like cant-allocate-llinfo what ever... -
@w0w thanks, his solution seemed to just be setting a static ARP/MAC for his connected rotating server. I have a direct pipe to the WAN on mine, simple home setup.
-
Usually seeing that message indicates pfSense no longer has an interface with an IP address in the same subnet as the indicate IP so it cannot ARP for it. So usually it's the gateway address on a dynamic connection and the interface has lost it's lease or similar.
Adding a static ARP entry there prevents it trying so you don't see that error but doesn't actually allow it to function in that circumstance. Usually those errors are only while a WAN reconnects.Steve
-
@stephenw10 maybe setting the default gateway to WAN instead of automatic would help but in my case I can’t because of the VPN connection.
-
Hmm, usually that's exactly when you should have it set to WAN and not auto.
This should be in a new topic though.
-
It has been seven days since I upgraded to realtek-re-kmod driver version 197.00, and my pfSense 2.6 box's LAN and WAN interfaces have not flapped even once. In the previous version, 196.04, the interfaces flapped randomly every one to four days and needed a reboot to fix the issue. Due to the frequent flapping issue with v196.04, I created a cron job that is scheduled to run every minute to check if an interface is flapping. The cron job will automatically reboot the OS if an interface has flapped more than five times (down/up/down/up/down). The OS reboot took ~40 seconds.
My box is a Gigabyte EL-20-3710-32G, and my internet bandwidth is 300 Mbps for upload and download. PowerD, Crypto Hardware, Kernel PTI, MDS Mode, RAM disks, hardware checksum offload, TCP segmentation offload, and hardware large receive offload are all disabled. I haven't changed anything other than upgrading the Realtek driver to version 197.00. Hopefully, the Realtek NIC flapping issue has been permanently fixed.
Below are the settings in my /boot/loader.conf.local and /boot/loader.conf:
if_re_load="YES" if_re_name="/boot/modules/if_re.ko" hw.re.msi_disable=1 hw.re.msix_disable=1 hw.re.eee_enable=0 hw.re.phy_power_saving=0 hw.re.phy_mdix_mode=0 hw.re.max_rx_mbuf_sz="2048" legal.intel_wpi.license_ack=1 legal.intel_ipw.license_ack=1 legal.intel_iwi.license_ack=1
-
@bepa888 any updates?
-
@goovich Ever since I installed the realtek-re-kmod driver version 197.00 25 days ago, there has been no flapping on either the LAN or WAN Realtek ports. Yay!
-
@bepa888 thank you for the update! Hope my Zbox CI323 nano will stop locking/hanging.
-
-
@xenium1024 i'm same erro in 196 197 and 198 repo!
-
In 2.6? Do this: https://forum.netgate.com/post/1100295
-
@stephenw10 Hello Good morning from Brazil!
Thanks, but after this configuration my pfsense broken :\image url)
I access to pfsense and its see you crash report, but i don't now how add here my log .tar
-
@stephenw10 i post in gist.github
https://gist.github.com/haskycrawford/f69722c7cdb9a02c2c87e1798d665307
-
Hmm, not a crash I'm familiar with. It did load the driver correctly though.
Is that part of an HA pair? The crash is in pfSync:
db:0:kdb.enter.default> bt Tracing pid 12 tid 100115 td 0xfffff800058a0740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe008702c5f0 vpanic() at vpanic+0x197/frame 0xfffffe008702c640 panic() at panic+0x43/frame 0xfffffe008702c6a0 trap_fatal() at trap_fatal+0x391/frame 0xfffffe008702c700 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe008702c750 trap() at trap+0x286/frame 0xfffffe008702c860 calltrap() at calltrap+0x8/frame 0xfffffe008702c860 --- trap 0xc, rip = 0xffffffff8109a0c6, rsp = 0xfffffe008702c930, rbp = 0xfffffe008702c950 --- pfsync_state_export() at pfsync_state_export+0x26/frame 0xfffffe008702c950 pfsync_sendout() at pfsync_sendout+0x280/frame 0xfffffe008702ca00 pfsyncintr() at pfsyncintr+0xd1/frame 0xfffffe008702ca50 ithread_loop() at ithread_loop+0x23c/frame 0xfffffe008702cab0 fork_exit() at fork_exit+0x7e/frame 0xfffffe008702caf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe008702caf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
-
Here it begins....
<118>Setting up gateway monitors... Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8109a0c6 stack pointer = 0x28:0xfffffe008702c930 frame pointer = 0x28:0xfffffe008702c950 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi1: pfsync) trap number = 12 panic: page fault cpuid = 0 time = 1682586946 KDB: enter: panic
And that may be the point were it struggles about.
fault virtual address = 0x0 fault code = supervisor read data, page not present