kern.ipc.maxsockets limit reached
-
just now the Netgate have the same Problem. I can connect with Serial Connection. But with i hit 5 to reboot the System i get this Error: "Unable to start pfSense module in Unknown on line 0"
The only Menu was working is 8 (Shell). So i hit 8 and then with "reboot" the Netgate reboot and its working again.
-
System Logs says just this..
Dec 30 02:38:00 NPC-Chalet kernel: [zone: udp_inpcb] kern.ipc.maxsockets limit reached
-
Try running:
vmstat -z | egrep 'USED|inpcb'See if that output changes over time like something is leaking or perhaps is very low initially.
Steve
-
O OpIT GmbH referenced this topic on
-
after some test, i think its the Captive Portal Function. I just have enable it with Bandwidth restriction. The System has been working for about 3 Hours, now its hangs. I can connect with Serial and i can normally use the Reboot Function, but i cant ping to WAN or LAN....
We are using Captive Portal with multiple VLAN Interfaces (about 60 VLAN's)
I already Patched the Router with:
https://github.com/pfsense/pfsense/commit/b37f3f5d497493256f092619f94a266573dd6f04.patch
and
https://github.com/pfsense/pfsense/commit/c0f216b9b1b6455afc96cb37e6319a23bf28a98d.patch -
Hmm, neither of those have been tested extensively against 22.05 though I'd expect them to work there.
When this happens if you disable pf at the cli withpfctl -ddoes that allow you to regain access?
If you then restart the captive portal does that clear to blocks for some time?Steve
-
i need to test this.
But again, i think it has something to do with the multiple Interface (VLAN) selection in the Captive Portal. I have a other Netgate (1537) with just one VLAN selected in CP, and also installed both Patched > Here i don't see this Problem.
As the Netgate get monitored with PRTG, i can see the exakt time when it happens, so maybe some logs are helpful?
-
I could definitely believe that. Using a single zone for multiple interfaces is far more unusual and one of that patches addresses that situation specifically.
If you looks in Diag > Tables for the Cpzoneid table. Do you correctly see all the interface IPs listed? -
yes...
-
In which case the kern.ipc.maxsockets limit reached error could just be a symptom of the captive portal blocking traffic. Let me know if disabling pf allows it to pass again.
-
@stephenw10
when i enter pfctl -d in the shell, nothing happens. i need to hard reboot the Netgate... -
@stephenw10
no idea what else can i do? i thinks its definitively the Captive Portal function with multiple interfaces selected. At the Moment CP is disabled and the Netgate is running now for some days... -
How much traffic do you have through that captive portal?
Do you think the traffic passing it might trigger this? I.e. does it seem to stay up longer with fewer clients connected for example?
Are you able to test a 23.01 snapshot? There are numerous CP fixes there.
Steve
-
O OpIT GmbH referenced this topic on
-
i think it can have something todo with traffic. when i enable CP, its might run 15 Min but it also can be Days or Week before the Router crash.
Iam 100% sure the Problem is with multiple selected VLAN's in one CP Interface. Also i have bandwidth limitation set there
