• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense 2.7.2 in Hyper-V freezing with no crash report after reboot

Scheduled Pinned Locked Moved Virtualization
62 Posts 7 Posters 9.5k Views 6 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    jacolex @Bismarck
    last edited by jacolex Apr 13, 2025, 6:40 PM Apr 13, 2025, 6:39 PM

    Hello, I'm struggling with simmilar case. pfSense with 6 interfaces, hosts suddenly lost connection from/to pfsense gateway, which means distruption of web services. It happens once a month, but last week it happened 3 times. Only restart can help. Today I swiched to UFS. If it not resolves the issue, I'll try with disabling pfblocker for achieve minimal resources consuming. I wonder whether pfsense 2.8.0 on FreeBSD 15 would be more stable or worse.

    1 Reply Last reply Reply Quote 0
    • M Offline
      maitops @Bismarck
      last edited by Apr 19, 2025, 1:02 PM

      @Bismarck Hi,

      The system is still running fine ?

      B J 3 Replies Last reply Apr 19, 2025, 1:17 PM Reply Quote 0
      • B Offline
        Bismarck @maitops
        last edited by Apr 19, 2025, 1:17 PM

        @maitops

        Yes, no problems so far.

        1 Reply Last reply Reply Quote 0
        • J Offline
          jacolex @maitops
          last edited by jacolex Apr 19, 2025, 1:50 PM Apr 19, 2025, 1:18 PM

          @maitops yes, since 10 days. I also disabled hn ALTQ support (no clue if it's necessary). Observing kernel hvevents, no issues. But I have to wait 2-3 months to say, that it's stable.

          1 Reply Last reply Reply Quote 0
          • J Offline
            jacolex @maitops
            last edited by Apr 20, 2025, 9:01 AM

            @maitops unfortunately, today morning we encountered network outages and the firewall needs to be restarted.

            1 Reply Last reply Reply Quote 0
            • S Offline
              stephenw10 Netgate Administrator @Bismarck
              last edited by Apr 20, 2025, 12:50 PM

              @Bismarck said in pfSense 2.7.2 in Hyper-V freezing with no crash report after reboot:

              No hvevent storm here for 6 days and 23.5 hours since my last update,

              So this was setting the power management to 'high power' in Hyper-V? Which presumably disables throttling down the VM in some way.

              B 1 Reply Last reply Apr 20, 2025, 6:59 PM Reply Quote 0
              • B Offline
                Bismarck @stephenw10
                last edited by Apr 20, 2025, 6:59 PM

                @stephenw10

                Yes, or just disabling the power management/green feature of the Nic should be enough, this is how it is right now on my Hyper-V host. There was a message (no error) in the Windows event logs about switching states or so, while the hvevent storm.

                M 1 Reply Last reply Apr 25, 2025, 1:12 PM Reply Quote 1
                • M Offline
                  maitops @Bismarck
                  last edited by maitops Apr 25, 2025, 1:13 PM Apr 25, 2025, 1:12 PM

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    Bismarck
                    last edited by Bismarck Apr 25, 2025, 3:13 PM Apr 25, 2025, 3:12 PM

                    Quick update:

                    c941ae86-6ebb-40bb-a5e5-7ce0c05a60ce-image.png

                    Had to reboot once because auf updates, but since than rock solid no incidence. Enabled all extra IP-Lists and Suricata and so again.

                    @maitops Just disable all energy saving features of the nic or select high performance power profile in windows for a test.

                    It must be the power state switching or the system tunables I did im my last update post.

                    M 1 Reply Last reply May 9, 2025, 1:40 PM Reply Quote 1
                    • M Offline
                      maitops @Bismarck
                      last edited by May 9, 2025, 1:40 PM

                      @Bismarck I still have the issue, I have a mellanox connectx-6 Lx NIC, I just disabled the "Interupt Moderation" too

                      B 1 Reply Last reply May 9, 2025, 1:54 PM Reply Quote 0
                      • B Offline
                        Bismarck @maitops
                        last edited by May 9, 2025, 1:54 PM

                        @maitops

                        I have a Intel 82599 and X550-AT2 in use.

                        1920876d-a2ae-46f6-97dc-38f66a5371b3-image.png

                        Did you try the loader.conf.local and system tunables from the screenshot?

                        M 1 Reply Last reply May 9, 2025, 2:03 PM Reply Quote 0
                        • M Offline
                          maitops @Bismarck
                          last edited by May 9, 2025, 2:03 PM

                          @Bismarck Yes, iI changed the loader.conf and rebooted.
                          the tunable, not everything, only:

                          hw.hvtimesync.sample_thresh
                          hw.hvtimesync.ignore_sync

                          i can try to set all the others too

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            stephenw10 Netgate Administrator
                            last edited by May 9, 2025, 2:13 PM

                            You should set custom loader values in /boot/loader.conf.local (create that file) to prevent them being overwritten by the system.

                            M 1 Reply Last reply May 12, 2025, 6:47 AM Reply Quote 1
                            • S Offline
                              shoulders
                              last edited by May 11, 2025, 10:21 AM

                              is this the same underlying issue as

                              https://forum.netgate.com/topic/197248/pfsense-2-7-2-ram-leak-wired-memory-pool/11

                              might be irrelevant it is on a hypervisor.

                              solution looks like it might to update to pfsense 2.8.0

                              1 Reply Last reply Reply Quote 0
                              • M Offline
                                maitops @stephenw10
                                last edited by May 12, 2025, 6:47 AM

                                @stephenw10 My bad, i'm trying with this.
                                I will tell you if it solved my issue.

                                J 1 Reply Last reply Jul 2, 2025, 8:02 AM Reply Quote 0
                                • J Offline
                                  jacolex @maitops
                                  last edited by Jul 2, 2025, 8:02 AM

                                  @maitops after upgrade to 2.8.0 - everything works fine for about 3 weeks. After that since yesterday I needed to reboot the pf 4 times.

                                  1 Reply Last reply Reply Quote 0
                                  • T Offline
                                    Techniker_ctr
                                    last edited by Jul 8, 2025, 8:27 AM

                                    Just fyi, we recently upgraded one of our unused pfSense systems to 2.8, and it crashed about 4 hours after that. Looked the same as the crashes of 2.7, no systems behind that firewall so no traffic on it.

                                    Our plan is to move about 50 firewalls to our new windows 2025 hypervisors and see if this fixes the problem, but as we still cannot really trigger it we need to wait at least half a year to be able to say its stable if no crashes occur.

                                    B 1 Reply Last reply Jul 8, 2025, 8:54 AM Reply Quote 0
                                    • B Offline
                                      Bismarck @Techniker_ctr
                                      last edited by Bismarck Jul 8, 2025, 8:57 AM Jul 8, 2025, 8:54 AM

                                      @Techniker_ctr Today we had our first hvevent storm in a long time, only change was switching replica from one host to another 2 weeks ago.

                                      To be honest I don't think its fixed in Server 2025 or pfSense 2.8.0.

                                      S 1 Reply Last reply Jul 8, 2025, 4:10 PM Reply Quote 0
                                      • S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by Jul 8, 2025, 11:46 AM

                                        Has anyone been able to replicate it with vanilla FreeBSD 15?

                                        This is almost certainly something that would affect that and should be reported upstream. We don't do anything special for hyper-v in pfSense.

                                        Reference FreeBSD thread (which looks like all same posters 😉 ) https://forums.freebsd.org/threads/hyperv-cpu-hvevent-goes-to-100.95981/

                                        1 Reply Last reply Reply Quote 0
                                        • S Offline
                                          shoulders @Bismarck
                                          last edited by shoulders Jul 8, 2025, 4:10 PM Jul 8, 2025, 4:10 PM

                                          @Bismarck can you give me the full name of hvevent storm so I can understand what this means. Just a pointer will do 😄

                                          thanks

                                          B 1 Reply Last reply Jul 8, 2025, 4:28 PM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            [[user:consent.lead]]
                                            [[user:consent.not_received]]