Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [BUG?] New PPPoE module (if_pppoe) causes high "Errors Out" on WAN (Vivo Fibra)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    47 Posts 8 Posters 6.0k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      Yeah, you won't usually see drops on LAN because the bandwidth limit there is upstream on the pppoe link. It can send packets out to LAN clients much faster than it receives them and hence no need to drop any. But the other way it needs to queue and/or drop packets because 75Mbps is much lower than 1G.

      You might be better off using Limiters based shaping instead of ALTQ:
      https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html

      That can be applied to traffic on the LAN side.

      J brookheatherB 2 Replies Last reply Reply Quote 0
      • J Offline
        jonathan.young @stephenw10
        last edited by

        @stephenw10 I have a similar problem to this (I posted earlier in this thread). I had traffic shaping enabled on my WAN interface so I disabled it and tried again with the new PPPoE module (if_pppoe). In my case, it still doesn't work. I cannot get to the web interface but can ssh. System.log is filled with messages like these:

        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:30 firewall check_reload_status[531]: rc.newwanip starting pppoe0
        Jun 21 14:17:30 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall kernel: ovpnc6: link state changed to DOWN
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall kernel: ovpnc4: link state changed to DOWN
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall kernel: ovpnc3: link state changed to UP
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: rc.newwanip starting ovpnc3
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:31 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        Jun 21 14:17:32 firewall check_reload_status[531]: Could not connect to /var/run/php-fpm.socket
        

        I do have some OpenVPN and WireGuard client connections to VPN servers. Would that make a difference? Disabling the new PPPoE module (if_pppoe) returns everything back to normal. So it's still broken for me.

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          Hmm, that looks like PHP stopped responding. But that could be a symptom of whatever check_reload_status is doing.

          Does it clear it if you restart php from the console menu?

          Is that the first error logged after enabling the shaper?

          How is the shaper configured?

          1 Reply Last reply Reply Quote 0
          • brookheatherB Offline
            brookheather @stephenw10
            last edited by brookheather

            @stephenw10 thanks - I have now moved to using limiters with if_pppoe and these work fine without generating any WAN out errors. I followed the guide - can I ask that you update the floating rule documentation slightly and add a note for IPv6 as the Source should by "Any" instead of "WAN Address" for IPv6 - otherwise the limiter has no effect.

            If the expected behaviour for if_pppoe is that it will increment the WAN out error count for ALTQ shaper dropped packets then it would be useful to note this by the if_pppoe checkbox - perhaps state that ALTQ shapers are not recommended and limiters should be used in their place?

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Mmm, something could be added. Though as I understand it if_pppoe actually works as expected with ALTQ. It's just that users don't expect to see the dropped packets logged as errors,

              1 Reply Last reply Reply Quote 0
              • D Offline
                dorabiatto
                last edited by

                [EN_US]

                Good morning, everyone,

                I'm a bit lost regarding the PPPoE issue.
                Has the root cause of the errors been identified?
                Also, will the fix be included via System Patches? If so, is there an estimated timeline for when that might happen?

                Thanks in advance!

                [PT_BR]

                Bom dia, pessoal!

                Estou um pouco perdido em relação ao problema com o PPPoE.
                Vocês já identificaram a causa desses erros?
                Gostaria de saber também se o fix será incluído via System Patches — e, se sim, há alguma previsão de quando isso deve acontecer?

                Agradeço desde já!

                K 1 Reply Last reply Reply Quote 0
                • K Offline
                  kprovost @dorabiatto
                  last edited by

                  @dorabiatto said in [BUG?] New PPPoE module (if_pppoe) causes high "Errors Out" on WAN (Vivo Fibra):

                  Has the root cause of the errors been identified?

                  Yes. ALTQ decides to drop packets on congestion (which is what it does, this is not a bug) and if_pppoe counts this. Again, not a bug.

                  Also, will the fix be included via System Patches? If so, is there an estimated timeline for when that might happen?

                  There is not fix because there is no bug. We are accurately counting dropped packets. Packets which we meant to drop.

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    dorabiatto
                    last edited by

                    What can I do to avoid having these errors here in our pfsense? Is there anything I can do or are these thousands of errors normal?

                    brookheatherB 1 Reply Last reply Reply Quote 0
                    • brookheatherB Offline
                      brookheather @dorabiatto
                      last edited by brookheather

                      @dorabiatto do you use the ALTQ traffic shaper? If so just change to use the equivalent limiter instead - you will no longer have errors.

                      I'm not sure I agree that it is not a bug that if_pppoe shows dropped packets as errors - this wasn't the case with the old code. To me an error should not be shown if it results from expected behaviour of dropping congested packets... a better solution would be to show a separate counter for dropped packets - that would actually be useful.

                      D 1 Reply Last reply Reply Quote 0
                      • D Offline
                        dorabiatto @brookheather
                        last edited by

                        @brookheather But is this discarding behavior normal?

                        Our pfsense is simple, we use it for NAT, VPN, and other simple, everyday things.

                        I don't think we use ALTQ

                        Even so, the number of Errors Out is very high.

                        So, what can I do to avoid having more discarded packets?

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Check Status > Queues. If there are any queues then you're using ATLQ.

                          J D 2 Replies Last reply Reply Quote 0
                          • J Offline
                            jonathan.young @stephenw10
                            last edited by

                            @stephenw10 I disabled any queues that I was using but still my problem persists. I am beginning to think that my problem although related is not the same as the one originally reported so I might create a new thread.

                            1 Reply Last reply Reply Quote 0
                            • D Offline
                              dorabiatto @stephenw10
                              last edited by

                              @stephenw10 I checked here.

                              Traffic shaping is not configured.

                              ^ I dont have Traffic Shaping.

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                dorabiatto
                                last edited by

                                @brookheather @stephenw10 From what I understand, Errors Out happens to those who use Traffic Shaping and those who don't.

                                So why does Errors Out happen? Is there any way to avoid it?

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Do you see errors on the parent interface?

                                  You can try the dtrace commands shown in this thread and see if you're hitting some error other than 55 (no buffers).

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.