Attention Firebox X Series Users - Testing Needed
-
I'm still having the same issue on my x500, although its not as bad as it used to be, but who knows. Its easy to reproduce, just have any traffic going through it and start hitting the web interface, usually listing the states will do it. I know it was worse when HTTPS was enabled. I've tried checking off disable hardware checksum, I've run the ifconfig re0 -tso, I've played with the ACPI settings in the device.hints but to no avail. I'm on 1.2.3-release now. One option I've seen is to disable ACPI in the BIOS but that involves the weird connector and finding a pci video card (man I threw a way a whole box of those a while back) so I havent done it.
It hasn't ever done it on its own, it only happens for me when I hit the web interface, so maybe its not such a problem, but it is annoying when you are trying to debug something and the whole thing locks out. Has anyone made any progress on this? ???
-
I am still having the same issue with 2.x. The horrible timeouts are with the 2.x versions of pfSense, for which we are turning TSO off and has a major improvement after that, but the timeouts will still be there with some major hits on the webgui just like in 1.2.3-release.
I don't know if this will ever be fixed, since a lot of the BSD developers think of Realtek NICs as crap and refuse to do anything about it, they just recommend to use Intel or something else. Which we obviously can't do.
-
Anyone else tried this?
I have two X500's as firewalls/VPN gateways and was having the timeout problem (one was worse than the other – different HW revisions?)
None of the options on System > Advanced > Networking did anything for me, but setting TCP Offload Engine (not the BCE one) in Systems > Advanced > Tunables to 0 (disabled) has allowed them both to run without issue for over a month now. Even the cat /dev/random over SSH doesn't make it hiccup.The snapshot I'm running is almost a month old now, but if the current builds still do this out of the box, it may be worth a shot.
-
Hi,
Any news on this topic?
-
Delerius, watchdog timeouts are pretty much a thing of the past in 2.0, when having set the correct tunables.
-
Delerius, watchdog timeouts are pretty much a thing of the past in 2.0, when having set the correct tunables.
I'm running pfsense 2.0 RC1
Also I have disabled net.inet.tcp.tso in tunables.
I still get watchdog timeouts when I'm connected as a client to the firebox configured as OpenVPN-server. -
I'm running pfsense 2.0 RC1
Also I have disabled net.inet.tcp.tso in tunables.
I still get watchdog timeouts when I'm connected as a client to the firebox configured as OpenVPN-server.That is likely related to what your MTU is set to. The Realtek nics are quite sensitive to incorrect mtu sizes.
What the correct mtu settings might be, is unfortunately something that you'll have to find out by trial and error. -
I'm running pfsense 2.0 RC1
Also I have disabled net.inet.tcp.tso in tunables.
I still get watchdog timeouts when I'm connected as a client to the firebox configured as OpenVPN-server.That is likely related to what your MTU is set to. The Realtek nics are quite sensitive to incorrect mtu sizes.
What the correct mtu settings might be, is unfortunately something that you'll have to find out by trial and error.I've read about other MTU-sizes than default 1500 can cause watchdog timeouts on the realtek nics.
I can see in the log from the OpenVPN-client that it sets different MTU-sizes for the tunnel/link.
I've tried to set it manually with link-mtu and tun-mtu in the client-config, but I don't seem to get it working.
Also is there a way to set the MTU-size in pfsense for a OpenVPN-connection/tunnel?
My knowledge on this is not good, so any help would be appreciated. -
This is what I can see when running windows OpenVPN client with default settings:
Fri Mar 11 16:07:57 2011 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Mar 11 16:07:57 2011 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]I have tried to set link-mtu to 1500 or tun-mtu to 1500
-
Am I the only one with this problem? I figure I must replace my firebox with something else until this is resolved.
-
You might have better luck with lower-than-1500 mtu settings.
