I have to reset states every 10 hours PFSense 2.0

eprimaveri · Dec 12, 2011, 9:31 PM

For some reason in the last 5 days as far as I can tell my traffic gets slowed on our WAN connection. I have to reset my states in order to get it back up to proper speed. Ping times are really high as well. Again once I reset my states everything goes back to normal. I have looked at the states and I don't see anything that stands out. No more that 500 states when this happens. Any assistance is greatly appreciated.

I do have Multi-WAN Loadbalancing on two separate ISP's. I have tried stopping the second connection on the load balancer gateway setting with the same result.
I do have two firewalls in place with Carp failover. This was working fine before I noticed the issue.
I am not seeing an error in the logs.
Firewall Maximum States = 390000
Firewall Maximum Table Entries = 390000
Total memory is 4GB
2.0-RELEASE (amd64) built on Tue Sep 13 17:05:32 EDT 2011 You are on the latest version.

lolinternet · Dec 13, 2011, 1:32 AM

have you tried runing mmtest86

http://www.memtest.org/

eprimaveri · Dec 13, 2011, 7:09 AM

@lolinternet:

have you tried runing mmtest86

http://www.memtest.org/

No I have not yet as this physical machine is in a Datacenter an hour away. This machine isn't currently under high load and I don't see much change in memory usage. But I will try this tomorrow.

eprimaveri · Dec 14, 2011, 5:41 AM

So memory test found no issues. I did track this down. If a PPTP user logs in. For some reason this causes the WAN connection configured with the highest priority to have latency. if I reset the states, the latency issue is resolved. Then its back as soon as the reconnects PPTP. If I delete the Group no problems. Just when the group is in place and someone connects via PPTP.

Anyone have ideas why? I am running out of hair fast.

jimp · Dec 14, 2011, 5:11 PM

Just a guess: In your PPTP settings, the "Server address" is set to your WAN IP. Don't do that, enter an unused local IP instead.

eprimaveri · Dec 14, 2011, 7:38 PM

@jimp:

Just a guess: In your PPTP settings, the "Server address" is set to your WAN IP. Don't do that, enter an unused local IP instead.

I have it set to an unused private IP address within the same local subnet.

I did however find a automatic dynamic gateway setup so I have deleted that. So far everything looks good. Will let you know tomorrow if everything is still going strong.

eprimaveri · Dec 16, 2011, 2:58 PM

Ok so this ended up being an issue where the firewall auto created a dynamic gateway. Thanks for the help