Pfsense spamming

ggzengel

Oct 2 11:38:09 php: rc.newipsecdns: GATEWAYS: Group Internet did not have any gateways up on tier 1! 
Oct 2 11:38:09 php: rc.newipsecdns: Gateways status could not be determined, considering all as up/active. (Group: Internet) 
Oct 2 11:38:09 php: rc.newipsecdns: Gateways status could not be determined, considering all as up/active. (Group: DicomGateway) 
Oct 2 11:38:09 php: rc.newipsecdns: Gateways status could not be determined, considering all as up/active. (Group: WAN) 

What does it mean? I get it 10 times a second.
I why do I get more than 2000 email for this?

1. My IPsec configs didn't use internet group. They all use WAN group.
2. The internet group has a working Tier 2 interface. Changing from loss paket monitoring to member down monitoring didn't change something.
3. The tier 1 interface was down, because cable is removed.

To resolve this I had to change the tier 2 interface to tier 1. This is not automatic fall back.

ggzengel

opt1 is down (no cable) but I always get this:

Oct 2 12:12:54 check_reload_status: Reloading filter 
Oct 2 12:12:54 check_reload_status: Restarting OpenVPN tunnels/interfaces 
Oct 2 12:12:54 check_reload_status: Restarting ipsec tunnels 
Oct 2 12:12:54 check_reload_status: updating dyndns OV_ZMT_HQ1_VPNV4 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 
Oct 2 12:12:46 php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1). 

Since this no RDP session lives longer than 2 minutes. A lot of people couldn't work.

ggzengel

I had to disable "State Killing on Gateway Failure".
I had to remove all IPsec interfaces from gateway groups.
But the gateways didn't change and I still get:

Oct 2 12:58:01 php: /index.php: Gateways status could not be determined, considering all as up/active. (Group: DicomGateway) 
Oct 2 12:58:01 php: /index.php: Gateways status could not be determined, considering all as up/active. (Group: WAN) 
Oct 2 12:58:01 php: /index.php: Gateways status could not be determined, considering all as up/active. (Group: Internet) 

These messages comes after several second but 7 times on block.

I think apinger is still buggy, because I see the gateways a long time with unknown states.

Conclusion:
Release 2.1 is not stable in worst case scenarios.
1. If a interface is down and really didn't change pfsense should ignore it, even when other interface (openvpn, …) fluctuate.
2. Don't flush all states especially if an other interface changes which don't have a gateway (in this case the interface was down and never up).
3. "Gateways status could not be determined, considering all as up/active". Why if the cable is removed and no gateway there (DHCP)?

ggzengel

Interface Cable is down:
Why do I get "GW_Cable, Gathering data" in gateway status and gateway group status. There is nothing to probe if the interface is down.