Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Check_reload_status goes to 100% then OpenVPN Client restarts

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      archedraft
      last edited by

      Hi,

      I am running pfSense 2.1.2-RELEASE (i386) built on Thu Apr 10 05:23:34 EDT 2014 FreeBSD 8.3-RELEASE-p15

      Recently, I have noticed that the CPU goes to 100% and then my OpenVPN clients (I have 2) restart. If I watch "top" during this, I notice that "check_reload_status" is maxing out at 100%. This seems to happen while there has been little internet activity for awhile and then I get on my computer and use the internet and my pfSense box maxes out and restarts the VPN and then I it starts working. Can anyone advise on why this might be happening. If you need more test results please let me know how I can get those for you.

      1 Reply Last reply Reply Quote 0
      • A Offline
        archedraft
        last edited by

        I was reading the pfSense min requirements and it states

        10-20 Mbps
        We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
        21-100 Mbps
        We recommend a modern 1.0 GHz Intel or AMD CPU

        My CPU is a Intel Pentium 4 CPU 2.60GHz which is much older than 4 years… around 8 years it looks like. My download speed is 30 Mbps. Could it be that the CPU fails when I first start using the internet? However, when I am downloading at max speeds of 30 Mbps the CPU normally only shows about 45 - 55% used. Just thought I would throw that out there.

        1 Reply Last reply Reply Quote 0
        • P Offline
          phil.davis
          last edited by

          Maybe when you start a big download… that maxs out your internet connection and latency goes up. Then pfSense "apinger" thinks the link has a problem and starts reacting.
          When this happens, what are the latency (RTT) and packet loss figures reported by the dashboard Gateways widget?
          You can try extending the parameters in System->Routing, Gateways, Edit a gateway, Advanced parameters.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • A Offline
            archedraft
            last edited by

            This is what happens when the CPU goes to 100%

            RTT        Loss  Status
            892.8ms 0% Latency

            Normally it is:

            8.4ms 0% Online

            I changed RTT to 4000/1000 which stops the CPU from going to 100% and freezing everything. If I disable my VPN Clients it still is showing really high RTT values. If I do a speedtest.net I get normal results, but if I download a file it goes super slow. This usually happens after dinner. Why is the RTT getting so high or does RTT fluctuate a lot when connected to VPN clients?

            EDIT: Now downloading a file is normal again but RTT still is bouncing around pretty high.

            1 Reply Last reply Reply Quote 0
            • C Offline
              cmb
              last edited by

              @archedraft:

              This is what happens when the CPU goes to 100%

              No, that's what causes the CPU to go to 100%. Your gateway status is flapping because of the loss and latency in the replies. As it goes in and out of alarm, it treats that like a WAN IP change, which restarts your VPNs. That usually only happens for one of two reasons. One, you have a shaper config in place (and/or limiters) that's restricting the monitor pings. Two, the replies really are that flaky either because of a connection problem, or just an ISP's router rate limiting replies (better to use something anycasted like 8.8.8.8).

              1 Reply Last reply Reply Quote 0
              • A Offline
                archedraft
                last edited by

                1. I don't believe that I have any limiters. I do have two VPN Clients setup and rules that dictate which computer traffic goes to each VPN.
                2. I have been using my current setup for about a year with no problems until this last month. I am using 8.8.8.8 and 8.8.4.4 as my DNS.

                Any thoughts on what I should try/test next or is this something I may have to learn to live with?

                1 Reply Last reply Reply Quote 0
                • A Offline
                  AIMS-Informatique
                  last edited by

                  Check this thread for having a smoother GW failure handling for small Alix architecture :

                  https://forum.pfsense.org/index.php?topic=73243.15

                  Try not to ping Google as the server could response from a far location and produce high pings. Pinging too far can transform a ISP routing failure into a false link failure (seen from PF).
                  So try to ping something close to you (geographically and/or in terms or router hop), but not your ISP GW : some routers (like Cisco does) are known to drop some ICMP ping replies (even if not under heavy load) and thus produce false high response time or false loss.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.