Crash Report (on pfsense SG-2440)

dcdefiore

Hey guys - I've got a box that has crashed 2 times now in the last two days. I'm not sure what is causing it - the config is almost identical to another box I have. The only thing I've changed recently is the MSS on VPN to 1200 and set the Phase 2 to AES GCM (from AES)

The crashes have happened once at a busy time in the workday (only a couple hours after updating the config) then later on after most everybody would have been home.

http://pastebin.com/3jVnsNZJany ideas?

Guest

the config is almost identical to another box I have.

If this is not be the exactly same hardware under that config as the other box is based on those comparing
would be nonsense in my eyes. Different hardware may causing different action or reaction.

The only thing I've changed recently is the MSS on VPN to 1200 and set the Phase 2 to AES GCM (from AES)

And if you change it back is the failure then gone? Or do you have then anymore problems based on that issue?

dcdefiore

@BlueKobold:

the config is almost identical to another box I have.

If this is not be the exactly same hardware under that config as the other box is based on those comparing
would be nonsense in my eyes. Different hardware may causing different action or reaction.

Sorry, the hardware is the same - both are SG-2440s. The configuration is almost the same (except they are different locations, so different subnets, etc).
The only other difference, is that this site (with the crashing unit) has about 4 users and the other site only has 1. Again - I only make the config change Monday morning, so I'm working with a small sample set.
I've changed it back as of a couple of hours ago - no crashes yet, but the crashes were (seemingly) random, so I'm playing the waiting game now.

dcdefiore

So far, it's been 20 hours since I've reverted the changes, and there have been no crashes, conversely, there were 4 crashes within the first 24 hours of having the new policy…

Guest

were 4 crashes within the first 24 hours of having the new policy…

Did you change the policies on both sides of the VPN tunnel?

dcdefiore

@BlueKobold:

were 4 crashes within the first 24 hours of having the new policy…

Did you change the policies on both sides of the VPN tunnel?

Yes, it was changed on both sides. Over 24 hours reverted now and still no crashes. I'm starting to think it may be a hardware issue - my other site has the same configuration now since Monday and has not crashed.
I have a third site that I was planning on pushing the AES-NI to, and I think I will try that over the weekend - I will have to wait and see if it crashes that. If it doesn't, it's more than likely hardware related.

Guest

I have a third site that I was planning on pushing the AES-NI to, and I think I will try that over the weekend - I will have to wait and see if it crashes that.

The greater brother of yours SG-4860 will be able to push 500+ MBit/s over IPSec VPN tunnel and this stable
as a rock, so perhaps it will be more pending then on the lower power or a miss configuration perhaps.

If it doesn't, it's more than likely hardware related.

Do you really think that the hardware is malformed or buggy because your IPSec VPN is failing?
Hm, I am not really sure but you got two support calls for that actions like explained here in that case.
Did you ever thought about that, to take one of this to solve that issues by professional support?