PfSense 2.3 LAN interface stops routing traffic - stops working after 2 or 3 day
-
jimp, could you quickly comment on what caused the issue??
If you mean the original problem from this thread about the traffic stopping, I don't personally have that info. Should be on the tickets and/or in the commit history. It was something in the IPsec code, IIRC.
cmb is on a plane at the moment, he might have some more insight when he's able to respond.
-
We have the IPsec code from FreeBSD -CURRENT in 2.3.x. At the time we merged it in, there was an issue that wasn't identified and fixed until later. The fix was to re-merge all of IPsec from -CURRENT.
-
Looks like you're on the factory image, not CE, so the snapshots aren't available there currently. I'd suggest waiting for 2.3.1-RELEASE which if all goes as planned, will be first thing next week. You could, potentially, switch to CE snapshots but you'd lose the factory image tweaks/extras.
First thing next week, so is that today? Do you know if it is today?
-
The process has begun but we need time to test and such, so probably not today at this rate, but we'll see what happens.
The factory images gained access to snapshots late last week so you could run a snapshot now if you want, but with the release being so close, you may as well wait another day or so for it.
-
@cmb:
We have the IPsec code from FreeBSD -CURRENT in 2.3.x. At the time we merged it in, there was an issue that wasn't identified and fixed until later. The fix was to re-merge all of IPsec from -CURRENT.
OP checking in.
Looks like everything is good to go now. It's been up for over four days and not a single issue. Thanks for taking care of this! I anxiously await 2.3.1 so I can deploy to the rest of my sites!
-
The process has begun but we need time to test and such, so probably not today at this rate, but we'll see what happens.
The factory images gained access to snapshots late last week so you could run a snapshot now if you want, but with the release being so close, you may as well wait another day or so for it.
Well tried again for the factory image snapshot, however still getting an error when trying to get the update list. Hopefully 2.3.1 release will be out soon.
-
Hi,
running 2.3.1-DEVELOPMENT (i386) on net6501-70pfSense crashes EVERY time the remote IPsec user connects and attempts to access some Web pages on a local network.
SSH seems to be more stable. Submitted the crash report via Diagnostics/Crash reportsTried to disable one CPU - has no effect on the crash.
IPSec is not usable for us at this point … -
Crashed again during work hours :-, any eta on this (first thing this week) release for the factory image? There are no snapshots available.
-
FreeBSD released a couple security advisories yesterday evening, which means we had to rebuild the images and do all the testing again, so we're still in the middle of all that.
-
FreeBSD released a couple security advisories yesterday evening, which means we had to rebuild the images and do all the testing again, so we're still in the middle of all that.
OK thanks. Any ETA though? I don't know your testing process and how long that takes.
-
If we don't find anything, release will likely be later today, but we like to err on the side of caution.
-
If we don't find anything, release will likely be later today, but we like to err on the side of caution.
Thanks, good to hear.
-
Hey guys. I saw that 2.3.1 is out, but I tried to switch from development to stable and when I refresh the update page it wants me to go to 2.3.2asomethingsomething instead of 2.3.1. Am I out of luck until 2.3.2 is out now?
-
when you were on development versions it shows 2.3.2a, but actually takes you to 2.3.1 if you're set back to the stable branch. If you stay on development, it'll take you to 2.3.2, though 2.3.2 at this instant at least is the same as 2.3.1 (granted that will start changing).
-
On 2.3.1 factory image now, update took a little longer than anticipated, had to leave the office. Logged in remotely later and all was good. Happy again. Thanks guys.
EDIT: 4 Days 16 Hours uptime since updating to 2.3.1, seems to be working flawlessly for me again. Thanks.
-
I migrated from ZYWALL usg 200 to an Intel NUC I7
I had the same problem! Randomly firewall stopped working.
In my case I disabled hyper threading in BIOS. The probelma kept. I disabled the the multicore and I was only one active core.
Pfsense works good.My system:
Version 2.3.2-DEVELOPMENT (amd64)
built on Wed May 18 04:39:03 CDT 2016
FreeBSD 10.3-RELEASE-p3The system is on the latest version.
Platform pfSense
CPU Type Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz
Uptime 03 Hours 58 Minutes 00 Seconds Current date/time
Thu May 19 14:44:43 UTC 2016 -
This thread seemed to die as the update went live .. I for one have been following this (started in another thread) and did the update immediately… For the 3-4 out of 8 systems affected in my network it did the trick.. Re-enabled extra cores and still going strong ...
My issue was exactly as stated above that ipsec traffic seemed to kill the LAN interface at random times (but most likely depending on the amount of ipsec traffic).
Would like to thank the hard working people of PFsense for their patience with not always grateful people using it .. You're doing a great job with a great product .. Thumbs up from Denmark ... :-)
-
Just wanted to reply to the thread, got my RMA back and updated and have not had the issue for over 24 hours. wanted to share the notes so anyone that has a supermicro has some help if needed
https://dl.dropboxusercontent.com/u/42296/SuperMicro%20RMA%20notes.PDF
And just to point to the solution that was most likely the issue:
-
Crap. I have upgraded to 2.3.1_1 last Sunday and the pfsense has locked up twice since. Everything is fine after a reboot but after roughly 2 days LAN just locks up. Hardware ran without problems prior to this upgrade.
-
The issue here is 100% confirmed fixed by at least dozens of people across hundreds of systems. I'm locking this thread to prevent further hijacking. Please start your own thread if you're having an issue, as it isn't the same as this one.
