Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.3 LAN interface stops routing traffic - stops working after 2 or 3 day

    Scheduled Pinned Locked Moved General pfSense Questions
    88 Posts 31 Posters 44.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ Offline
      jimp Rebel Alliance Developer Netgate
      last edited by

      @georgeman:

      jimp, could you quickly comment on what caused the issue??

      If you mean the original problem from this thread about the traffic stopping, I don't personally have that info. Should be on the tickets and/or in the commit history. It was something in the IPsec code, IIRC.

      cmb is on a plane at the moment, he might have some more insight when he's able to respond.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        We have the IPsec code from FreeBSD -CURRENT in 2.3.x. At the time we merged it in, there was an issue that wasn't identified and fixed until later. The fix was to re-merge all of IPsec from -CURRENT.

        1 Reply Last reply Reply Quote 0
        • A Offline
          afreaken
          last edited by

          @jimp:

          Looks like you're on the factory image, not CE, so the snapshots aren't available there currently. I'd suggest waiting for 2.3.1-RELEASE which if all goes as planned, will be first thing next week. You could, potentially, switch to CE snapshots but you'd lose the factory image tweaks/extras.

          First thing next week, so is that today? Do you know if it is today?

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            The process has begun but we need time to test and such, so probably not today at this rate, but we'll see what happens.

            The factory images gained access to snapshots late last week so you could run a snapshot now if you want, but with the release being so close, you may as well wait another day or so for it.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B Offline
              byusinger84
              last edited by

              @cmb:

              We have the IPsec code from FreeBSD -CURRENT in 2.3.x. At the time we merged it in, there was an issue that wasn't identified and fixed until later. The fix was to re-merge all of IPsec from -CURRENT.

              OP checking in.

              Looks like everything is good to go now. It's been up for over four days and not a single issue. Thanks for taking care of this! I anxiously await 2.3.1 so I can deploy to the rest of my sites!

              1 Reply Last reply Reply Quote 0
              • A Offline
                afreaken
                last edited by

                @jimp:

                The process has begun but we need time to test and such, so probably not today at this rate, but we'll see what happens.

                The factory images gained access to snapshots late last week so you could run a snapshot now if you want, but with the release being so close, you may as well wait another day or so for it.

                Well tried again for the factory image snapshot, however still getting an error when trying to get the update list. Hopefully 2.3.1 release will be out soon.

                1 Reply Last reply Reply Quote 0
                • V Offline
                  volandg
                  last edited by

                  Hi,
                  running  2.3.1-DEVELOPMENT (i386)  on  net6501-70

                  pfSense crashes EVERY time the remote IPsec user connects and attempts to access some Web pages on a local network.
                  SSH seems to be more stable. Submitted the crash report via Diagnostics/Crash reports

                  Tried to disable one CPU - has no effect on the crash.
                  IPSec is not usable for us at this point …

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    afreaken
                    last edited by

                    Crashed again during work hours  :-, any eta on this (first thing this week) release for the factory image? There are no snapshots available.

                    1 Reply Last reply Reply Quote 0
                    • jimpJ Offline
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      FreeBSD released a couple security advisories yesterday evening, which means we had to rebuild the images and do all the testing again, so we're still in the middle of all that.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • A Offline
                        afreaken
                        last edited by

                        @jimp:

                        FreeBSD released a couple security advisories yesterday evening, which means we had to rebuild the images and do all the testing again, so we're still in the middle of all that.

                        OK thanks. Any ETA though? I don't know your testing process and how long that takes.

                        1 Reply Last reply Reply Quote 0
                        • jimpJ Offline
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          If we don't find anything, release will likely be later today, but we like to err on the side of caution.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • A Offline
                            afreaken
                            last edited by

                            @jimp:

                            If we don't find anything, release will likely be later today, but we like to err on the side of caution.

                            Thanks, good to hear.

                            1 Reply Last reply Reply Quote 0
                            • B Offline
                              byusinger84
                              last edited by

                              Hey guys. I saw that 2.3.1 is out, but I tried to switch from development to stable and when I refresh the update page it wants me to go to 2.3.2asomethingsomething instead of 2.3.1. Am I out of luck until 2.3.2 is out now?

                              1 Reply Last reply Reply Quote 0
                              • C Offline
                                cmb
                                last edited by

                                when you were on development versions it shows 2.3.2a, but actually takes you to 2.3.1 if you're set back to the stable branch. If you stay on development, it'll take you to 2.3.2, though 2.3.2 at this instant at least is the same as 2.3.1 (granted that will start changing).

                                1 Reply Last reply Reply Quote 0
                                • A Offline
                                  afreaken
                                  last edited by

                                  On 2.3.1 factory image now, update took a little longer than anticipated, had to leave the office. Logged in remotely later and all was good. Happy again. Thanks guys.

                                  EDIT: 4 Days 16 Hours uptime since updating to 2.3.1, seems to be working flawlessly for me again. Thanks.

                                  1 Reply Last reply Reply Quote 0
                                  • D Offline
                                    drodrigues
                                    last edited by

                                    I migrated from ZYWALL usg 200 to an Intel NUC I7
                                    I had the same problem! Randomly firewall stopped working.
                                    In my case I disabled hyper threading in BIOS. The probelma kept. I disabled the the multicore and I was only one active core.
                                    Pfsense works good.

                                    My system:

                                    Version 2.3.2-DEVELOPMENT (amd64)
                                    built on Wed May 18 04:39:03 CDT 2016
                                    FreeBSD 10.3-RELEASE-p3

                                    The system is on the latest version.
                                    Platform pfSense
                                    CPU Type Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz
                                    Uptime 03 Hours 58 Minutes 00 Seconds Current date/time
                                    Thu May 19 14:44:43 UTC 2016

                                    1 Reply Last reply Reply Quote 0
                                    • K Offline
                                      kim9700
                                      last edited by

                                      This thread seemed to die as the update went live .. I for one have been following this (started in another thread) and did the update immediately… For the 3-4 out of 8 systems affected in my network it did the trick.. Re-enabled extra cores and still going strong ...

                                      My issue was exactly as stated above that ipsec traffic seemed to kill the LAN interface at random times (but most likely depending on the amount of ipsec traffic).

                                      Would like to thank the hard working people of PFsense for their patience with not always grateful people using it .. You're doing a great job with a great product .. Thumbs up from Denmark ... :-)

                                      1 Reply Last reply Reply Quote 0
                                      • O Offline
                                        OLBaID
                                        last edited by

                                        Just wanted to reply to the thread, got my RMA back and updated and have not had the issue for over 24 hours. wanted to share the notes so anyone that has a supermicro has some help if needed

                                        https://dl.dropboxusercontent.com/u/42296/SuperMicro%20RMA%20notes.PDF

                                        And just to point to the solution that was most likely the issue:

                                        https://redmine.pfsense.org/issues/6296

                                        1 Reply Last reply Reply Quote 0
                                        • M Offline
                                          murmur
                                          last edited by

                                          Crap. I have upgraded to 2.3.1_1 last Sunday and the pfsense has locked up twice since. Everything is fine after a reboot but after roughly 2 days LAN just locks up. Hardware ran without problems prior to this upgrade.

                                          1 Reply Last reply Reply Quote 0
                                          • C Offline
                                            cmb
                                            last edited by

                                            The issue here is 100% confirmed fixed by at least dozens of people across hundreds of systems. I'm locking this thread to prevent further hijacking. Please start your own thread if you're having an issue, as it isn't the same as this one.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.