[Solved] pfsense is not making sense

Raffi_

I double checked it, squid is not running. I also attached a screen shot of my services

Services.JPG_thumb

kejianshi

I don't know.

Burn the install. Reinstall. Test again.

Raffi_

lol I wanna do what your avatar is doing right now. I think you're right though, I may have no choice.

kejianshi

BTW - I meant check it at a real console. ps -aux

Raffi_

[2.4.1-RELEASE][admin@pfsense.telebyte]/root: ps -aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 11 200.0 0.0 0 32 - RL 16:59 2659:43.17 [idle]
root 0 0.0 0.0 0 208 - DLs 16:59 0:00.19 [kernel]
root 1 0.0 0.0 5024 908 - ILs 16:59 0:00.01 /sbin/init –
root 2 0.0 0.0 0 16 - DL 16:59 0:00.00 [crypto]
root 3 0.0 0.0 0 16 - DL 16:59 0:00.00 [crypto retur
root 4 0.0 0.0 0 32 - DL 16:59 0:00.01 [cam]
root 5 0.0 0.0 0 16 - DL 16:59 0:00.01 [soaiod1]
root 6 0.0 0.0 0 16 - DL 16:59 0:00.01 [soaiod2]
root 7 0.0 0.0 0 16 - DL 16:59 0:00.01 [soaiod3]
root 8 0.0 0.0 0 16 - DL 16:59 0:00.01 [soaiod4]
root 9 0.0 0.0 0 16 - DL 16:59 0:00.00 [sctp_iterato
root 10 0.0 0.0 0 16 - DL 16:59 0:00.00 [audit]
root 12 0.0 0.0 0 272 - WL 16:59 4:41.33 [intr]
root 13 0.0 0.0 0 32 - DL 16:59 0:00.00 [ng_queue]
root 14 0.0 0.0 0 48 - DL 16:59 0:00.01 [geom]
root 15 0.0 0.0 0 256 - DL 16:59 2:36.05 [usb]
root 16 0.0 0.0 0 16 - DL 16:59 0:24.10 [pf purge]
root 17 0.0 0.0 0 16 - DL 16:59 0:13.27 [rand_harvest
root 18 0.0 0.0 0 16 - DL 16:59 0:02.78 [acpi_thermal
root 19 0.0 0.0 0 16 - DL 16:59 0:00.32 [acpi_cooling
root 20 0.0 0.0 0 16 - DL 16:59 0:00.07 [enc_daemon0]
root 21 0.0 0.0 0 48 - DL 16:59 0:04.35 [pagedaemon]
root 22 0.0 0.0 0 16 - DL 16:59 0:00.00 [vmdaemon]
root 23 0.0 0.0 0 16 - DL 16:59 0:00.00 [pagezero]
root 24 0.0 0.0 0 16 - DL 16:59 0:00.40 [bufspacedaem
root 25 0.0 0.0 0 32 - DL 16:59 0:02.04 [bufdaemon]
root 26 0.0 0.0 0 16 - DL 16:59 0:00.38 [vnlru]
root 27 0.0 0.0 0 16 - DL 16:59 0:07.44 [syncer]
root 60 0.0 0.0 0 16 - DL 16:59 0:00.08 [md0]
root 300 0.0 0.7 282676 29264 - Ss 16:59 0:02.47 php-fpm: mast
root 338 0.0 0.1 19436 4400 - INs 16:59 0:00.02 /usr/local/sb
root 340 0.0 0.1 19436 4216 - IN 16:59 0:00.00 check_reload_
root 353 0.0 0.1 9556 5516 - Ss 16:59 0:00.04 /sbin/devd -q
root 4772 0.0 0.1 19324 3196 - Ss 17:00 0:00.37 /usr/local/sb
root 5504 0.0 0.1 13084 2776 - IN 00:01 0:00.00 /bin/sh /etc/
root 5543 0.0 0.0 6172 1928 - IN 00:01 0:00.00 sleep 81230
root 7987 0.0 0.2 20348 6116 - Ss 16:59 0:10.19 /usr/local/sb
root 8940 0.0 0.1 12696 2392 - Ss 16:59 0:06.17 /usr/local/sb
root 12193 0.0 0.2 53488 6968 - Ss 16:59 0:00.00 /usr/sbin/ssh
root 12368 0.0 0.1 10580 2180 - Is 16:59 0:00.00 /usr/local/sb
root 14985 0.0 0.1 15076 2384 - Is 16:59 0:11.32 /usr/local/bi
root 19768 0.0 0.1 13084 2844 - IN 13:29 0:01.18 /bin/sh /var/
root 33534 0.0 0.0 8224 2004 - Is 17:00 0:00.00 /usr/local/bi
root 33889 0.0 0.0 8224 2020 - I 17:00 0:00.03 minicron: hel
root 34129 0.0 0.0 8224 2004 - Is 17:00 0:00.00 /usr/local/bi
root 34552 0.0 0.0 8224 2016 - I 17:00 0:00.00 minicron: hel
root 34737 0.0 0.0 8224 2004 - Is 17:00 0:00.00 /usr/local/bi
root 35020 0.0 0.0 8224 2016 - I 17:00 0:00.00 minicron: hel
root 37355 0.0 0.0 6172 1928 - IN 15:39 0:00.00 sleep 60
root 37366 0.0 0.2 78836 8140 - Ss 15:39 0:00.03 sshd: admin@p
root 48169 0.0 0.2 25416 6724 - Is 17:00 0:00.00 nginx: master
root 48399 0.0 0.2 27464 7768 - I 17:00 0:00.59 nginx: worker
root 48521 0.0 0.2 27464 8188 - I 17:00 0:01.90 nginx: worker
root 48884 0.0 0.1 12496 2368 - Is 17:00 0:00.50 /usr/sbin/cro
root 49416 0.0 0.3 24604 12424 - Ss 17:00 0:04.41 /usr/local/sb
root 60609 0.0 0.7 282676 29268 - I 15:37 0:00.00 php-fpm: pool
root 65254 0.0 0.1 10368 2088 - Ss 17:00 0:11.20 /usr/sbin/pow
root 70050 0.0 0.1 10580 2308 - Ss 17:00 0:00.00 /usr/local/sb
root 71912 0.0 0.0 10288 2012 - Is 13:37 0:00.00 /usr/local/sb
dhcpd 74470 0.0 0.2 16648 7836 - Ss 15:22 0:00.06 /usr/local/sb
root 78540 0.0 0.2 41504 7588 - I 13:34 0:00.00 /usr/local/sb
root 78860 0.0 0.2 52880 9108 - Ss 13:34 0:01.14 /usr/local/sb
unbound 79886 0.0 0.8 64468 33648 - Ss 09:58 0:17.38 /usr/local/sb
root 80737 0.0 0.1 10472 2532 - Ss 17:00 0:09.21 /usr/sbin/sys
root 68908 0.0 0.1 39432 2836 v0 Is 17:00 0:00.01 login [pam] (
root 70053 0.0 0.1 13084 2924 v0 I 17:00 0:00.00 -sh (sh)
root 70341 0.0 0.1 13084 2800 v0 I+ 17:00 0:00.00 /bin/sh /etc/
root 69122 0.0 0.1 10388 2128 v1 Is+ 17:00 0:00.00 /usr/libexec/
root 69382 0.0 0.1 10388 2128 v2 Is+ 17:00 0:00.00 /usr/libexec/
root 69546 0.0 0.1 10388 2128 v3 Is+ 17:00 0:00.00 /usr/libexec/
root 69647 0.0 0.1 10388 2128 v4 Is+ 17:00 0:00.00 /usr/libexec/
root 69652 0.0 0.1 10388 2128 v5 Is+ 17:00 0:00.00 /usr/libexec/
root 69953 0.0 0.1 10388 2128 v6 Is+ 17:00 0:00.00 /usr/libexec/
root 70040 0.0 0.1 10388 2128 v7 Is+ 17:00 0:00.00 /usr/libexec/
root 37841 0.0 0.1 13084 2800 0 Ss 15:39 0:00.00 /bin/sh /etc/
root 40476 0.0 0.1 13392 3632 0 S 15:39 0:00.01 /bin/tcsh
root 42749 0.0 0.1 21104 2716 0 R+ 15:39 0:00.00 ps -aux

kejianshi

The "idle" process is using way too much processor… (kidding)

Don't see anything odd. I'd reinstall and test again.

Raffi_

haha tech humor. I'm going to hold off a reinstall for now since it's not a show stopper, but I have a feeling that may be the only option. I'll have to find a good time to get it done.

Thanks for the help.

Raffi

kejianshi

Yeah - I'd wait for a good time. It could take seconds or perhaps minutes to hit the "default settings" button in the console.

Might work as well as a fresh install.

Raffi_

lol good idea, I'll try that first.

Have you had any experience with a reinstall when an issue came up? I wonder if restoring my config on a fresh install would also "restore" the issue? I guess, I'll only know by trying.

kejianshi

Likely so. I've noticed that when I screw up my settings, save them and then restore them, they are still screwed up. Maybe its just me.

Raffi_

It turns out it's not my settings. A factory reset didn't help either. Is a factory reset the same as a fresh install? Could there still be some files that are corrupt or not quite right?

I'm beginning to think it could be due to the jump from 2.3.x to 2.4.0. I think that's when it also changed the freeBSD version to 11? I won't know for sure until I try a fresh install of 2.3.x and see if that fixes it or not.

kejianshi

Id try a fresh install before I blamed the new version. I think that even a factory reset could leave some stray code, depending on whats been done to it.

Raffi_

I'll have to wait for a time when the office is nearly empty before I do a fresh install. I may not be able to get that done for a while since I won't be in the office again till Tuesday. I guess the bit of good news is that it looks like it's not my settings. If it is due to some bit of bad/left over code, doing a fresh install of 2.4.1 will hopefully take care of that. I could run a test right after the install. Then, restore my latest config and it should get me back up and running, hopefully without issues. We shall see… but that is the game plan for now.

roveer

I just happened to be searching around tonight as I'm embarking on my own pfsense installation.

You description seems like it somewhat matches that of this video on Youtube: https://www.youtube.com/watch?v=v2rK5F461aM

He upgraded the processor and problems went away. You may be under powered since you turned a bunch of stuff on.

Roveer

Guest

Since then, the network topology has not changed. I have installed pfsense OS updates along the way, Snort, squid (with cache and AV), and pfblocker. I have been running speed tests recently and my upload is consistently fine. The issue is with my download speeds. I can't get above ~97 Mbps.

Snort, Squid, ClamAV and pfBlockerNG means you were turning your pfSense into a fully acting UTM device and this
on a small Atom based board with 1.6GHz so it could really be that you are not right sorted with enough horse power.

He upgraded the processor and problems went away. You may be under powered since you turned a bunch of stuff on.

Could be also that the memory system gets saturated. To small footprint or to lame RAM.

marvosa

I'm in alignment with roveer's post, your box is underpowered.

Per the PFsense hardware requirements page (https://www.pfsense.org/products/#requirements), for your bandwidth you should be running:

"No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters."

I would also double your ram at a minimum.

Harvy66

His box may technically be underpowered, but it is not showing any usual load.

@OP: Run "ps -aux" while you're doing a speedtest. We need to see what's using CPU, if any, under load.

JeGr

on a small Atom based board with 1.6GHz so it could really be that you are not right sorted with enough horse power.

Geez, guys! The celeron 1017U is an Ivy Bridge gen. Notebook CPU. Not a small-time old-school Atom.

"No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters."

What for? That recommendation is really old-school, even the pfSense hardware doesn't match that ;) Not even their own SG-2440 would match that description and is described as running IDS and Proxies just fine. I agree with Harvy, the screens don't show high CPU load and if the box should be that underpowered you'd see that in the 5 or 15m load values. The Celeron is a dual core, so a load of 2 would still be acceptable at peaks.

Raffi_

Thanks for the replies. I wish it were as simple as my hardware being under powered. I have no beast under the hood, but I have several points to squash that argument.
1. My CPU load has never been max out even under the heaviest of use.
2. My CPU load is almost always sitting close to 0% usage. The biggest load is probably me accessing the GUI/graphs.
3. The idle process uses most of the processor.
4. I disabled all the mentioned services which are known to be a burden and still have the issue.
5. I did a factory reset and still had the issue.
6. I have 4GB of newish laptop ram. It is not fully utilized.
7. There is no use and never has been any use of swap space.

I did not have this issue when I originally ran the system on 2.3.x, so I'm beginning to think it could be due to the jump to 2.4.x. It could also be that I have a botched install which happened somewhere along the way. I'm pretty sure the factory reset simply restores a config file with all the defaults from a fresh install. It's not re-imaging the partition from a recovery partition. I realized this when I saw my custom WPAD files still in the /usr/local/www/ directory even after the factory reset. I deleted those files as well just to be sure they had no part in the problem, but this made me think, if those files were untouched, what if a potentially corrupted file was also untouched. I think the only thing that makes sense at this point is a fresh install. I'll keep you all posted.

Thanks.

kejianshi

It will be interesting to see what a fresh install does.