pfSense crashes when 3+ site-to-site VPN's have DDNS / FQDNhostname
-
pfSense (with 2 CPU cores and 6 GB RAM)
2.4.4-RELEASE-p2(amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6There are 7 site to site VPN's.
From the moment I set about 3 (random ones) to their DDNS FQDN as remote gateway, my pfSense acts strange (page not responding, refreshing shows blank page) and eventually crashes (need to restore from backup to solve).Why is this?
-
First order of business is to upgrade to the current release.
Second, there isn't nearly enough information here to definitely say it was that change which led to the problems. You will need to provide a lot more information about your configuration, logs, etc.
-
This is my issue:
When i set my ipSec tunnels to fixed IP as remote gateway, my ipSec tunnels function without problem.
HOWEVER, when i put their DDNS hostname equivalent as remote gateway, the pfSense IPSec page starts to bug.For example, i managed to reproduce it. All of my ipsec tunnels are down and when i go to Status -> IPSec I get this screen:
This screen stays like this forever (and my ipsec tunnels aren't functioning) .
The system logs:
-
I found the issue:
127.0.0.1 was set as first DNS server and pfSense doesn't do a fallback for DDNS hostnames to the second or third when IP resolving doesn't work hence why the PFSENSE acts strange.
this should be noticed as a BUG - >fallback to other dns servers should be done in my opinion
-
That isn't a bug, it's a configuration problem. It definitely does do fallback in the right scenarios but it depends on how you have the DNS Settings/Resolver settings configured. You should not rely on servers that hand out different data. All of your configured forwarders should provide the same data.
That's a topic for a different thread, however.
