pfsense short cpu load hang

fischstäbchen · Apr 22, 2020, 3:27 PM

anyone got a solution?

Gertjan · Apr 22, 2020, 3:47 PM

What are your DNS settings ?
Default ?

Using VM ?

Your snort log storage is under control (/var/log/.. has space left) ?

fischstäbchen · Apr 22, 2020, 4:00 PM

@Gertjan
DNS:
1.1.1.1
1.0.0.1
SSL/TLS for outgoing DNS Queries

Its a bare Metal machine (Notebook)
i3-3217U
8GB DDR3

128GB SSD -> 2% used

fischstäbchen · Apr 22, 2020, 6:31 PM

i found something

when the problem apears my wan interface is down and theres "autoselect" standing

its running on 100baseTX, my modem is max 100mbit rj45

Gertjan · Apr 22, 2020, 8:04 PM

Who or what takes the WAN down ?

Check logs, the answer is there.

Example : if dpinger, the gateway monitor starts missing a lot of pings, it pulls the plug = restarts the interface.

And let me guess : when you de-*activate snort and/or pfblockerng, the problem stops ...

A Former User · Apr 23, 2020, 12:52 AM

What version of pfSense are you using? If it's 2.4.5 there's currently a known issue where anything that causes pfctl to be called (such as openvpn restarts) to chew all CPU, with the knockon effect of packet loss and latency.

Current fixes appear to be:
Roll back to 2.4.4p3
If Virtualised, reduce your system to 1vcpu

Netgate are aware of the problem and are, I believe, working with the freeBSD devs to come up with a solution.

There's a number of other threads in the forum about this problem. Hang in there and hopefully will be fixed shortly :)

fischstäbchen · Apr 23, 2020, 6:10 PM

i looked into the system logs, this happens

@muppet its a bare metal device, not an vm, its running 2.4.5, but i think befor update, the problem was allready there, is my nic maybe bad? since its going to "down", and then again to "up"

Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:39 kernel ue0: link state changed to DOWN
Apr 23 20:06:39 kernel ue0: link state changed to UP
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:39 kernel ue0: link state changed to DOWN
Apr 23 20:06:39 kernel ue0: link state changed to UP
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:40 php-fpm 346 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 check_reload_status Reloading filter
Apr 23 20:06:40 php-fpm 345 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 check_reload_status rc.newwanip starting ue0
Apr 23 20:06:40 check_reload_status Reloading filter
Apr 23 20:06:40 php-fpm 53375 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 php-fpm 53779 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 check_reload_status rc.newwanip starting ue0
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: Info: starting on ue0.
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.10) (interface: WAN[wan]) (real interface: ue0).
Apr 23 20:06:41 check_reload_status Reloading filter
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: Info: starting on ue0.
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.10) (interface: WAN[wan]) (real interface: ue0).

Gertjan · Apr 23, 2020, 10:25 PM

Yeah, go for the bad NIC - check / exchange both sides, or bad cable.

A Former User · Apr 23, 2020, 10:31 PM

@fischstäbchen Yes I'm very sorry, I should have read where you said Interface flapping. My bad, I'm sorry.

Gertjan · Apr 23, 2020, 10:34 PM

It's a possibility, you have to check to be sure first.

fischstäbchen · Apr 24, 2020, 1:54 PM

@Gertjan @muppet

i changed the wan cable, insert a switch in the middle, to see if the net is going down or the ethernet adapter, it looks like my USB Ethernet Adapter is the issue, my question is now, is there a usb ethernet which works with freebsd and pfsense to get this again fully working?

i changed to an HP Probook 450 G1 currently, but didnt helped, so its my adapter, its an ugreen AX88179 USB Adapter

Its wall mounted, so i need something little but still powerful enough

Gertjan · Apr 24, 2020, 2:20 PM

@fischstäbchen said in pfsense short cpu load hang:

my USB Ethernet Adapter is the issue

At the end you mention you use one of those things ?

@fischstäbchen said in pfsense short cpu load hang:

is there a usb ethernet which works with freebsd and pfsense to get this again fully working?

That the one million $ question.
Many have asked this one.
Answers are very rare. FreeBSD strong point has not the word 'USB' in it.
Some exist .... You're good for the Find fucntion of the forum.

Btw : you also found out why pfSense is rarely if never used on a portable PC.

fischstäbchen · Apr 24, 2020, 4:06 PM

Zotac Zbox CI329 Barebone nano mini-PC, would that be a good option for pfsense, Intel N4100 quad-core with two gigabit nics.

DaddyGo · Apr 24, 2020, 4:13 PM

I think this is a good choice for SOHO environment: https://www.pcengines.ch/apu4d4.htm
There is also some level of forum support

DaddyGo · Apr 24, 2020, 4:21 PM

@fischstäbchen said in pfsense short cpu load hang:

Zotac Zbox CI329 Barebone nano

https://www.reddit.com/r/PFSENSE/comments/8kasfm/celeron_n4100_fanless_dual_nic_zotac_any_good_for/