• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

21.02 Sudden lockup

Scheduled Pinned Locked Moved Official Netgate® Hardware
164 Posts 30 Posters 53.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mcury @kphillips
    last edited by mcury Feb 19, 2021, 6:26 PM Feb 19, 2021, 6:26 PM

    @kphillips said in 21.02 Sudden lockup:

    @ffuentes The fix is to revert to 2.4.5p1 until we fix the issue. Please open a ticket for the firmware link.

    My sg-3100 is working fine with the current 21.02, without pfblockerng.
    I guess my network throughput is not high enough to trigger the problem discussed earlier..
    Noticed a few other problems, but my topic wasn't answered.. Like status>monitor>traffic being empty, but I can live with it..

    Do you think I should downgrade to 2.4.5p1 as well?
    Some comments above from devices console not responding anymore are kind of worrying me..
    I mean, is there a chance to happen a complete failure in which I won't be able to reinstall?

    dead on arrival, nowhere to be found.

    K 1 Reply Last reply Feb 19, 2021, 6:33 PM Reply Quote 0
    • K
      kphillips Administrator Netgate @TommyG
      last edited by Feb 19, 2021, 6:27 PM

      @tommyg Personally attacking the support staff who are only trying to help troubleshoot and provide assistance is unacceptable. Enjoy your temporary ban.

      1 Reply Last reply Reply Quote 4
      • K
        kphillips Administrator Netgate @mcury
        last edited by Feb 19, 2021, 6:33 PM

        @mcury If you aren't have any issues, no need to downgrade yet. Just make sure you have your USB console cable handy if you do run into an issue, but if you avoid reloading your firewall filter for now under heavy load, you should be fine. We should have a fixed update soon.

        M F 2 Replies Last reply Feb 19, 2021, 6:34 PM Reply Quote 2
        • M
          mcury @kphillips
          last edited by Feb 19, 2021, 6:34 PM

          @kphillips said in 21.02 Sudden lockup:

          @mcury If you aren't have any issues, no need to downgrade yet. Just make sure you have your USB console cable handy if you do run into an issue, but if you avoid reloading your firewall filter for now under heavy load, you should be fine. We should have a fixed update soon.

          Great, thanks, I'll just wait then, it's working fine here.

          dead on arrival, nowhere to be found.

          1 Reply Last reply Reply Quote 0
          • F
            ffuentes @kphillips
            last edited by Feb 19, 2021, 6:41 PM

            @kphillips I open the ticket.

            K 1 Reply Last reply Feb 19, 2021, 7:15 PM Reply Quote 0
            • K
              kphillips Administrator Netgate @ffuentes
              last edited by Feb 19, 2021, 7:15 PM

              @ffuentes PM me the ticket number, if you didn't get a reply already. I'll make sure to buzz you the firmware.

              F 1 Reply Last reply Feb 19, 2021, 7:53 PM Reply Quote 0
              • A
                alpharulez
                last edited by Feb 19, 2021, 7:20 PM

                I am having issues with snort on upgrade. have had to uninstall it completely.

                dhcp issues to my access point - happens randomly where internet connection is steady but pfsense seems to kick off my access point which then thinks it is no longer in access point mode and reverts to routing starting to handout IPs... and loss of internet connectivity.

                repeat issues with ntopng - had to reinstall - this seems to be stable-ish for the moment.

                Now noticed that System/Package Manager/Available Packages is not showing any packages for me to install... especially Snort.

                A K 2 Replies Last reply Feb 19, 2021, 7:25 PM Reply Quote 0
                • A
                  alpharulez @alpharulez
                  last edited by Feb 19, 2021, 7:25 PM

                  @alpharulez Forgot to add - no pfblockerng on my device... and it is a home setup so not a lot of traffic...

                  F 1 Reply Last reply Feb 19, 2021, 7:35 PM Reply Quote 0
                  • F
                    ffuentes @alpharulez
                    last edited by Feb 19, 2021, 7:35 PM

                    @alpharulez The issue is a general issue with pf reload. This means that snort will also contribute to a reload and cause the lock-up.

                    A 1 Reply Last reply Feb 19, 2021, 7:37 PM Reply Quote 0
                    • A
                      alpharulez @ffuentes
                      last edited by Feb 19, 2021, 7:37 PM

                      @ffuentes thanks. it is uninstalled for the moment and running as a standard firewall... hope the fixe comes out quick so it can go back to a proper IPS...

                      1 Reply Last reply Reply Quote 0
                      • R
                        rloeb
                        last edited by Feb 19, 2021, 7:41 PM

                        @kphillips Is there likely to be a patch in the "near future"?

                        I have too many users to bring the network down while I load the firmware, reload the configuration, check the configuration to assure that it's reasonably correct, then go through the whole process again because I screwed it up, etc. Worse, they (and I) are working through the weekend to finish a critical deliverable.

                        F K 2 Replies Last reply Feb 19, 2021, 7:47 PM Reply Quote 0
                        • F
                          ffuentes @rloeb
                          last edited by Feb 19, 2021, 7:47 PM

                          @rloeb welcome to my club except that I made the mistake... HAHAHA!

                          My boss is getting impatient as I keep dropping, is a bit stable now so I am hoping I get through today at least.

                          1 Reply Last reply Reply Quote 1
                          • F
                            ffuentes @kphillips
                            last edited by Feb 19, 2021, 7:53 PM

                            @kphillips I got the firmware. I also didnt notice this but looks like I did receive an email from support stating the situation and advising me to roll back,

                            so kudos to support!

                            Thanks again!

                            1 Reply Last reply Reply Quote 0
                            • K
                              kphillips Administrator Netgate @alpharulez
                              last edited by Feb 19, 2021, 8:16 PM

                              @alpharulez Because the repos for 21.02 were pulled to keep people from upgrading any more until we release a fix, packages are also affected. You'll need to revert to 2.4.5p1 to be able to install packages again (make sure you set the "Previous Stable Release" in your Update settings before trying).

                              1 Reply Last reply Reply Quote 0
                              • K
                                kphillips Administrator Netgate @rloeb
                                last edited by kphillips Feb 19, 2021, 10:11 PM Feb 19, 2021, 8:23 PM

                                @rloeb If you are absolutely stuck and need to remain on 21.02, you can do the following:

                                Go to Diagnostics --> Command Prompt and run "echo hw.ncpu=1 >> /boot/loader.conf.local" without quotes.

                                Reboot.

                                This will halve your firewall's performance because it artificially limits your CPU to one core, but it also gets rid of the crashing.

                                However, if you can revert to 2.4.5p1 DO THAT. And if you do the above, don't forget to remove it later unless you like having your firewall be artificially limited in performance for the rest of it's life.

                                R L 2 Replies Last reply Feb 19, 2021, 9:07 PM Reply Quote 1
                                • R
                                  rloeb
                                  last edited by Feb 19, 2021, 8:30 PM

                                  Thank you!

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    rloeb @kphillips
                                    last edited by Feb 19, 2021, 9:07 PM

                                    @kphillips FYI. Went to 1 CPU. Snort does not start. Snort does not appear in Services menu. Re-installing snort fails; Window just sits there. Would like to have that protection, but not sure what to do next.

                                    K 1 Reply Last reply Feb 19, 2021, 10:17 PM Reply Quote 0
                                    • L
                                      lnguyen @kphillips
                                      last edited by Feb 19, 2021, 9:16 PM

                                      @kphillips said in 21.02 Sudden lockup:

                                      Command Prompt and run "echo hw.ncpu=1 >> /boot/loader.conf" without quotes.

                                      I think what @jimp stated was:
                                      Create /boot/loader.conf.local if it doesn't exist, as loader.conf can be overwritten by pfSense.

                                      echo hw.ncpu=1 >> /boot/loader.conf.local
                                      

                                      I agree with this as it won't be overwritten and easily reverted once a patch is released by simply issuing:

                                      rm /boot/loader.conf.local
                                      
                                      R K 2 Replies Last reply Feb 19, 2021, 10:09 PM Reply Quote 1
                                      • R
                                        rloeb @lnguyen
                                        last edited by Feb 19, 2021, 10:09 PM

                                        @lnguyen Nice catch. The command did not create the file. My Linux is pretty feeble these days, so I'm unclear what to do next. I'll see if I can pull one of my techies off what they're doing and he can chase this. I'll go back to running the company, which is all I'm competent to do.

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kphillips Administrator Netgate @lnguyen
                                          last edited by Feb 19, 2021, 10:12 PM

                                          @lnguyen You are correct. I've updated my original post.

                                          1 Reply Last reply Reply Quote 1
                                          120 out of 164
                                          • First post
                                            120/164
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received