I don't use IPSec, but I'm having a similar problem to that bug. Related?
-
2.2.6-RELEASE (i386)
built on Mon Dec 21 14:50:36 CST 2015
FreeBSD 10.1-RELEASE-p25My LAN Interface has crapped out. >:( :( It's a chinese USB NIC (Realtek) on a laptop and the whole thing is an experiment for me to get my feet wet with pfSense. I'm building a better box BTW.
I can access pfSense from the WAN interface, but not the LAN interface. pfSense says the LAN interface is up, but it's not issuing ipv4 DHCP addresses, I can't access the web interface, and it's not receiving any packets from the network. It seemed to be that it was crapping out every 2 hours, and then I discovered that the DHCP lease time was 2 hours. Rebooting the laptop would fix the issue for a few weeks, and then today I changed the lease time. Today it also stopped working completely. I tried swapping out the WAP attached to the switch, and it's still not working.
I searched the forum and found this thread:
https://forum.pfsense.org/index.php?topic=110710.0This is a very similar phenomenon. However, I've set up pfSense to ship traffic out to a commercial VPN (like a proxy) via OpenVPN. In effect, it's just a VPN appliance sitting behind a SOHO router. It's not doing anything with IPSec.
The problem seems to have had a half life. Meaning that things started out fine and have been getting frequent and now they are dead.
Is it possible/probable that whatever affected IPSec, also affected OpenVPN about the same time? Or should I start looking elsewhere?
-
Is your problem on 2.2.6 or on 2.3.x? Your link is specifically related to IPSec issues with SMP (more than 1 core) that were due to porting issues of FreeBSD IPSec from 11-Current to pfSense (10.3) specifically in pfSense 2.3.
If your problem is being seen on 2.2.6, it's not the 2.3/IPSec/SMP issue.
There may be other Realtek issues; you really haven't given much info related to the specific hardware you are seeing an issue on.
-
I don't have that much to go on. Seems that i can't get adapter information from the web interface. ue0 just means USB Ethernet 0. However, this is what I am using: http://www.microcenter.com/product/444552/UED011_USB_20_to_Fast_Ethernet_Adapter?rf=Search+Results+Top+%3E+Feature+1+%3E+Inland+UED011+Feature
 -
try changing the nic to pci-e intel nic
-
Yeah. Use decent gear first. No confidence in realtek, especially as described. USB NIC, Bridging, and Realtek. Those are three general areas that give people fits all by themselves. You have a trifecta.
Your issue is definitely not that IPsec+SMP issue (6296) unless you are running 2.3 or 2.3_1 (not 2.3.1 as it is fixed there.) And it was pretty hard to trigger requiring substantial UDP traffic over the tunnel for hours.
If this is a new install why are you messing about with 2.2? Just use 2.3.1.
-
I've got a box with 2x Intel NICs, and I spent an hour digging around for an IDE cable, so I'll be putting a drive and a fresh/latest copy of pfSense on it either later today or later this week. However, the pfLaptop (described above) was me getting my feet wet with parts on hand and minimal expenditure, so I was trying to figure out what went wrong with it.
The bridge is to OpenVPN (I think?). Does that not work either? If so, I'll need to rethink using pfSense.
Although… I did try to have Wi-Fi on the bridge and never got it working. I wonder if I did not disable it properly? I turned off the adapter and that stopped the stuck beacon problem. The laptop has an integrated Atheros Wi-Fi adapter. I could not bridge Wi-Fi to LAN. Someone gave me a tutorial but by that time I had already gotten a switch and a WAP and other problems.
-
Bridging to OpenVPN (tap mode) is not a recommended setup but it can generally be made to work.
Routed (tun mode) is the recommended way to use OpenVPN.
If you want to use that laptop you might try using the laptop NIC on the LAN side with the bridge and the USB NIC as the WAN.
-
OK, I just checked the OpenVPN adapter. It's set up to use tun mode. I guess I interpreted something wrong. See my edits to the previous post about the bridge being leftovers from trying to get the Wi-Fi working.
-
If the bridge is unnecessary delete it and assign LAN directly to the USB NIC in Interfaces (assign).
If you can get into pfSense on WAN, do it from there so you don't lock yourself out.
