Interface config lost after power outage?
-
I am running the latest full fat 2.3.2-RELEASE (amd64) on a Dell Optiplex with an Intel 340 quad port NIC and SSD.
I've had 2 power outages this month, and on both occasions pfsense lost all the configuration for the network interfaces and remains at the first boot screen where you assign interfaces. The system has gone through proper shutdowns before, so it's not losing the config after a reboot, just in the event of sudden power loss.
Is this expected behavior? Is there any way to prevent this?
(Yes, I do have a UPS, but it only goes for an hour-ish and doesn't provide telemetry which Network UPS Tools could make use of.)
-
That is definitely unusual. It should only revert to that state if an interface is missing at the time it checks. Perhaps your power event is causing one of your system's NIC to disappear?
-
Next time it happened, skip to shell and check what shows ifconfig
Check for the firmware/BIOS update.
BTW what UPS do you have? There are some tricks that you can use and some external monitoring devices and event timers can be found also.
-
The box has a Intel i340 T4 card which has somewhat up to date firmware in it (via Dell). I do have a ZTE MF823 dongle attached via USB which might prove to be the culprit if this is a NIC not being alive/connected at the correct time in the boot sequence.
Will do. The UPS is a APC BE400-UK, nothing special. Technically it would be possible to add a power sensor that sent a shutdown signal after x minutes (where x is 80% of tested runtime) but this is additional cost and complexity. If this is a known issue rather than a bug I might go that way but if it's just a bug then I would rather fix the bug.
-
This is strange but some user reported that he had successfully connected this ups to both nut and apcupsd.
-
The 550 and 700 models have the ability to talk to apcupsd via USB, the 400 is just a dumb box and afaik doesn't have any way to get telemetry data into pfsense.
-
Yep, thats why it's strange :)
Anyway, about config lost, I think it's hardware related and it is really hard to fix on software side when physical interface is lost after power outage. -
If this is the case, why does one interface being removed cause the entire configuration for 6 interfaces (quad port NIC, built in and a USB interface) to be deleted, rather than one interface being marked as off-line?
-
There have been dozens of threads over the years, if you want to read the whole reasoning, do some searching. The tl;dr version: It is the only safe and secure failure mode. Any automated assumptions could result in a broken or insecure configuration.
-
OK, that is what I needed to know. It is expected behavior when using pfsense that if an interface doesn't appear at the right time during boot, it will invalidate the entire config for all interfaces and refuse to function until you physically login or fire up the ILO.
The reasoning for this is sound, but it might be an idea to make it clearer that this is expected behavior. A simple error message flag on the GUI stating something like "Due to interface loss, the interfaces have been reset as a security precaution." would have made this far clearer than an expectation to search a forum for answers.
So my solution would appear simple, move the LTE modem to a separate device and use regular ethernet.
-
It doesn't remove the entire config, it knows all about them, their rules, etc. You just have to re-enter the mappings. And it does print a message about the interfaces being mismatched on the console before the prompt. A message in the GUI would be useless as you can't reach the GUI at that point.
And yes, a real Ethernet connection is always preferable to a USB device.
-
So my solution would appear simple, move the LTE modem to a separate device and use regular ethernet.
You might look at something like this to bring wired Ethernet connectivity to a USB 4G modem…
http://shop.proxicast.com/shopping/proxicast-pocketport-2-pocket-sized-3g-4g-lte-usb-cellular-modem-bridge-mini-router.html
It can function as a router, but it also offers a bridge mode.
-
Just an idea to make it far more obvious what has happened and why. A error in the GUI linking to a wiki page would least have saved me asking why this happened.
I am thinking of either the TP-Link TL-MR3020 or firing up my old OpenWRT RouterStation Pro.
