Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Standby unit crashing intermittently

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 942 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      ljorgensen
      last edited by

      Hi,

      Have a CARP cluster running two ix interfaces (with a bunch of vlans) for data and a bge interface for pfsync. All hardware offloading on the interfaces disabled in web interface. mbufs increased to 1,000,000 in web interface. Recently configured OpenVPN on them, but not really using it yet. OpenVPN-client-export package installed - no other packages installed. Nothing suspicious in loader.conf or loader.conf.local:

      loader.conf:

      autoboot_delay="3"
comconsole_speed="9600"
hw.usb.no_pf="1"

      loader.conf.local:

      kern.cam.boot_delay=10000

      The same things are in the files in the primary unit (except "legal.intel_ipw.license_ack=1" in loader.conf.local, but I'm not sure I even need that?)

      The failover unit crashes intermittently. Over the last few days it's happened a few times every day. Runs fine for maybe 20 hours, then crashes two or three times in a row. It crashed just now, and I have submitted a crash report.

      Anything I should look for in the configuration?

      Update: I forgot to mention that I have also recently configured two limiters and used them in one firewall rule involving an alias. I just read that another user also experienced crashes on the failover unit after configuring limiters.

      Oh, and the the crash report ought to be from 130.226.230.200 (or 202 depending on it using CARP or not to send these reports).

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Limiters and pfsync will cause crashes.

        https://redmine.pfsense.org/issues/4310

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • L
          ljorgensen
          last edited by

          Thank you for the quick reply. Nice to know that it is a known problem and being worked on.

          Can I achieve the following without using limiters:

          A certain group of servers must not exceed 10 mbps total bandwidth fetching data from a specific group of ranges of public IPs

          Lars

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            No, that would require limiters. If you really need limiters, you can disable pfsync. The downside is that a failover would not be seamless, states-wise. Connections would be interrupted but they could immediately reconnect.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • L
              ljorgensen
              last edited by

              Thanks. I'll disable pfsync until you have a fix out. Seems to be the lesser of two evils and only connection-oriented sessions (RDP, ssh and such) will have to be manually reconnected on a failover which is tolerable.

              Thank you for the quick assistance!

              Lars

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.