PfSense GUI Unresponsive following WAN down/Flap
-
I don't know where to start attempting to figure this one out. I purchased a Supermico A1SRM-LN7F-2758 for the purpose of building a pfSense firewall. I have a very basic setup with two WAN connections (I have not configured failover). I do have the Enable default gateway switching activated but that is about it. I had stated installing a few available packages such as pfBlockerNG, squid, and squidGuard. Everything ran fine for a while. I am running 2.3.3-RELEASE-p1 (amd64). sometime around 3.3.2 was installed I started having issues where I have to restart pfSense every 24-48 hours to keep it running. The first symptoms indicating that something is getting unhappy is that I can no longer get in the GUI but traffic seems to be okay. If I wait a while in this condition, all traffic to the internet seems to stop. Sometimes I can ssh into the box and restart PHP-FPM and I can then access the GUI. I can make the behavior happen almost immediately by unplugging a WAN port and plugging it back in. Searching the board I did find that setting kern.ipc.nmbclusters to 1000000 seemed to help some others. For me, I thought it helped but likely not. I am a bit of a novice and worked on this project as a learning opportunity. I am but of a novice at Linux but learning a but nonetheless.
I am about to the point of purchasing a couple of incidents. before doing that I am hoping someone could give me a few suggestions on where to start looking and hopefully resolve my issue.
Thanks,
Markn455
N. GA -
It's by design. When the default gateway switch, all states are killed. So your connection to webgui becomes invalid. But after a while you should be able to login again. If the gateway is flapping can be annoying
-
In my example, I was pulling the cable from WAN2 port which is not the default gateway. When this occurs, I can't log into the GUI so I am actually establishing a new connection to the GUI. My WAN2 connection is a satellite link which has high latency to very high latency. I have attempted to change the monitoring settings to compensate. Nevertheless, the alternate WAN2 gateway can get marked down multiple times a day and sometimes multiple times an hour. But again, this is not the default gateway. Perhaps I should attempt to adjust it more.
Currently have WAN2 removed and just running a day or so without it in the mix and see what happens. Thanks for the information, this certainly gives me something else to check.
At the end of the day I hope to have the DSL on WAN1 and the Satellite link on WAN2. The only time WAN2 gets used would be if WAN2 goes down. I know it's not ideal setup but we are out in the middle of nowhere and that is all we have for Internet. No Cable anywhere in the area.
Mark