pfsense goes into dummy state after a 2 or 3 days.
-
I have pfsense running as my main router. It's running as a VM running within a VMware vSphere 6.5 host. The pfsense VM has been allocated two logical processors at 2.66 GHz and 2 GB of RAM with a 20 GB hdd. It's running pfsense version 2.4.4.
After about 2 or 3 days it goes into a state in which it's still forwarding/routing traffic but I can't access the web configuration any longer. I can't interact with the VM at the command line either. I can't SSH to the VM either. It's as if the management plane completely dies while the data plane continues to operate successfully....mostly, some strange behavior is observed as well like some websites simply not loading as they typically should.
If I reboot the VM then it seems to come back to life for another 2 - 3 days. I have to hard reboot it each time though.
I'm wondering if there's any troubleshooting steps I could take to at least find out what's going on. I'm wondering if I'm filling up logs, or if it's running out of RAM or something. The annoying thing; though, is that when it's in this state, I can't interact with it at all to be able to check.
Here's some more details about what services it's performing for me. I have a VPN setup with Mullvad with firewall and NAT rules defined to allow traffic from specific hosts to flow through it. I also have Squid Proxy installed and caching websites. It's using ClamAV and Google Safe browsing turned on. I've allocated 1 GB of RAM for local cache and it's configured to rotate logs every 1 days.
Any help would be greatly appreciated.
-
So does it ping when it happens?
Have you checked the logs right after restart? If it fills up there should be no space left.
console access, ssh are plain freebsd, not pfsense, to begin with.
Make a vm copy, and run it in parallel, with dummy services. (just change ip so as to be able to have ssh , web access)
See if it hangs too.
pfsense runs very well under vspher, thats for sure. -
I'll take a closer look at the logs next time I need to restart it. Alternatively, I'd like to get pfsense working with zabbix, but truthfully, I have no idea how to get it working. I setup a zabbix server and installed the zabbix package but they don't seem to be talking to each other. I figure if I can then I'd be able to see the issue there when it occurs.
I also set it up to send syslog messages to the syslog server running on my Qnap. The annoying thing about this though is that Qnap's syslog viewer is very limited. I can't seem to figure out how to see the messages that are any value to me.
So I can bring up the console when it's in this state but it doesn't respond to any keystrokes.
I can't ssh to the VM when its in this state either. It just sits there trying to establish a session.
I'll look into your suggestion to make a VM Copy and run it in parallel. I'll report back what I find out.
-
Not really part of this thread but you install your Zabbix server and then configure it to monitor the host. Then you install the Zabbix agent on the host and configure it to talk to the Zabbix server's IP address in the Server and Server Active fields and you're done. Everything else is default. Getting the Zabbix server up & running is the hard part. The agent is easy.
-
I imagine the zabbix agent has to be the same version of the zabbix server? My zabbix server is running version 4.0 and there doesn't appear to be a zabbix-agent4.0 in pfsense to install.
-
That's usually how it works. I'm running 3.4. Didn't know 4.0 was out but I have no desire to upgrade since 3.4 does everything I need.
-
You can use older agents with a newer server. The agents are pretty forgiving. You might even be able to use newer agents with an older server but that's less safe.
The proxy is more strict and has to match.
The upgrade to Zabbix 4 was super easy for me though, at least on FreeBSD. Not much more than stopping it, moving to the new port, then starting it again.
-
- Which type of scsi controller do you use in your VM ?
- What do you see in VM console after ''dummy state''?
I can't interact with the VM at the command line either
Make sure to hit Scroll Lock next time - sometimes console ''freezes'' and don't show last messages/current screen.