Long boot time Pfsense 2.4.5

  • I upgraded to Pfsense 2.4.5 (2.4.5.r.20200305.1800) from 2.4.4_3. Uninstalled all packages, upgraded to 2.4.5 and reinstalled packages.

    Installed packages: Avahi, PfBlockerNG_dev, ntop, System_Traffic_Totals.

    First thing I noticed after upgrading, when installing the packages, after each package installation completed routing paused briefly (~30 seconds). I didn't think much of this, however, after packages where installed, periodically routing would pause briefly. To clarify, when this pause would occur internet traffic as well as local inter-vlan traffic would stop for ~ 30 seconds.

    At this point, I considered rebooting and that is when I noticed the long boot time (7+ minutes). It would hang at "load_dn_aqm dn_aqm PIE loaded" just before 0 addresses deleted. It would hang again around starting DNS Resolver and again before the second 0 addresses deleted. I rebooted multiple times and the results were the same.

    This Pfsense instance is running in Hyper-V and during these "hangs" the CPU usage would be maxed. This issue did not exist on 2.4.4. I had taken a snapshot prior to being the upgrade process and have since rolled backed.

    When I have more time to test, I will, but has anyone else had an issue like this after upgrading to 2.4.5?

  • I,ve been following the 2.4.5 RC from the first versions.

    I'm using Avahi myself : a rather small package with very few settings : never had issues with it.
    I never used "System_Traffic_Totals".

    ntop can be a real resource hog, depending how much traffic and interface you have.
    PfBlockerNG_dev can, according to what and how many feeds you are using, kill a i9/max with lot of memory easily.

    If things do not look ok after a final reboot, it's time to look at the console boot messages - even SSH access won't help you here. True, the dmesg log is aviable, but that one only lists the kernel activity, when it's enumerating the hardware it wound.
    Remove / disable big packages one by one and reboot to test.
    Also, always check the DNS Resolver log for a while. Is it restarting a lot ? How long is the time bewteen a "stop" and "start" and it finishing starting up ?

    It's not rare that people mention : "oh, I have some 700K entries in the DNSBL file".
    This one :
    That will impact your system.

  • I did a clean install from an iso and restored the config and all is well! Thanks!