pfsense short cpu load hang
-
Hey guys,
ive got a problem with pfsense, the firewall is using for a short amout of time high cpu usage and if that happens, all will lag, teamspeak, discord, and ingame you can feel it, everything freezes.
Mem: 308M Active, 329M Inact, 756M Wired, 307M Buf, 6421M Free
Swap: 4096M Total, 4096M FreePID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0K 64K CPU2 2 512.1H 72.36% [idle{idle: cpu2}]
11 root 155 ki31 0K 64K RUN 1 511.3H 71.97% [idle{idle: cpu1}]
11 root 155 ki31 0K 64K CPU3 3 514.2H 71.48% [idle{idle: cpu3}]
11 root 155 ki31 0K 64K CPU0 0 510.9H 67.58% [idle{idle: cpu0}]
20 root -16 - 0K 16K pftm 0 8:54 17.19% [pf purge]
12 root -92 - 0K 368K WAIT 2 136:31 15.38% [intr{irq266: re0}]
20900 root 28 0 6904K 2336K nanslp 1 6:58 13.67% /usr/local/bin/dpinger -S -r 0 -i GW_WAN -B 192.168.0.10 -p /var/run/dpinger_GW_WAN~192.168.0.10~10.0.0.138.pid -u /var/run/dpi
16 root -72 - 0K 256K - 1 190:21 13.48% [usb{usbus0}]
21356 root 25 0 11000K 2416K nanslp 3 6:57 7.37% /usr/local/bin/dpinger -S -r 0 -i WANGW -B 192.168.0.10 -p /var/run/dpinger_WANGW~192.168.0.10~192.168.0.254.pid -u /var/run/dp
52871 root 21 0 23680K 9952K kqread 0 0:40 1.66% nginx: worker process (nginx)
12 root -60 - 0K 368K WAIT 2 23:52 0.39% [intr{swi4: clock (0)}]
27652 root 52 0 99256K 45260K accept 3 0:15 0.29% php-fpm: pool nginx (php-fpm){php-fpm}
85066 root 52 0 95028K 42540K piperd 3 0:15 0.29% php-fpm: pool nginx (php-fpm)
44557 root 52 0 95028K 41340K accept 2 0:02 0.20% php-fpm: pool nginx (php-fpm)
48096 unbound 20 0 137M 129M kqread 2 102:01 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
12 root -88 - 0K 368K WAIT 2 60:11 0.00% [intr{irq264: xhci0}]
12 root -72 - 0K 368K WAIT 2 11:50 0.00% [intr{swi1: netisr 3}]
83000 root 52 20 6976K 2480K wait 1 4:05 0.00% /bin/sh /var/db/rrd/updaterrd.shi hope someone can answer me whats the problem, im using pfsense with pfblockerng and snort.
-
Its the filter reload and it sucks. Large lists and it can be gone for minutes.
-
@Cool_Corona
i dont really understand what you mean, update interval is setup dayly on 11pm in pfblockerng -
anyone got a solution?
-
What are your DNS settings ?
Default ?Using VM ?
Your snort log storage is under control (/var/log/.. has space left) ?
-
@Gertjan
DNS:
1.1.1.1
1.0.0.1
SSL/TLS for outgoing DNS QueriesIts a bare Metal machine (Notebook)
i3-3217U
8GB DDR3128GB SSD -> 2% used
-
i found something
when the problem apears my wan interface is down and theres "autoselect" standing
its running on 100baseTX, my modem is max 100mbit rj45
-
Who or what takes the WAN down ?
Check logs, the answer is there.
Example : if dpinger, the gateway monitor starts missing a lot of pings, it pulls the plug = restarts the interface.
And let me guess : when you de-*activate snort and/or pfblockerng, the problem stops ...
-
What version of pfSense are you using? If it's 2.4.5 there's currently a known issue where anything that causes pfctl to be called (such as openvpn restarts) to chew all CPU, with the knockon effect of packet loss and latency.
Current fixes appear to be:
Roll back to 2.4.4p3
If Virtualised, reduce your system to 1vcpuNetgate are aware of the problem and are, I believe, working with the freeBSD devs to come up with a solution.
There's a number of other threads in the forum about this problem. Hang in there and hopefully will be fixed shortly :)
-
i looked into the system logs, this happens
@muppet its a bare metal device, not an vm, its running 2.4.5, but i think befor update, the problem was allready there, is my nic maybe bad? since its going to "down", and then again to "up"
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:39 kernel ue0: link state changed to DOWN
Apr 23 20:06:39 kernel ue0: link state changed to UP
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:39 kernel ue0: link state changed to DOWN
Apr 23 20:06:39 kernel ue0: link state changed to UP
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:39 check_reload_status Linkup starting ue0
Apr 23 20:06:40 php-fpm 346 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 check_reload_status Reloading filter
Apr 23 20:06:40 php-fpm 345 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 check_reload_status rc.newwanip starting ue0
Apr 23 20:06:40 check_reload_status Reloading filter
Apr 23 20:06:40 php-fpm 53375 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 php-fpm 53779 /rc.linkup: Hotplug event detected for WAN(wan) static IP (192.168.0.10 )
Apr 23 20:06:40 check_reload_status rc.newwanip starting ue0
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: Info: starting on ue0.
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.10) (interface: WAN[wan]) (real interface: ue0).
Apr 23 20:06:41 check_reload_status Reloading filter
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: Info: starting on ue0.
Apr 23 20:06:41 php-fpm 53375 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.10) (interface: WAN[wan]) (real interface: ue0).
-
Yeah, go for the bad NIC - check / exchange both sides, or bad cable.
-
@fischstäbchen Yes I'm very sorry, I should have read where you said Interface flapping. My bad, I'm sorry.
-
It's a possibility, you have to check to be sure first.
-
@Gertjan @muppet
i changed the wan cable, insert a switch in the middle, to see if the net is going down or the ethernet adapter, it looks like my USB Ethernet Adapter is the issue, my question is now, is there a usb ethernet which works with freebsd and pfsense to get this again fully working?
i changed to an HP Probook 450 G1 currently, but didnt helped, so its my adapter, its an ugreen AX88179 USB Adapter
Its wall mounted, so i need something little but still powerful enough
-
@fischstäbchen said in pfsense short cpu load hang:
my USB Ethernet Adapter is the issue
At the end you mention you use one of those things ?
@fischstäbchen said in pfsense short cpu load hang:
is there a usb ethernet which works with freebsd and pfsense to get this again fully working?
That the one million $ question.
Many have asked this one.
Answers are very rare. FreeBSD strong point has not the word 'USB' in it.
Some exist .... You're good for the Find fucntion of the forum.Btw : you also found out why pfSense is rarely if never used on a portable PC.
-
Zotac Zbox CI329 Barebone nano mini-PC, would that be a good option for pfsense, Intel N4100 quad-core with two gigabit nics.
-
I think this is a good choice for SOHO environment: https://www.pcengines.ch/apu4d4.htm
There is also some level of forum support -
@fischstäbchen said in pfsense short cpu load hang:
Zotac Zbox CI329 Barebone nano
https://www.reddit.com/r/PFSENSE/comments/8kasfm/celeron_n4100_fanless_dual_nic_zotac_any_good_for/
