PC Engines APU2 + pfsense 2.5.0
-
H/W PC Engines APU2, software pfsense 2.5.0-RELEASE (amd64).
Upgrade went fine, however every day I now lose connectivity to the Internet at various time during the day.
All is resolved if I reboot pfsense or bounce the WAN port.
Never had this issue uner the previous version 2.4.5Anyone else have this issue?
-
I'm using an APU2c4 at home, 4 solid days uptime since upgrading to CE 2.5.0.
Nothing to see in logs before you reboot ? -
@bennyc said in PC Engines APU2 + pfsense 2.5.0:
I'm using an APU2c4 at home,
Hi,
Here you will find more about the theme = APU MOBO(s) pcEngines
https://forum.netgate.com/topic/95148/pc-engines-apu2-experiences/554?_=1614192201206+++edit:
Yeah and that can be useful too
https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughput-pfsense/ -
My god that's a long thread, >500 replies. Seems I missed out since my last visit here...
-
@bennyc said in PC Engines APU2 + pfsense 2.5.0:
My god that's a long thread,
This is the place of the question(s)
pleasure,.... that pcEngines (MOBO) has such an active "camp" hereBTW:
With many good professionals -
thanks @daddygo for the reference/information. I'll check it out and see if it resolves the problem
-
@dgoogle I held off on upgrading my APU2 units until recently. Most of them went fine but I do have one particular APU2 that is exhibiting the same behavior you're experiencing. Nothing is logged, the only thing that looks off is the gateway monitoring shows my packet loss and packet delay are both massive. It doesn't matter if WAN traffic is idle or getting hammered, I will randomly lose connectivity until I reboot or bounce the WAN port.
Oddly enough, I backed up the config and restored to another APU2 freshly loaded with 2.5.2. Same exact behavior. Got to be something in the config that was fine with 2.4.5 and not fine with 2.5.
Did you ever figure anything out about your issue? I'm getting ready to go line by line in my config to start testing... it's going to suck. :)
-
First thing I'd check is the hardware off-loading in Sys > Adv > Networking. Set everything to disabled and reboot.
Make sure those APUs are running the same Coreboot version. There have been many updates and some had issues as detailed in the thread linked above.Steve
-
@stephenw10 Ah, yes I'll take a look at those later today. I know I unchecked (enable) everything in there back on 2.4.5 as one of the community-accepted steps to get near-gigabit throughput.
I did try upgrading coreboot as a troubleshooting step, no changes there. I did skim through that thread, lots of good info there. Thank ya sir, hopefully it's a simple couple of check boxes and I'm back to normal.
-
@stephenw10 it helped but didn't fix it. I think at this point I'll be deploying a 3rd APU2 this weekend and reprogramming by hand instead of restoring config. Got to be something weird with the config but nothing that stands out to me. These APU units work fine with a fresh 2.5 install, it's only after I restore the config that they start randomly acting up.
After disabling all the hardware offloading, the issue seems to happen less frequently and the duration seems shorter. More on that below.
Potential new development, if I leave it long enough it returns to normal for a while. I've bothered the ISP a few dozen times over the past 5 weeks or so thinking it could be their issue as I don't seem to have the issue when I disconnect their connection and just use the failover ISP exclusively. They cannot find any issue on their end. I've replaced all the hardware on my end.
I did try reassigning NICs and physically swapping WAN connections to match, same issue regardless of physical port, primary ISP continues to have issues.
Such a bizarre problem. I will be installing pfSense fresh this weekend and configuring without restoring backup. See if the issue persists.
-
You have anything exotic in the config? Any packages?
-
@stephenw10 Well, very plain setup with one exception I'll get into in the next paragraph. Zabbix agent v4 running on there, openvpn-client-export package installed. Nothing added by hand or outside of the packages offered.
This is the only place I'm using VLANs and security policies for them on the router/firewall. I have 11 VLAN interfaces tied to the LAN NIC at this location, with around 25 rules on each interface. Nothing special configured on WAN or WAN2 NICs, port forward for zabbix and rule for OpenVPN allowance.
-
Mmm, I wouldn't expect to see an issue with any of that.
Do you see anything using a lot of CPU in System Activity when this happens?