Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Found Panic source: VLANs that were removed!

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 667 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MrPeteM Offline
      MrPete
      last edited by

      I was having serious trouble with pfSense crashes. After quite a bit of debugging, I have determined:

      • When I consolidated some VLANs (used to have separate subnets for WiFi vs wired) and removed those interfaces...
      • The interfaces remained in a number of places in the pfSense configuration.
        • Specifically: Firewall aliases and rules, pimd package, pfBlocker-NG, (disabled) IGMP Proxy package
      • None of that had any effect for many months.
      • However, I suddenly started getting random panic crashes.
        • Some involved pimd, which is how I eventually identified the above as root cause.

      By clearing out the references to the old interfaces, my system is again stable.

      It appears that this could be a challenge to automate the cleanup, so I'm not certain...
      QUESTION: Should this be considered a bug? It seems to me that at a low level, nothing in pfSense, nor any package (or syscall?) should attempt to make use of an interface that doesn't exist!

      My resolution method:

      • Create an XML config backup (Diagnostics->Backup)
      • Manually edit the config.xml file
      • Place on USB stick and reboot pfSense which will auto-reload the config.
      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Unassigned interfaces existing in firewall or NAT rules is not an issue. The config is retained but not used.
        In the IGMPproxy the worst I would expect would be that is simply doesn't start.
        I would suspect pimd if anything since pfBlocker-NG has had far greater exposure to this sort of config change. Also pfBlocker works by manipulating the firewall rules (and Unbound) and that should not be an issue.

        Steve

        MrPeteM 1 Reply Last reply Reply Quote 0
        • MrPeteM Offline
          MrPete @stephenw10
          last edited by

          @stephenw10 I am reasonably certain it was pimd -- referenced in the panics.

          I'm not an expert on this, but in my research I discovered that pim is a kernel level protocol/service in BSD. No wonder I had issues...

          I will report this to the pimd author.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Yeah, it should probably disable non-existent interfaces. You could open a bug report against the package to track it: https://redmine.pfsense.org/projects/pfsense-packages

            Steve

            MrPeteM 1 Reply Last reply Reply Quote 0
            • MrPeteM Offline
              MrPete @stephenw10
              last edited by

              @stephenw10 I've reported to github/-troglobit/pimd ... are you thinking this can be handled in the pfSense package itself? That would be nice. ;)

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Probably both. The pfSense package should not create a pimd conf file that includes invalid interfaces. pimd should probably not kernel panic on a bad conf file. I expect it to simply fail to start.

                Steve

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.