23.01 install results in no internet

stephenw10

Are you also using PPPoE?

If not check for a valid default route in Diag > Routes. Make sure the firewall can resolve IPs in Diag > DNS Lookup.

Does the gateway show as up?

Can the firewall itself connect out from Diag > Ping?

Steve

jeff3820

@stephenw10 Thanks for the help...

No PPPOE

The default route is valid

Gateway shows as up

I cannot ping or DNS lookup anywhere except I can ping local gateways.

No internet. Yet if I go back to 22.05 with exact same configuration then no issues at all. Exact same rules

jeff3820

@stephenw10 So more background and more information. I have 2 identical firewalls...a main and a backup that I could use as a spare and I sometimes use it as a test firewall. When I use the backup firewall, I plug it into a switch that is on a vlan (30) of the main firewall so it get a WAN IP address of 192.168.30.102 or something similar. This has been working fine.

I first upgraded the backup to 23.01. With 23.01 the WAN is connected but I cannot browse the internet. HOWEVER, if I connect the backup firewall directly to my fiber internet connection bypassing the main firewall...all works normally??! While that means 23.01 is working, why did it fail in the double NAT situation where 22.05 worked perfectly??

I just updated my main firewall to 23.01 and all seems OK. I do notice either the CPU frequency is not being read right or Power-D is not working the same. My firewall used to drop down to 700 or 1000 MHz but now barely might reach 2078...typically hovers at main speed yet CPU usage is usually 2-3%.

Any idea on the double NAT failure that fails in 23.01 but works fine in 22.05??

bmeeks

@jeff3820 said in 23.01 install results in no internet:

@stephenw10 Thanks for the help...

No PPPOE

The default route is valid

Gateway shows as up

I cannot ping or DNS lookup anywhere except I can ping local gateways.

No internet. Yet if I go back to 22.05 with exact same configuration then no issues at all. Exact same rules

Can you ping IP address 8.8.8.8?

What needs to be determined first is whether you have a basic Layer 2 connectivity problem or just a domain/hostname resolution problem.

If you can ping 8.8.8.8 successfully, (that is google.com by the way) it would indicate your physical and layer 2 connectivity is good. But if you can ping 8.8.8.8, but ping google.com fails, then that means DNS name resolution is your problem.

Edit: your follow-up post that seemed to post while I was typing my initial response answers some questions, so you can disregard my questions above.

Many times folks come to the forum and post with a problem and their description is "I lost my Internet ...", and we don't know if they lost physical connectivity, their IP address is no longer working, or if they simply lost DNS. All three lead to the same end result, but have vastly different resolutions.

stephenw10

Not quite sure what you're doing there but it sounds possible you might have an over matching outbound NAT rule and it's translating all traffic to an IP that's invalid where you are moving it to. That is quite a common mistake in HA setups. Is that possible?

If it's newer CPU it might support Intel Speed Shift. In that case the P state controls have moved to some new sysctls that are not in the gui yet.

Steve

otsego

I've hit a similar issue. Upgraded a Netgate 6100 from 22.05 to 23.01. After the upgrade completes there is absolutely no internet connectivity. Unable to ping 1.1.1.1 or 8.8.8.8. I get an IP on my WAN interface (DHCP from ISP), but the route is stated as "down" by pfSense.

Reverting back to 22.05 through boot environments and it works immediately.

In my case, there is no double NAT, HA or anything like that. Just plain and simple network connection to ISP.

jeff3820

@bmeeks I did try that. I could ping or reach neither...

Read above, I have 2 firewalls...main and backup. with 22.05 I could use my backup in a double NAT to the main firewall...useful when doing testing. With 23.01 using identical configuration double NAT just fails. If I hook my backup firewall to the fiber connection directly it works normally. If I downgrade my backup firewall to 22.05 it will work fine when double NATed. Just weird. SAME CONFIGURATION!

jeff3820

@otsego Different issue because I was able to get a WAN IP.

jeff3820

@stephenw10 said in 23.01 install results in no internet:

Not quite sure what you're doing there but it sounds possible you might have an over matching outbound NAT rule and it's translating all traffic to an IP that's invalid where you are moving it to. That is quite a common mistake in HA setups. Is that possible?

The outbound NAT rules are identical between the firewalls.

FYI, CPU is an i3-7100U

stephenw10

Ah OK so not actually an HA pair?

So the two devices are configured identically?

I'm unsure how you're connecting them in the test configuration. I would expect to see a subnet conflict if it gets a WAN IP in the 192.168.30.0 subnet but also have that on an internal interface.
That can certainly prevent routing correctly.

Steve

jeff3820

@stephenw10 Yes, absolutely identical. Worked with 22.05 though...

Fiber internet---Main firewall---VLAN 30---Backup firewall---PC

stephenw10

But I am correct in thinking that results in two interfaces in the same subnet?

Try disabling the local interface as a test.

jeff3820

@stephenw10 said in 23.01 install results in no internet:

But I am correct in thinking that results in two interfaces in the same subnet?
Try disabling the local interface as a test.

That was it! If I disabled the VLAN 30 interface (the backup firewall had a WAN of 192.168.30.105) on the backup firewall everything started to work properly.

Mystery solved!! Thank you so much.

puneet1984

hello

tried a fresh upgrade..removed old boot env of 23.01, removed ntop package.
upgrade went fine.
but again got the same issue...
-there is net connectivity for 1-2 min after boot and then it goes down.

• CPU speed is trottled

Have wireguard and tailscale installed
no HAproxy/openVPN/pfblocker installed

got some logs

PHP ERROR: Type: 1, File: /usr/local/pkg/avahi/avahi.inc, Line: 76, Message: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/avahi/avahi.inc:76
Stack trace:
#0 /usr/local/pkg/avahi/avahi.inc(129): avahi_write_config(Array)
#1 /etc/inc/pkg-utils.inc(715) : eval()'d code(1): avahi_sync_config()
#2 /etc/inc/pkg-utils.inc(715): eval()
#3 /etc/rc.start_packages(66): sync_package('Avahi')
#4 {main}
thrown @ 2023-02-22 23:18:17



Crash report begins.  Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256037-6e914874a5e: Fri Feb 10 20:30:29 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/obj/amd64/VDZvZksF/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBS

Crash report details:

No PHP errors found.

No FreeBSD crash data found.
			
Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Current: 791 MHz, Max: 800 MHz
2 CPUs : 1 package(s) x 2 core(s)

on V22.05

Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
2 CPUs: 1 package(s) x 2 core(s)
AES-NI CPU Crypto: Yes (active)
QAT Crypto: No

stephenw10

It looks like you have 3 separate issues there.

A php bug in Avahi.
https://redmine.pfsense.org/issues/14019

A CPU clock speed issue.
Try running sysctl dev.cpu.0 check the reported clock speeds

Some other problem preventing traffic after some time.
You need to determine exactly what's failing there. No route? No DNS? Everything blokcked? Firewall completely unresponsive?

Steve

puneet1984

@stephenw10 said in 23.01 install results in no internet:

Some other problem preventing traffic after some time.
You need to determine exactly what's failing there. No route? No DNS? Everything blokcked? Firewall completely unresponsive?

Steve

can you elaborate with what i need to check / commands to run?

puneet1984

@stephenw10 said in 23.01 install results in no internet:

It looks like you have 3 separate issues there.

A php bug in Avahi.
https://redmine.pfsense.org/issues/14019

A CPU clock speed issue.
Try running sysctl dev.cpu.0 check the reported clock speeds

Some other problem preventing traffic after some time.
You need to determine exactly what's failing there. No route? No DNS? Everything blokcked? Firewall completely unresponsive?

Steve

i am getting this on my 22.05

dev.cpu.0.freq_levels: 800/51000
dev.cpu.0.freq: 800

why is the CPU throttled??

GUI shows

Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
2 CPUs: 1 package(s) x 2 core(s)
AES-NI CPU Crypto: Yes (active)
QAT Crypto: No

sysctl -a | grep -i cpu

kern.smp.cpus: 2
kern.smp.maxcpus: 256
CPU: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz (800.00-MHz K8-class CPU)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0: <ACPI CPU> on acpi0
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
<118>Launching the init system...Updating CPU Microcode...
CPU: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz (792.00-MHz K8-class CPU)
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
CPU: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz (792.04-MHz K8-class CPU)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
<118>Launching the init system...Updating CPU Microcode...
CPU: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz (792.04-MHz K8-class CPU)
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
kern.ccpu: 0
  <cpu count="2" mask="3,0,0,0">0, 1</cpu>
kern.sched.cpusetsize: 32
kern.pin_pcpu_swi: 0
kern.racct.pcpu_threshold: 1
cpu	HAMMER
device	cpufreq
kern.vt.splash_cpu_duration: 10
kern.vt.splash_cpu_style: 2
kern.vt.splash_ncpu: 0
kern.vt.splash_cpu: 0
vfs.ncpurgeminvnodes: 16
net.inet.tcp.per_cpu_timers: 0
debug.cpufreq.verbose: 0
debug.cpufreq.lowest: 0
debug.acpi.cpu_unordered: 0
kdb.enter.default=textdump set; capture on; show registers ; run lockinfo; show pcpu; bt; ps; alltrace; capture off; textdump dump; reset
hw.model: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
hw.ncpu: 2
hw.acpi.cpu.cx_lowest: C1

stephenw10

Ah, Ok. It looks like the BIOS is incorrectly reporting the available CPU P-states to the OS. In 22.05 lower P-states are not used unless powerd is enabled in System > Advanced > Misc.
In 23.01 Speed Shift is enabled by default for CPUs that support it. That should only use clock speeds the CPU actually supports but if it's limited in the BIOS it maybe.

I suspect you're just not seeing it reported in 22.05 because powerd is not enabled.

In 23.01 you can disable SpeedShift by setting hint.hwpstate_intel.0.disabled=1 as loader variable. But if the CPU can only use 800MHz it will still be running at that speed and just not reported.

puneet1984

Hello
So i tried updating to 23.01 today again...
but i am getting the same issue.... gateways works for sometime and then it disconnects.

attaching

1. upgrade log
2. PPP log - both v22.05 and v23.01
3. mpd5 status

Logs

ppp logs v22.05

@stephenw10 Also i am unable to post using my backup ISP ... IP banned...
I am using Jio ISP with IP subnet 49.43.x.x.
Please check at your end

puneet1984

@stephenw10
@stephenw10

regarding the CPU speed stuck @ 800Mhz.

It is a Dell issue...
i changed power supply of dell optiplex 3050 micro and bios is not recognising it so it is activating something called as BD PROTHOT which makes the cpu run at the lowest possible freq.
Thus i want to know is there any way that can be disabled using a script in bsd.

Please check this askubuntu-link and this link