Crash report!!!!

stephenw10

Hmm, was anything logged? Any alert shown other than the crash?

Did it crash immediately when you saved those changes?

Antibiotic

@stephenw10 '

None
None
Yes

stephenw10

Hmm, it is repeatable?

We'd need to replicate it locally to dig further so steps to reproduce would help a lot.

Antibiotic

@stephenw10 Idk, will it help, that what I found i sys.log. That was on next reboot after crash

2024-05-12 19:25:14.079708+03:00 check_reload_status 643 Reloading filter
2024-05-12 19:25:15.115594+03:00 php-fpm 592 /rc.newwanip: rc.newwanip: Info: starting on igc1.
2024-05-12 19:25:15.115937+03:00 php-fpm 592 /rc.newwanip: rc.newwanip: on (IP address: 192.168.10.1) (interface: LAN[lan]) (real interface: igc1).
2024-05-12 19:25:15.401258+03:00 kernel - config_aqm Unable to configure flowset, flowset busy!
2024-05-12 19:25:15.602269+03:00 kernel - config_aqm Unable to configure flowset, flowset busy!
2024-05-12 19:25:15.602325+03:00 kernel - config_aqm Unable to configure flowset, flowset busy!
2024-05-12 19:25:16.004364+03:00 kernel - config_aqm Unable to configure flowset, flowset busy!
2024-05-12 19:25:16.004547+03:00 kernel - config_aqm Unable to configure flowset, flowset busy!
2024-05-12 19:25:16.216719+03:00 php-fpm 592 /rc.newwanip: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.PROTO.>'' returned exit code '1', the output was ''
2024-05-12 19:25:17.425245+03:00 php-fpm 592 /rc.newwanip: Resyncing OpenVPN instances for interface LAN.
2024-05-12 19:25:17.471028+03:00 php-fpm 592 /rc.newwanip: Creating rrd update script
2024-05-12 19:25:19.496269+03:00 php-fpm 592 /rc.newwanip: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 192.168.10.1 -> 192.168.10.1 - Restarting packages.
2024-05-12 19:25:19.496416+03:00 check_reload_status 643 Starting packages
2024-05-12 19:25:19.500231+03:00 check_reload_status 643 Reloading filter
2024-05-12 19:25:19.500275+03:00 check_reload_status 643 Reloading filter
2024-05-12 19:25:20.534000+03:00 php-fpm 87873 /rc.start_packages: Restarting/Starting all packages.
2024-05-12 19:25:20.829266+03:00 kernel - config_aqm Unable to configure flowset, flowset busy!

I think will remove Limiters as full of bugs

Antibiotic

@stephenw10 said in Crash report!!!!:

further so steps to reproduce would help a lot

Steps , what I did
Untick all offloads (Limiters were already) , than switch off back all offloads get first crash. After reboot changed some settings in Limiters as above in my post, get second crash. Next step remove Limiters and waiting now third crash.

stephenw10

And just resaving the Limiters again did not reproduce the crash?

Antibiotic

@stephenw10 Sorry, already removed Limiters and making state resetting's

kprovost

@stephenw10 said in Crash report!!!!:

Hmm, backtrace is unusually long

It's a routing loop. The OpenVPN traffic is being routing into the OpenVPN tunnel. Sooner or later we run out of stack and crash.

It's a bug in if_ovpn that it doesn't discard this traffic, but it's also a configuration error. Once the bug is fixed the tunnel still won't work.

Antibiotic

@kprovost said in Crash report!!!!:

but it's also a configuration error.

What do you mean, in my configuration error? Or OpenVPN have error itself?

kprovost

@Antibiotic You've somehow configured your system so that the OpenVPN tunnelled traffic goes down the OpenVPN tunnel.

stephenw10

Check the routing table in Diag > Routes. Is your default route getting set to the OpenVPN gateway?

Make sure the system default gateway is set to the WAN gateway in Sys > Routing > Gateways.

Antibiotic

@stephenw10 That , what I have . Is this incorrect?

stephenw10

Hmm, seems like you don't have a default route there for some reason. Try resaving the system default gateway and then recheck the routing table.

Antibiotic

@stephenw10 said in Crash report!!!!:

Try resaving the system default gateway

Did now!

Screenshot_13-5-2024_153020_192.168.10.1.jpeg

stephenw10

Ok you should be good.

Do you see the OpenVPN server IPs there as static routes?

Those /1 routes you see there are being pushed to you by the VPN providers. I would disable those clients from accepting routes like that. You don't need that if you;re policy routing traffic across them.

Antibiotic

@stephenw10 said in Crash report!!!!:

I would disable those clients from accepting routes like that

What do you mean, what better to disable?

stephenw10

In the OpenVPN client tunnel settings:
Screenshot from 2024-05-13 13-55-08.png

Antibiotic

@stephenw10 Did , restart OpenVPN and resaving system defaultr gateway. Is it good now?

Screenshot_13-5-2024_16115_192.168.10.1.jpeg

And second question , is it normally that I create 2 routes for one local address for VPN failover?Is it will work normally?

Local 192.168.20.0/24

stephenw10

That looks fine that should work.

Do you mean two outbound NAT rules for the same source subnet?
Then, yes, you need outbound NAT on both VPN interfaces.

Antibiotic

@stephenw10 said in Crash report!!!!:

Do you mean two outbound NAT rules for the same source subnet?

Yes , in case of one VPN down to use second VPN. So, is this normal practice, settings in NAT are, OK ?for the same source subnet