Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense crashing randomly pfsnese plus 24.03

    Scheduled Pinned Locked Moved General pfSense Questions
    28 Posts 6 Posters 2.4k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      ssjucrono @stephenw10
      last edited by

      @stephenw10
      Thank you! Igb0 is my lan interface.

      I did have snort installed but have uninstalled it prior to this crash.

      Thank you

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Is this the first time it has crashed? Are you able to trigger it on demand in any way?

        1 Reply Last reply Reply Quote 0
        • C Offline
          cboenning @ssjucrono
          last edited by

          @ssjucrono As we're experiencing the same (same signature, same Redmine bug to track, another forum Topic though) I'd be interested .. do you run any of the following packages:

          • acme
          • aws-wizard (pre-installed on pfsense+)
          • frr
          • ipse-profile-wizard (pre-installed on pfsense+)
          • netgate_firmware_upgrade (pre-installed on pfsense+)
          • node_exporter
          • openvpn-client-export (pre-installed, I think)
          • zabbix-agent64
          S 1 Reply Last reply Reply Quote 0
          • S Offline
            ssjucrono @cboenning
            last edited by

            @cboenning said in Pfsense crashing randomly pfsnese plus 24.03:

            Thank you! yes I run these 2. though I can remove openvpn as I do not use it anymore. I have switched to tailscale
            acme
            openvpn-client-export

            C 1 Reply Last reply Reply Quote 0
            • C Offline
              cboenning @ssjucrono
              last edited by

              @ssjucrono no no. Don’t remove anything. I was just interested if there might be some similarities to our setup.

              I think those 2 packages are pretty unspectacular given they’re not really doing „anything network“

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                ssjucrono @cboenning
                last edited by

                @cboenning
                yeah, I don't need them. I removed acme and openvpn exporter as I have never used them.

                thank you

                C 2 Replies Last reply Reply Quote 0
                • C Offline
                  cboenning @ssjucrono
                  last edited by

                  @ssjucrono you may want to opt in to enabling „full core dumps“ as outlined here (https://forum.netgate.com/topic/188861/24-03-crashing-again/19) and provide them to @stephenw10 and/or Redmine to get this debugged eventually though.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    Yup, that. If you're able to enable full core dumps that will help a lot here. However be aware that you need to have enough SWAP available for the dump file which will be the size of the used RAM.

                    An alternative that may also help would be to run the debug kernel:

                    https://docs.netgate.com/pfsense/en/latest/troubleshooting/debug-kernel.html

                    That may show additional errors before the panic.

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      cboenning @ssjucrono
                      last edited by

                      @ssjucrono you may want to check the Redmine issue for a workaround (https://redmine.pfsense.org/issues/15684#note-14)

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Yup let us know if disabling net.inet.tcp.sack.enable works to prevent it.

                        For reference that looks like:
                        Screenshot from 2024-08-23 15-13-54.png

                        S E 2 Replies Last reply Reply Quote 0
                        • T toni8 referenced this topic on
                        • S Offline
                          ssjucrono @stephenw10
                          last edited by

                          @stephenw10 Thank you for the update. I don't have net.inet.tcp.sack.enable in my system tunables? should I add it? or just leave it as is?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Yes you will need to add that. It's not a default tunable.

                            S 1 Reply Last reply Reply Quote 1
                            • S Offline
                              ssjucrono @stephenw10
                              last edited by

                              @stephenw10 I have not seen this crash in awhile. I will set this though.

                              Maybe it was caused by my Unraid Docker Containers being backed up each night. So they are all stopped and then started within about 12minutes. I do get a flapping warning from arpwatch each night when this occurs. Perhaps that was the cause of the initial crash?

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                I doubt it. But it's unclear what actually triggers it since most users never hit it.

                                1 Reply Last reply Reply Quote 0
                                • E Offline
                                  enthu19 @stephenw10
                                  last edited by

                                  @stephenw10 said in Pfsense crashing randomly pfsnese plus 24.03:

                                  Yup let us know if disabling net.inet.tcp.sack.enable works to prevent it.

                                  For reference that looks like:
                                  Screenshot from 2024-08-23 15-13-54.png

                                  It works. I had random crashes, but once I added "net.inet.tcp.sack.enable=0", I haven't experienced any crashes.
                                  201a1fb1-e368-4465-9464-6cc6d6e5d316-image.png

                                  1 Reply Last reply Reply Quote 1
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Great. That should be patched in the next release.

                                    1 Reply Last reply Reply Quote 0
                                    • H Offline
                                      hulleyrob
                                      last edited by hulleyrob

                                      I wonder if this is what hit me the other day.

                                      Will post the dumps to see if they are of any use.

                                      Will upgrading to 24.11 fix this? I normally just update the system patches (currently 2.2.11_17)

                                      Thanks
                                      Rob
                                      info.0

                                      E 1 Reply Last reply Reply Quote 0
                                      • E Offline
                                        enthu19 @hulleyrob
                                        last edited by

                                        @hulleyrob

                                        Upgrading to latest version always recommended.

                                        or you can try adding this entry in System Tunnable : "net.inet.tcp.sack.enable=0"

                                        I am running 24.11 - Pretty solid
                                        a658b9d0-9f50-48f9-bcc3-b5082748928a-image.png

                                        H 1 Reply Last reply Reply Quote 0
                                        • H Offline
                                          hulleyrob @enthu19
                                          last edited by

                                          @enthu19 well 24.03 was until it wasn’t. 6 months ish uptime from memory and then I suspect the ISP changed my WAN IP (PPPOE) and I got a page fault. Thought updating the system packages was an alternative to doing a full upgrade.
                                          Was this system tunable added to 24.11 otherwise I don’t see how upgrading will help with my problem.

                                          E K 2 Replies Last reply Reply Quote 0
                                          • E Offline
                                            enthu19 @hulleyrob
                                            last edited by

                                            @hulleyrob
                                            no, I added System Tunnable entry in 24.03,

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.