State table gets stuck after the update
-
Hi, after updating to the community version 2.8.1, I’ve been experiencing frequent state table issues where it becomes stuck, causing pings from pfSense to fail—meanwhile, some LAN services, such as Discord, still function. Additionally, the manager process keeps locking the update mechanism, which prevents pfSense from checking for updates.
-
How much memory does your system have? The state table size is a function of memory.
-
What are you actually seeing that makes you think the state table is not being updated?
-
@WN1X said in State table gets stuck after the update:
state table size is a function of memory
Yes but it's changeable: https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-maximum-states
I was also going to ask about OP's conclusion. And what is "the manager process"?
-
I imagine the package manager. Since both that and the Upgrade process use pkg-static update and are mutually exclusive.
-
Hi, I have about 32GB of DDR4 in the system, as it was an old gaming PC of mine. and AMD Ryzen 5 5600GT.
I am running OpenVPN and FreeRADIUS packages.
And so the statetables every time I turn on a new device, the router stops pinging the internet. It takes about 5 to 10 minutes for it to start again. Meanwhile, the only connections that die are new ones because the router fails to ping the internet. I can open anything with the new device, old devices that were on vpn sessions, or WhatsApp calls or even Discord still remain active.
Last time io had this problem, I suspected statetables, so I went ahead and cleared them, and the problem went away immediately instead of taking 5 to 10 minutes. -
Ah OK. Two things:
Do you have DNS set to include DHCP clients in local host resolution?
That would trigger a reload when a new client connects. Obviously it shouldn't take anywhere near that long!Do you have the default IPv4 gateway set to WAN in System > Routing > Gateways?
If it's still set to automatic it might be failing over to openvpn and taking a while to fail back. -
@stephenw10
I did not set it up for DHCP clients to be included in local host resolution unless it's a default behaviour.
I have only one gateway configured, and that's my WAN interface. I'm only using OpenVPN as remote access to the LAN from outside. -
Hmm, OK. Can't be that then.
In that case I would connect the new client device to trigger the issue then check the system log to see what events are being triggered when you do that.
