I have to reset states every 10 hours PFSense 2.0



  • For some reason in the last 5 days as far as I can tell my traffic gets slowed on our WAN connection.  I have to reset my states in order to get it back up to proper speed.  Ping times are really high as well.  Again once I reset my states everything goes back to normal.  I have looked at the states and I don't see anything that stands out.  No more that 500 states when this happens.  Any assistance is greatly appreciated.

    • I do have Multi-WAN Loadbalancing on two separate ISP's.  I have tried stopping the second connection on the load balancer gateway setting with the same result.

    • I do have two firewalls in place with Carp failover.  This was working fine before I noticed the issue.

    • I am not seeing an error in the logs.

    • Firewall Maximum States = 390000

    • Firewall Maximum Table Entries = 390000

    • Total memory is 4GB

    • 2.0-RELEASE (amd64) built on Tue Sep 13 17:05:32 EDT 2011 You are on the latest version.



  • have you tried runing mmtest86

    http://www.memtest.org/



  • @lolinternet:

    have you tried runing mmtest86

    http://www.memtest.org/

    No I have not yet as this physical machine is in a Datacenter an hour away.  This machine isn't currently under high load and I don't see much change in memory usage.  But I will try this tomorrow.



  • So memory test found no issues.  I did track this down.  If a PPTP user logs in.  For some reason this causes the WAN connection configured with the highest priority to have latency.  if I reset the states, the latency issue is resolved.  Then its back as soon as the reconnects PPTP.  If I delete the Group no problems.  Just when the group is in place and someone connects via PPTP.

    Anyone have ideas why?  I am running out of hair fast.


  • Rebel Alliance Developer Netgate

    Just a guess: In your PPTP settings, the "Server address" is set to your WAN IP. Don't do that, enter an unused local IP instead.



  • @jimp:

    Just a guess: In your PPTP settings, the "Server address" is set to your WAN IP. Don't do that, enter an unused local IP instead.

    I have it set to an unused private IP address within the same local subnet.

    I did however find a automatic dynamic gateway setup so I have deleted that.  So far everything looks good.  Will let you know tomorrow if everything is still going strong.



  • Ok so this ended up being an issue where the firewall auto created a dynamic gateway.  Thanks for the help


Log in to reply