What could be causing my pfSense Instability?
-
Hey all,
So I've been running pfSense inside a VM server for a while, and I have been very happy with it. It's been sturdy as a rock, and performs well.
Then the other day, I decided to change two settings, and ever since the pfSense box has been losing its DHCP server roughly once a day, and eventually becoming unresponsive.
The problem starts out with the DHCP server not working on the LAN, but devices already assigned an IP continue to use the WAN. Devices trying to get a new IP - however - don't get one and fail. Eventually - however - even the WAN portion stops working for devices with existing IP's.
The settings I changed are as follows:
-
I checked the "enable IPV6" box, thinking I might experiment with IPV6 a bit, as I am still rather unfamiliar with it.
-
I increased the firewall state side to about 1 million entries. (I figured since I use a VERY LARGE amount of NAT states, I probably should increase the firewall states to match).
The box is not running out of ram (It sits at about 6% use)
Last night I started trouble shooting what was causing this and disabled IPV6 functionality. The pfSense box has not had the issue since, but it is too soon to tell for sure.
Are there any known issues here I should be aware of, or anything else you guys might think is causing my issue?
Thanks,
Matt -
-
Do you mean 'Allow IPV6'?
Which version of pfSense are you running?
Steve
-
Do you mean 'Allow IPV6'?
Which version of pfSense are you running?
Steve
Yep, that would be it, under Advanced -> Networking.
Version is 2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6Running under ESXi 5.0 on an AMD E350 system with 8GB of ram.
Since I have turned it off, it has now been 4.5 days without a DHCP server crash, so I'd say this is it.
-
IPv6 is not supported in any real way in 2.0.1. That box simply allows traffic to pass through pfSense.
If you want to experiment with IPv6 you probably want to try one of the test images for pfSense 2.1 (or wait until it is released)
http://forum.pfsense.org/index.php/topic,46459.msg243571.html#msg243571Steve
-
IPv6 has no relation to the DHCP server. All that checkbox does is either add rules blocking all IPv6 or not add them. Neither way has any impact on anything with IPv4.
Is the DHCP server running when it stops giving leases? Check Status>Services, and the system logs. The only time I've seen the DHCP server stop handing out leases is when it doesn't have any to hand out. It may be possible there is some missing input validation somewhere that lets you generate an invalid config file that stops dhcpd, which would be in the logs, but that would have to be something atypical you're doing.
