Web GUI freezes after a while on 2.0.2



  • Hi guys.. HUGE fan of PFSENSE. I first built a pair of 1.x boxes for High-Availability WAN management and Load Balancing… 5 years later, those two boxes are still doing GREAT on REAL CHEAP hardware (now quite old). I have not even been back into this forum for years. The CARP failover is simply bulletproof and now supports are very robust Production Environment for a sizable business.

    Question: I recently purchased a pre-loaded PFSENSE hardware unit from one of the recommended vendors with 2.0.2 to use for traffic shaping in a small branch office with about 35 employees (who have the bad habit of downloading movies - which kills SIP phone calls). Anyway, new box started up great, did the wizard for a simple load test, all great. But then after a few hours, the Web GUI just stopped responding. Reboot, it comes back. Works for a while, then stops. WAN and LAN interfaces show UP (obviously, because everything in the office works). Had to implement back-out plan not because firewall wasn't working (worked great), but because I couldn't configure it…  Any ideas on what to do with this?

    Many thanks...



  • Just did a factory restore, made zero config changes. Same behavior. The Web GUI lets me in. I can click around for a few screens. But then, seemingly randomly, I click another screen and it just doesn't come back (browser spins)…  I close browser and try again - no response at all this time.

    Chrome Firefox both the same.



  • @purdue512:

    I click another screen and it just doesn't come back (browser spins).

    Which screen?

    Can you SSH into the pfSense? If you then select option 11) Restart webConfigurator can you reconnect to the GUI?



  • ANY screen… It lets me log in, but the next click to any screen is the last one as the browser just spins...

    After doing that, even closing and re-opening browser, nothing.

    If I hit "11" console, yes, it allows me back in (after login). But on the next click, it spins.

    I could not get to SSH either...

    Any ideas? This is REALLY odd...



  • @purdue512:

    I could not get to SSH either…

    Please post what is reported when you attempt that and post output of pfSense shell command```
    /etc/rc.banner



  • Thanks for your help. I'll try that.

    But I also heard back from Tranquilnet (very responsive BTW - if you are looking for hardware)…  They said:

    "I just found out from  PF that there are some bugs in the 2.0.2 version that I was not  aware of and that we did not come across while testing."

    They recommend backing down to 2.0.1 or waiting for 2.0.3.  Does anyone know the ETA on 2.0.3?



  • can not say for sure as i'm not a developer of any kind …
    it will depend on the number of issues that will be found over the next couple of weeks.

    if none are found then they might release it within 1 month.

    (or sooner or later or the planet might explode before it's released)


  • Netgate Administrator

    If you want to speed up the 2.0.3 release or check if it might make any difference to your problem you could try running one of the snapshots from here: http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_RELENG_2_0/ report back any problems.
    Those are 2.0.3 snapshots not 2.1. Be aware that each new snapshot may introduce bugs, don't run it in production etc etc…  There aren't a huge number of changes from 2.0.2 though so I wouldn't expect any problems.

    There have been some problems with 2.0.2 but what you're describing is not one of them AFAIK.  :-\

    Steve



  • @wallabybob:

    @purdue512:

    I could not get to SSH either…

    Please post what is reported when you attempt that and post output of pfSense shell command```
    /etc/rc.banner

    Thanks. I went in via SSH and ran /etc/rc.banner –  Not much there. Just saw my two interfaces (LAN and WAN) and nothing else... Is that good? Are there other logs I should be watching?

    BTW - This issue seems to be intermittent. This morning, I have complete control in the GUI - just like normal.  I'm waiting to see if it dies again.


  • Netgate Administrator

    The webgui can appear to freeze if you have DNS problems. Any page that has to resolve a URL such as available packages can suffer from this. Usually it will come back after it has timed out. If this is happening on every page this probably isn't your problem though.

    Steve



  • @purdue512:

    Thanks. I went in via SSH and ran /etc/rc.banner –  Not much there. Just saw my two interfaces (LAN and WAN) and nothing else... Is that good?

    The reason I asked you to post the output of /etc/rc.banner (rather than an interpretation of the output) was that the output provides a number of useful pieces of configuration information in one place. In networking, as in many other areas of computing, it is important to get the details right. The output of /etc/rc.banner gives some of the details of your configuration. Having these details would allow us to check for common beginner's errors such as LAN and WAN having the same IP address or the likelihood of them being on the same subnet etc.

    If you have concerns about posting that information please state your concerns and we can attempt to address them.



  • Hi,

    I am experiencing similar problems while configuring a pfSense box.
    I have a box with 6 network interfaces. All those six have to be configured. But, while i'm installing the box, i have only 2 cables connected.
    The problem i see, is the webconfigutator getting inaccessible when network interfaces are enabled, but the cable is unplugged.
    ps shows me the following (lighttpd has state D, which is not good):
    [2.0.2-RELEASE][root@router]/root(2): ps ax | grep lightt
    28357  ??  D      0:00.03 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
    39318  0  S+    0:00.00 grep lightt
    The moment i take down the interface, the webconfigurator starts responding again:
    [2.0.2-RELEASE][root@router]/root(3): ifconfig bce2 down
    [2.0.2-RELEASE][root@router]/root(4): ps ax | grep lightt
    28357  ??  S      0:00.04 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
    4610  0  S+    0:00.00 grep lightt
    As you can see lighttpd now has state S

    In the webconfigurator under system -> advanced -> networking, i found the option " Enable device polling" which should prevent this inaccessible webconfigurator when a cable is disconnected. But this doesn't seem to help much.

    Do you experience the same problem?

    Best Regards,

    Erik


  • Netgate Administrator

    Enabling device polling is almost always a bad idea.
    What are you using these interfaces for? Are they set to DHCP?
    What hardware are you using?

    Steve



  • Currently there is only one device set to get his ip-address using DHCP. DHCP server is disabled on all devices.
    I'm using a broadcomm quadport network card, en two onboard network cards in a dell server. This is new hardware purchased to function as a multi-wan(2 interfaces) router/firewall. 5 Of those interfaces are single ip, one has a VLAN trunk set on it.
    Can you explain why enabling device polling is a bad idea? And do you have any idea why this problem occures?
    Do i have to create a new thread? I don't want to hiyack this "old" one unless it's the same problem.

    Erik


  • Netgate Administrator

    Enabling device polling will cause the machine to use all of it's spare cpu cycles asking the NICs if they have any data yet. This usually means the cpu will run at 100% all the time which can mean heat and power. It usually slows down the webgui. Under certain limited circumstances it can speed up throughput. If you have enabled it at all I suggest you disable it and then reboot. Having enabled it during some testing I found that simply disabling it again did not clear the polling flag on all NICs.

    If you are running Broadcom NICs (particularly multiport) on Dell hardware you are probably running out of mbufs. This is a known issue and there is a solution described here: http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Broadcom_bce.284.29_Cards

    Steve



  • Hi Steve,

    Thanks alot! Why did i not find that solution!
    But as it seems, things work perfectly now.

    Erik


  • Netgate Administrator

    No problem!  :)


Log in to reply