Utorrent causes internet crash ONLY at one pc, internal lans fine



  • Windows 7 amd 5800k machine with 16gb ram and using a pfsense release firewall, gigabit switch.

    I have been struggling with a VERY strange issue using utorrent on my desktop pc.
    If I download a large torrent which is well seeded and really downloads fast my pc will suddenly dump the internet connection ONLY at this pc and ONLY till I reboot. I can continue to reach this pc from inside the network using rdp, and I can continue to reach my laptop from the internet no issue. I can log into the pfsense panel from this desktop, and if I ping random new dns addresses it resolves dns but refuses to ping.
    Only utorrent DOWNLOADING will cause it to take a complete dump, I can pull down hundreds of gigs over newsgroups successfully with no hiccup and I can seed forever without an issue. Once the download is finished I don't lose the connection again and can start seeding it. If I reboot the pc everything comes back up again for a period of time. I have rebooted this pc for 1 torrent today about 5 times so far and I have a massive one to get in on next week.

    I have tried resetting tcp/ip, winsock, disabling/enabling network card and dumping the arp cache while running - still ONLY a reboot fixes it. There is nothing in the event log to coincide with the problem. It isn't grabbing a new IP, the router stays up rock solid.

    I have updated the network card drivers to a newer version, disabled avast firewall, disabled windows firewall, changed utorrent settings to recommended settings on their FAQ which - I had 4x too many connections for my speed tier. Since changing those settings my speed has definitely improved and consequently the problem seems worse!

    I searched but think my problem is rather unique to anything I have found. I cross posted on the Utorrent forums but its such a strange issue that I think it's more just failing a "Stress test" here. Any good ideas?



  • I had a similar problem - never found the cause, but changed to using deluge - and never had a problem since :)

    Not sure this helps you - but it did help me.



  • Using onboard nic? If you have an intel nic laying around, I would suggest giving that a shot. I've also had this issue with my gf's PC, her onboard nic having "green technology" which causes some really strange ass issues. I downloaded a little utility from the manf's website and turned it off - no more issues. You may be able to turn this off going into the properties (device manager) and then "Advanced" or something similar - disable any sort of ability that could turn it off be it green technology or simply "allow the computer to turn this device off to conserve power."



  • Sorry, I don't understand what you mean by @tastyratz:

    my pc will suddenly dump the internet connection ONLY at this pc

    and @tastyratz:

    Only utorrent DOWNLOADING will cause it to take a complete dump,

    Do you mean that other applications on that PC don't seem to get a response when they attempt to access the Internet? If that is the problem it could be that the torrents have so much data "in the pipe" that the response to the other access attempt can't get back in time.

    I don't know what can be configured in uTorrent but my Linux torrent client (Transmission) allows configuration of torrent priority and global bandwidth limits (presumably across all active torrents). If uTorrent offers something similar maybe you should play with priority and bandwidth limits.



  • Yea I am using the onboard Realtec nic, don't have any intels just laying around unfortunately. I tried setting the limiter to 2.5 megs today and it seemed stable for the last 20gb or so of my download which was fantastic… at ~1/3 of my speed though.

    THANK YOU for the "green ethernet" tip. I googled that and maybe I am just a victim there. I shut it off, hopefully that helps.

    Also Wallabybob: yes the internet is non responsive through a host of applications. I can RDP into it to see my aim signed off, outlook stopped checking mail, and I.E. won't pull up any pages. If I close utorrent this does not fix the issue, it ONLY finds itself better after a reboot.


  • Netgate Administrator

    This seems like something pro-active objecting to that many connections or the level of traffic. Do you have Snort running? Any sort of software firewall on the client machine?

    Steve



  • instead of limiting the speed, limit the number of connections possible. Over 1,000 connections used to lock up my cheapy linksys router before I went to pfsense. Just something to try, I could be way off base on this though since I would assume it should be using your system's ram to store connections.

    Also if you have a pfsense box setup, install pfblocker. Personally I block China / Brazil and a handful of other countries. Nothing but garbage connections.



  • If it were the number of connections, or something else that was being done to the firewall, it would affect every machine. Assuming there aren't per-IP state or bandwidth limits configured (there aren't by default), it would have to be something on the PC itself.



  • I was assuming the number of connections at the PC level, and hoping to use the firewall and utorrent settings to help reduce the load on the poor little realtek card :-P

    I only gave reference to my linksys because that's the only experience I've had, just to reiterate that I could be wrong about the realtek card getting overwhelmed (simply not understanding why or how the number of connections would affect a nic in a PC).


  • Netgate Administrator

    We need to hear back from Tastyratz to confirm this but as I read it the machine is still reachable on the LAN after it has stopped talking to the internet. Other clients are still able to talk to the internet as well. This implies that it is not a hardware or driver problem either in the client or the pfSense box.
    I would suggest it could be Snort in the pfSense box blocking things or perhaps some other blocking rule. However I would expect it more likely that the client has some software firewall that might be interfering or is somehow loosing it's routing information.

    if I ping random new dns addresses it resolves dns but refuses to ping

    How does it fail to ping? 'No route'? no response?

    Steve



  • I do have pfblocker installed already actually, good little app.

    I dropped the number in connections 400% and the problem got worse. If it were number of connections then when I dropped the connection number I would see the problem improve, not get worse I would think? I cut them down and throughput improved… but it tanked more often.

    I agree on a small scale router it can take a beating... but that's why I have a pfsense thin client setup in my home because it can handle heavy usage.

    I had avast firewall but disabled it to no change, no windows firewall. snort is installed but not configured yet.

    Stephenw10, you did read correct, so that makes me hesitate. It certainly is an odd one. Pings fail as a timeout but do resolve an IP.

    I have a good feeling about that green ethernet garbage, I just don't have anything to really test it out till next week.


  • Netgate Administrator

    If the ethernet interface in the client were going into some power saving mode you would not be able to access anything through it. No pinging local clients, no RDP, nothing.  :-
    If the pings are failing as a time out then the client still has a route, is a it a valid route? You still have DNS resolution. Presumably you are using the DNS forwarder in pfSense?

    What rules are you using in pfBlocker?  Are you seeing anything in firewall logs?

    Steve



  • ok I just kicked off my next series of big downloads and its still going on unfortunately

    traffic shaper off
    only firewall rules are pfblocker and bogon networks.
    pfblocker has spamhaus DROP and attack lists setup only, no country filtering or anything.

    Firewall log is jam packed, TONS of udp packets blocked. 50 entries isn't lasting 8 seconds under full tilt download, no entries for pfblocker last few times

    cpu usage when downloading at 5.5 megs was around 60%. I thought I had snort installed but actually I don't.

    Everything was still up but I rebooted the pfsense box and pc for good measure last night when it happened around 7. I was able to get a good 4 hours or so without issue till it hung up again. I was unable to reach pfsense by the web interface at 7 but after the reboot and this morning, fine.

    Interface Stats for fxp1              IPv4            IPv6
      Bytes In                      3019044522            17424
      Bytes Out                    71203496960                0
      Packets In
        Passed                        36941172                0
        Blocked                            820              242
      Packets Out
        Passed                        50115758                0
        Blocked                              0                0

    State Table                          Total            Rate
      current entries                    1386             
      searches                      174168351        4485.4/s
      inserts                          262768            6.8/s
      removals                          261382            6.7/s
    Source Tracking Table
      current entries                        0             
      searches                              0            0.0/s
      inserts                                0            0.0/s
      removals                              0            0.0/s
    Counters
      match                            334924            8.6/s
      bad-offset                            0            0.0/s
      fragment                              0            0.0/s
      short                                  0            0.0/s
      normalize                              0            0.0/s
      memory                                0            0.0/s
      bad-timestamp                          0            0.0/s
      congestion                            0            0.0/s
      ip-option                              0            0.0/s
      proto-cksum                            9            0.0/s
      state-mismatch                      294            0.0/s
      state-insert                        5224            0.1/s
      state-limit                            0            0.0/s
      src-limit                              0            0.0/s
      synproxy                              0            0.0/s
      divert                                0            0.0/s
    Limit Counters
      max states per rule                    0            0.0/s
      max-src-states                        0            0.0/s
      max-src-nodes                          0            0.0/s
      max-src-conn                          0            0.0/s
      max-src-conn-rate                      0            0.0/s
      overload table insertion              0            0.0/s
      overload flush states                  0            0.0/s
    states        hard limit    47000
    src-nodes    hard limit    47000
    frags        hard limit    5000
    tables        hard limit    3000
    table-entries hard limit  1000000
    tcp.first                  120s
    tcp.opening                  30s
    tcp.established          86400s
    tcp.closing                900s
    tcp.finwait                  45s
    tcp.closed                  90s
    tcp.tsdiff                  30s
    udp.first                    60s
    udp.single                  30s
    udp.multiple                60s
    icmp.first                  20s
    icmp.error                  10s
    other.first                  60s
    other.single                30s
    other.multiple              60s
    frag                        30s
    interval                    10s
    adaptive.start            28200 states
    adaptive.end              56400 states
    src.track                    0s
    all
    Cleared:    Fri Apr 12 05:45:27 2013
    References:  [ States:  1388              Rules: 1                  ]
    In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In4/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    carp
    Cleared:    Fri Apr 12 05:45:27 2013
    References:  [ States:  0                  Rules: 1                  ]
    In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In4/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    enc
    Cleared:    Fri Apr 12 05:45:27 2013
    References:  [ States:  0                  Rules: 1                  ]
    In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In4/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    enc0
    Cleared:    Thu Apr 11 19:01:13 2013
    References:  [ States:  0                  Rules: 1                  ]
    In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In4/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    fxp0
    Cleared:    Thu Apr 11 19:01:10 2013
    References:  [ States:  0                  Rules: 42                ]
    In4/Pass:    [ Packets: 50045744          Bytes: 71171714500        ]
    In4/Block:  [ Packets: 66116              Bytes: 6309492            ]
    Out4/Pass:  [ Packets: 36902402          Bytes: 3006758836        ]
    Out4/Block:  [ Packets: 3                  Bytes: 180                ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 12623              Bytes: 910008            ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    fxp1
    Cleared:    Thu Apr 11 19:01:12 2013
    References:  [ States:  0                  Rules: 15                ]
    In4/Pass:    [ Packets: 36941624          Bytes: 3019045499        ]
    In4/Block:  [ Packets: 820                Bytes: 29335              ]
    Out4/Pass:  [ Packets: 50116257          Bytes: 71204213926        ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 242                Bytes: 17424              ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    lo
    Cleared:    Fri Apr 12 05:45:27 2013
    References:  [ States:  0                  Rules: 1                  ]
    In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In4/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
    lo0
    Cleared:    Fri Apr 12 05:45:27 2013
    References:  [ States:  0                  Rules: 3                  ]
    In4/Pass:    [ Packets: 1280              Bytes: 113965            ]
    In4/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out4/Pass:  [ Packets: 1280              Bytes: 113965            ]
    Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
    In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
    In6/Block:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Pass:  [ Packets: 0                  Bytes: 0                  ]
    Out6/Block:  [ Packets: 0                  Bytes: 0                  ]


  • Netgate Administrator

    @tastyratz:

    Firewall log is jam packed, TONS of udp packets blocked. 50 entries isn't lasting 8 seconds under full tilt download

    Well this seems odd. What firewall rule is blocking these packets?

    @tastyratz:

    cpu usage when downloading at 5.5 megs was around 60%.

    That seems very high CPU usage. A processor such as yours would usually barely notice 5.5Mbps. Do you have powerd enabled? Some other cpu scaling utility?

    Have you ever had Snort installed? Sometimes it can leave things behind that cause problems.

    Steve



  • I must have removed snort, I think I had it before bit it doesn't show under installed packages. How do I fully clean it out if it left remants like that?

    I rebooted that pc at 8:45am this morning, it JUST went down again at 10am pulling a steady 5.5megabytes down. it hard cuts when it goes down, not a slow drop of clients and problems creep in or anything like that, it's like I just yanked the wan cord as far as that pc sees it.

    I did have speed issues with powerd enabled so I did disable it, I have pfsense installed in a thin client with a p3 733 and 512mb ram, dual intel pro 10/100 card. I have encryption forced on outbound connections, I have noticed cpu usage can get pretty high when any ssl traffic is passed.

    How can I see what rule blocked it? I go to status > system logs > firewall and see the list there.
    Entries just look like below (with ip's removed):

    Apr 12 09:12:42  WAN (Source outside IP):60658 (My IP):7121 UDP


  • Netgate Administrator

    Hmm, I'm not sure about Snort. I've not seen it myself but I've seen other mention it before. Mostly I think it was a problem where Snort would block something then it was uninstalled resulting in no way to unblock it. Left over block rules.

    Ah, Bytes not bits and a P3 not a 5800K  (must read better!) would explain the CPU usage. You should almost certainly not have powerd enabled for that. Only the mobile P3 had speedstep and I don't think it was supported anyway.

    @tastyratz:

    How can I see what rule blocked it?

    I knew you'd ask that and the answer has temporarily escaped me!  ::)
    Thinking about it the blocked udp packets during a download are not that important. What would be interesting is looking in the firewall logs after your client has stopped being able to reach the internet. Try to open a few web sites or whatever and then check the logs.

    Steve



  • This time it only lasted 30 minutes before crashing, it just went down again.
    I disabled PFblocker to see if that was doing anything and it did not change anything.

    I also just disabled the bogon network rule and all other firewall rules just… didn't exist.
    So why does my firewall log still show as LOADED with entries? 50 entries view is only spanned over 1 second

    EDIT
    I found out how to view what triggered it by clicking the red x
    the rule that triggered this action is:
    @1 scrub on fxp1 all fragment reassemble
    @1 block drop in log all label "default deny rule"

    I also found this explanation:
    http://doc.pfsense.org/index.php/Logs_show_"blocked"_for_traffic_from_a_legitimate_connection%2C_why%3F

    So looks like that's normal, dead end.


  • Netgate Administrator

    By default pfSense blocks everything everywhere, the 'default deny rule'.

    If you have been running a P2P application you will see a large number firewall hits as other clients worldwide attempt to connect to you. This can take days to timeout.

    What firewall entry was that for? During download or after it failed?

    Steve



  • uTorrent uses UDP connections as well. Take note if the UDP port number is the same as uTorrent's defined port number. Though this is unlikely why your connection drops off, just an explanation of why you see massive UDP connections.

    If you go to Status > Services, do you see snort listed?

    When you say you run pfsense as a thin client, I take this to mean you have a separate white box running vSphere with pfsense as a virtual machine? While your uTorrent box is a separate/dedicated computer?

    With the above being true, if restarting the uTorrent box restores connectivity then the issue is solely the uTorrent box at fault.

    DNS resolution isn't definitive, as it could pull from cache. With pings timing out I'd go as far to say you have 0 connectivity, not limited. Download the Windows XP Mode from download.microsoft.com which should be about 400-500mb and will max out your speed.

    This way it's a single connection pushing 5mbps easily. You can rule out if it's uTorrent's fault, the number of connections, or if it's going too fast.



  • Heavy1metal:
    no I don't see snort listed under services listed
    I run pfsense on an old thin client for the hardware, a wyse type box as a glorified mini computer - not virtualized. From there I plug into a gig switch which runs to my desktop pc having the issue and my other computers having no issues at the moment. I
    DNS isn't pulling from cache because I am randomly asking people for websites that i have never before visited - they are all fresh pulls.
    If I close utorrent on the desktop the issue does not go away. If I reboot the pfsense machine it does not solve the issue either… but how could utorrent break the connection ONLY at that pc and ONLY to wan traffic? what could be done locally to cripple wan but not lan? That is the strangest part...

    Stephen:
    That was during download after rebooting it.
    The entries look similar after it crashes. I just went down again and the entries for firewall are the same type and around the same frequency.
    Mostly udp, some TCP:S, some TCP:R, some ICMP6, all WAN. I turned off logging of default rule blocks and then tried checking a web page - nothing new showing up, firewall is empty.

    That being said: I have vmware workstation loaded on my desktop. I just fired up one of the virtual machines and attempted to pull up a web page - same end result for what it's worth. I also remotely connect to my desktop during the day with teamviewer and leave the connection open. I know the issue happens when it does because my remote connection drops. When that happens I teamviewer to my laptop to rdp into my desktop and troubleshoot.


  • Netgate Administrator

    @tastyratz:

    what could be done locally to cripple wan but not lan?

    Change the default route information or gateway. Then you have access only to local subnet services. That would include the DNS forwarder in pfSense. Of course I have no idea why it might be doing that. Rogue DHCP server on your network? That happens surprisingly frequently and can cause all manner of problems.

    I suggest you run an 'ipconfig /all' on your Windows box before and after failure and compare the two.

    @tastyratz:

    That being said: I have vmware workstation loaded on my desktop. I just fired up one of the virtual machines and attempted to pull up a web page - same end result for what it's worth.

    Is this the same machine you run utorrent on? You mean a VM running on that machine after it fails to connect also fails to connect?

    Steve



  • ipconfig nets the same IP. if I do a release/renew it does get an IP (same one) from pfsense and gateway is the same. It behaves the same both before and after restarting the pc.

    Correct, once my desktop no longer communicates with the internet, the vmware machine running on the same desktop pc also has no internet access.


  • Netgate Administrator

    Is the VM getting a new IP from pfSense or is it NATed from the host machine?

    What about the routing information, try 'route print' before and after failure.

    Steve



  • VM actually grabs via pfsense, it shows up in the arp table there.

    Here's a fresh route print before failure (192.168.1.1 is the pfsense machine, and 1.11 is my desktop):

    ===========================================================================
    Interface List
    10…b8 97 5a 27 36 b8 ......Realtek PCIe GBE Family Controller
    14...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
    15...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
      1...........................Software Loopback Interface 1
    11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

    IPv4 Route Table

    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.11    10
            127.0.0.0        255.0.0.0        On-link        127.0.0.1    306
            127.0.0.1  255.255.255.255        On-link        127.0.0.1    306
      127.255.255.255  255.255.255.255        On-link        127.0.0.1    306
          169.254.0.0      255.255.0.0        On-link  169.254.217.240    276
          169.254.0.0      255.255.0.0        On-link  169.254.238.131    276
      169.254.217.240  255.255.255.255        On-link  169.254.217.240    276
      169.254.238.131  255.255.255.255        On-link  169.254.238.131    276
      169.254.255.255  255.255.255.255        On-link  169.254.217.240    276
      169.254.255.255  255.255.255.255        On-link  169.254.238.131    276
          192.168.1.0    255.255.255.0        On-link      192.168.1.11    266
        192.168.1.11  255.255.255.255        On-link      192.168.1.11    266
        192.168.1.255  255.255.255.255        On-link      192.168.1.11    266
            224.0.0.0        240.0.0.0        On-link        127.0.0.1    306
            224.0.0.0        240.0.0.0        On-link  169.254.238.131    276
            224.0.0.0        240.0.0.0        On-link  169.254.217.240    276
            224.0.0.0        240.0.0.0        On-link      192.168.1.11    266
      255.255.255.255  255.255.255.255        On-link        127.0.0.1    306
      255.255.255.255  255.255.255.255        On-link  169.254.238.131    276
      255.255.255.255  255.255.255.255        On-link  169.254.217.240    276
      255.255.255.255  255.255.255.255        On-link      192.168.1.11    266

    Persistent Routes:
      None





    And here is one right after everything hits the fan:

    ===========================================================================
    Interface List
    10...b8 97 5a 27 36 b8 ......Realtek PCIe GBE Family Controller
    14...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
    15...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
      1...........................Software Loopback Interface 1
    11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

    IPv4 Route Table

    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.11    10
            127.0.0.0        255.0.0.0        On-link        127.0.0.1    306
            127.0.0.1  255.255.255.255        On-link        127.0.0.1    306
      127.255.255.255  255.255.255.255        On-link        127.0.0.1    306
          169.254.0.0      255.255.0.0        On-link  169.254.217.240    276
          169.254.0.0      255.255.0.0        On-link  169.254.238.131    276
      169.254.217.240  255.255.255.255        On-link  169.254.217.240    276
      169.254.238.131  255.255.255.255        On-link  169.254.238.131    276
      169.254.255.255  255.255.255.255        On-link  169.254.217.240    276
      169.254.255.255  255.255.255.255        On-link  169.254.238.131    276
          192.168.1.0    255.255.255.0        On-link      192.168.1.11    266
        192.168.1.11  255.255.255.255        On-link      192.168.1.11    266
        192.168.1.255  255.255.255.255        On-link      192.168.1.11    266
            224.0.0.0        240.0.0.0        On-link        127.0.0.1    306
            224.0.0.0        240.0.0.0        On-link  169.254.238.131    276
            224.0.0.0        240.0.0.0        On-link  169.254.217.240    276
            224.0.0.0        240.0.0.0        On-link      192.168.1.11    266
      255.255.255.255  255.255.255.255        On-link        127.0.0.1    306
      255.255.255.255  255.255.255.255        On-link  169.254.238.131    276
      255.255.255.255  255.255.255.255        On-link  169.254.217.240    276
      255.255.255.255  255.255.255.255        On-link      192.168.1.11    266

    Persistent Routes:
      None


  • Netgate Administrator

    Hmmmm.  :-\

    What do you have between the pfSense box and the client? Assuming you have some switch does it have any features that may be contributing to this? Have you tried power cycling the switch? Have you tried removing the ethernet cable from the client?

    Otherwise I'm stumped!

    Steve



  • yea this is a real tough one. It's just a standard trendnet gig dumb switch, nothing to it… no features. I haven't bounced it yet or messed with the cable because of that. Nothing else in the middle



  • To update anyone with similar issues, dropped to uTorrent 2.2.1 Build 25302 (but kept settings) issue persisted.
    Tried installing Vuze and seeing if it works. I had the same thing happen on vuze, guess it wasn't utorrent kicking it off just torrents in general.

    I since rolled back to 2.0.0.4 and also tweaked my network adapters settings. I disabled both vmware network adapters, then went to config my main adapter - disabled vmware bridge protocol and "AppEx Networks Accelerator". I think the AppEx piece was my problem, looks like it stems from something called "AMD Quick Stream Technology" - an AMD QOS shaper that must have come with my motherboard driver pack.

    Since then I have downloaded 1 Terabyte and not had a single crash while before I couldn't break 20gb at times. I hope this helps someone else ripping their hair out.

    Mystery solved, thanks everyone for their time and help.


  • Netgate Administrator

    Good sleuthing.  :)
    Seems like a useful technology then.  ::)

    Steve



  • I have the exact same problem that is causing me a lot of grief the problem is when the net goes down (my entire network) my vpn crashes too and NOTHING internet related works even when I shut off utorrent the net remains down untill I reboot the pfsense AND reset the modem.  If I don't do this my net remains down.

    I just installed the latest version of vuze and I'm trying it now but seeing as this is a problem for you too I may try and revert to to utorrent 2.0.0.4 if vuze causes the issue too.

    Thanks I will keep you posted on my findings.

    I do have

    HVAP
    Squid
    Squid Guard
    and PF blocker running I downgraded to

    PFsense assuming the newest version was causing the problem, even with the older version I have this issue.

    2.0.1-RELEASE (i386)
    built on Mon Dec 12 18:24:17 EST 2011



  • vuze just crashed too, now I installed utorrent utorrent 2.0 build 17920

    I'll run it after lunch, it usually crashes within 20 min

    I'll report back.



  • @nambi - What is in the pfSense system logs prior to the network going down?

    I assume you pfSense box is hitting a limit somewhere–CPU, RAM, etc.--and that's causing the box to lock up.



  • my pfsense just crashed again here using an old version of Utorrent.

    This is what I notice, when the net crashes I http into the pfsense box, the GUi comes up very slow with 1/2 of it, not showing eventually the screen shows the full UI.

    In the logs I see errors upon connecting to the IPSEC and other services that require the internet.

    The memory is at 14% (4gm ram)
    the cpu (intel atom d525) is at 4%

    the only thing I see in the logs is.

    Apr 22 15:50:02 syslogd: kernel boot file is /boot/kernel/kernel
    Apr 22 15:50:02 syslogd: exiting on signal 15
    Apr 22 15:49:46 syslogd: kernel boot file is /boot/kernel/kernel
    Apr 22 15:49:46 syslogd: exiting on signal 15
    Apr 22 15:48:24 php: /index.php: XMLRPC communication error: RPC server did not send response before timeout.
    Apr 22 15:47:05 php: /index.php: XMLRPC communication error: RPC server did not send response before timeout.

    Unfortunately this info doesn't provide me with much unless I'm looking in the wrong area.


  • Netgate Administrator

    This is clearly a completely different problem to tastyratz issue. It's effecting your whole network not just one machine as the title suggests. Since he solved his issue I guess he won't mind his thread being hi-jacked.  ;)

    Since you are using torrents I would first guess that you have hit a limit in the number of connections allowed. With 4GB in your pfSense box it shouldn't be a problem. How is your modem configured? Is it in bridge mode?

    Look at your MBUF and states usage in the dashboard before you start the torrents and monitor it as the torrents pick up.

    Steve



  • Thanks Steve I'll start a new thread so I don' t hijack this one.

    I'll try your suggestion tomorrow when I have others off the system

    Can you tell me what

    "MBUF" is?  Another really weird characteristic is, my local server which services files for our DB is inaccessible when this happens.

    CPU usage is below.  My UPNP is disabled should it be enabled?

    When the system is crashed.

    PID USERNAME PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
      11 root     171 ki31     0K    32K CPU1    1 151:47 100.00% {idle: cpu1}
      11 root     171 ki31     0K    32K CPU3    3 151:34 100.00% {idle: cpu3}
      11 root     171 ki31     0K    32K CPU0    0 147:17 100.00% {idle: cpu0}
      11 root     171 ki31     0K    32K RUN     2 149:46 81.49% {idle: cpu2}
    61762 root      76    0 54624K 17156K accept  2   0:20 21.68% php
     858 root      76    0 53600K 22084K piperd  0   0:18  0.78% php
      12 root     -32    -     0K   160K WAIT    1   1:50  0.49% {swi4: clock}
     611 root      76    0 53600K 23640K accept  0   0:17  0.49% php
    61713 root      46    0 54624K 17308K accept  3   0:04  0.20% php
      12 root     -28    -     0K   160K WAIT    0   2:24  0.00% {swi5: +}
       0 root     -68    0     0K    56K -       0   2:10  0.00% {em0 taskq}
    40315 proxy     64   20 38016K 32684K kqread  0   0:59  0.00% squid
       0 root      44    0     0K    56K sched   0   0:44  0.00% {swapper}
    49971 root      64   20   250M   238M select  3   0:37  0.00% {clamd}
      14 root     -16    -     0K     8K -       0   0:13  0.00% yarrow
      12 root     -44    -     0K   160K WAIT    3   0:12  0.00% {swi1: netisr 0}
    52685 root      76   20  3656K  1504K wait    2   0:03  0.00% sh
    55164 root      64   20  3316K  1328K select  2   0:02  0.00% apinger

    my cpu when the system is running

    last pid: 17083;  load averages:  2.17,  1.12,  0.47  up 0+00:02:32    16:29:15
    125 processes: 6 running, 99 sleeping, 20 waiting

    Mem: 132M Active, 247M Inact, 140M Wired, 88K Cache, 112M Buf, 2713M Free
    Swap: 8192M Total, 8192M Free

    PID USERNAME PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
      11 root     171 ki31     0K    32K CPU1    1   1:11 69.58% {idle: cpu1}
      11 root     171 ki31     0K    32K RUN     3   1:06 65.58% {idle: cpu3}
      11 root     171 ki31     0K    32K CPU2    2   1:01 57.67% {idle: cpu2}
      11 root     171 ki31     0K    32K RUN     0   1:01 54.98% {idle: cpu0}
    25794 root     121   20 62888K 26220K CPU3    3   0:05 26.46% php
    58769 root      76   20  3656K  1452K wait    1   0:00 13.38% sh
    59019 root      76   20  1564K   580K nanslp  1   0:00 13.38% sleep
    58113 root      76   20   247M   236M select  0   0:00  7.37% {clamd}
    58113 root      76   20   247M   236M ucond   2   0:00  7.37% {clamd}
    58113 root      76   20   247M   236M select  2   0:00  7.37% {clamd}
      12 root     -28    -     0K   160K WAIT    0   0:00  0.39% {swi5: +}
    61981 root      45    0 54624K 17040K piperd  0   0:01  0.20% php
     994 root      76    0 54624K 22536K accept  0   0:02  0.10% php
      12 root     -32    -     0K   160K WAIT    2   0:01  0.10% {swi4: clock}
       0 root     -68    0     0K    56K -       1   0:00  0.10% {em0 taskq}
       0 root      44    0     0K    56K sched   0   0:44  0.00% {swapper}
    1030 root      76    0 53600K 16176K lockf   1   0:01  0.00% php
    62125 root      45    0 53600K 15524K lockf   0   0:00  0.00% php


  • Netgate Administrator

    See: http://doc.pfsense.org/index.php/What_are_mbufs%3F

    UPNP should only be enabled if you know you need to have it.

    Your system output shows that PHP is struggling with something though that could be a symptom not a cause. That would tie in with the webgui being unresponsive.

    Steve




Log in to reply