Utorrent causes internet crash ONLY at one pc, internal lans fine
-
Heavy1metal:
no I don't see snort listed under services listed
I run pfsense on an old thin client for the hardware, a wyse type box as a glorified mini computer - not virtualized. From there I plug into a gig switch which runs to my desktop pc having the issue and my other computers having no issues at the moment. I
DNS isn't pulling from cache because I am randomly asking people for websites that i have never before visited - they are all fresh pulls.
If I close utorrent on the desktop the issue does not go away. If I reboot the pfsense machine it does not solve the issue either… but how could utorrent break the connection ONLY at that pc and ONLY to wan traffic? what could be done locally to cripple wan but not lan? That is the strangest part...Stephen:
That was during download after rebooting it.
The entries look similar after it crashes. I just went down again and the entries for firewall are the same type and around the same frequency.
Mostly udp, some TCP:S, some TCP:R, some ICMP6, all WAN. I turned off logging of default rule blocks and then tried checking a web page - nothing new showing up, firewall is empty.That being said: I have vmware workstation loaded on my desktop. I just fired up one of the virtual machines and attempted to pull up a web page - same end result for what it's worth. I also remotely connect to my desktop during the day with teamviewer and leave the connection open. I know the issue happens when it does because my remote connection drops. When that happens I teamviewer to my laptop to rdp into my desktop and troubleshoot.
-
what could be done locally to cripple wan but not lan?
Change the default route information or gateway. Then you have access only to local subnet services. That would include the DNS forwarder in pfSense. Of course I have no idea why it might be doing that. Rogue DHCP server on your network? That happens surprisingly frequently and can cause all manner of problems.
I suggest you run an 'ipconfig /all' on your Windows box before and after failure and compare the two.
That being said: I have vmware workstation loaded on my desktop. I just fired up one of the virtual machines and attempted to pull up a web page - same end result for what it's worth.
Is this the same machine you run utorrent on? You mean a VM running on that machine after it fails to connect also fails to connect?
Steve
-
ipconfig nets the same IP. if I do a release/renew it does get an IP (same one) from pfsense and gateway is the same. It behaves the same both before and after restarting the pc.
Correct, once my desktop no longer communicates with the internet, the vmware machine running on the same desktop pc also has no internet access.
-
Is the VM getting a new IP from pfSense or is it NATed from the host machine?
What about the routing information, try 'route print' before and after failure.
Steve
-
VM actually grabs via pfsense, it shows up in the arp table there.
Here's a fresh route print before failure (192.168.1.1 is the pfsense machine, and 1.11 is my desktop):
===========================================================================
Interface List
10…b8 97 5a 27 36 b8 ......Realtek PCIe GBE Family Controller
14...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
15...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.217.240 276
169.254.0.0 255.255.0.0 On-link 169.254.238.131 276
169.254.217.240 255.255.255.255 On-link 169.254.217.240 276
169.254.238.131 255.255.255.255 On-link 169.254.238.131 276
169.254.255.255 255.255.255.255 On-link 169.254.217.240 276
169.254.255.255 255.255.255.255 On-link 169.254.238.131 276
192.168.1.0 255.255.255.0 On-link 192.168.1.11 266
192.168.1.11 255.255.255.255 On-link 192.168.1.11 266
192.168.1.255 255.255.255.255 On-link 192.168.1.11 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.238.131 276
224.0.0.0 240.0.0.0 On-link 169.254.217.240 276
224.0.0.0 240.0.0.0 On-link 192.168.1.11 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.238.131 276
255.255.255.255 255.255.255.255 On-link 169.254.217.240 276
255.255.255.255 255.255.255.255 On-link 192.168.1.11 266Persistent Routes:
None
And here is one right after everything hits the fan:
===========================================================================
Interface List
10...b8 97 5a 27 36 b8 ......Realtek PCIe GBE Family Controller
14...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
15...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.217.240 276
169.254.0.0 255.255.0.0 On-link 169.254.238.131 276
169.254.217.240 255.255.255.255 On-link 169.254.217.240 276
169.254.238.131 255.255.255.255 On-link 169.254.238.131 276
169.254.255.255 255.255.255.255 On-link 169.254.217.240 276
169.254.255.255 255.255.255.255 On-link 169.254.238.131 276
192.168.1.0 255.255.255.0 On-link 192.168.1.11 266
192.168.1.11 255.255.255.255 On-link 192.168.1.11 266
192.168.1.255 255.255.255.255 On-link 192.168.1.11 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.238.131 276
224.0.0.0 240.0.0.0 On-link 169.254.217.240 276
224.0.0.0 240.0.0.0 On-link 192.168.1.11 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.238.131 276
255.255.255.255 255.255.255.255 On-link 169.254.217.240 276
255.255.255.255 255.255.255.255 On-link 192.168.1.11 266Persistent Routes:
None -
Hmmmm. :-\
What do you have between the pfSense box and the client? Assuming you have some switch does it have any features that may be contributing to this? Have you tried power cycling the switch? Have you tried removing the ethernet cable from the client?
Otherwise I'm stumped!
Steve
-
yea this is a real tough one. It's just a standard trendnet gig dumb switch, nothing to it… no features. I haven't bounced it yet or messed with the cable because of that. Nothing else in the middle
-
To update anyone with similar issues, dropped to uTorrent 2.2.1 Build 25302 (but kept settings) issue persisted.
Tried installing Vuze and seeing if it works. I had the same thing happen on vuze, guess it wasn't utorrent kicking it off just torrents in general.I since rolled back to 2.0.0.4 and also tweaked my network adapters settings. I disabled both vmware network adapters, then went to config my main adapter - disabled vmware bridge protocol and "AppEx Networks Accelerator". I think the AppEx piece was my problem, looks like it stems from something called "AMD Quick Stream Technology" - an AMD QOS shaper that must have come with my motherboard driver pack.
Since then I have downloaded 1 Terabyte and not had a single crash while before I couldn't break 20gb at times. I hope this helps someone else ripping their hair out.
Mystery solved, thanks everyone for their time and help.
-
Good sleuthing. :)
Seems like a useful technology then. ::)Steve
-
I have the exact same problem that is causing me a lot of grief the problem is when the net goes down (my entire network) my vpn crashes too and NOTHING internet related works even when I shut off utorrent the net remains down untill I reboot the pfsense AND reset the modem. If I don't do this my net remains down.
I just installed the latest version of vuze and I'm trying it now but seeing as this is a problem for you too I may try and revert to to utorrent 2.0.0.4 if vuze causes the issue too.
Thanks I will keep you posted on my findings.
I do have
HVAP
Squid
Squid Guard
and PF blocker running I downgraded toPFsense assuming the newest version was causing the problem, even with the older version I have this issue.
2.0.1-RELEASE (i386)
built on Mon Dec 12 18:24:17 EST 2011 -
vuze just crashed too, now I installed utorrent utorrent 2.0 build 17920
I'll run it after lunch, it usually crashes within 20 min
I'll report back.
-
@nambi - What is in the pfSense system logs prior to the network going down?
I assume you pfSense box is hitting a limit somewhere–CPU, RAM, etc.--and that's causing the box to lock up.
-
my pfsense just crashed again here using an old version of Utorrent.
This is what I notice, when the net crashes I http into the pfsense box, the GUi comes up very slow with 1/2 of it, not showing eventually the screen shows the full UI.
In the logs I see errors upon connecting to the IPSEC and other services that require the internet.
The memory is at 14% (4gm ram)
the cpu (intel atom d525) is at 4%the only thing I see in the logs is.
Apr 22 15:50:02 syslogd: kernel boot file is /boot/kernel/kernel
Apr 22 15:50:02 syslogd: exiting on signal 15
Apr 22 15:49:46 syslogd: kernel boot file is /boot/kernel/kernel
Apr 22 15:49:46 syslogd: exiting on signal 15
Apr 22 15:48:24 php: /index.php: XMLRPC communication error: RPC server did not send response before timeout.
Apr 22 15:47:05 php: /index.php: XMLRPC communication error: RPC server did not send response before timeout.Unfortunately this info doesn't provide me with much unless I'm looking in the wrong area.
-
This is clearly a completely different problem to tastyratz issue. It's effecting your whole network not just one machine as the title suggests. Since he solved his issue I guess he won't mind his thread being hi-jacked. ;)
Since you are using torrents I would first guess that you have hit a limit in the number of connections allowed. With 4GB in your pfSense box it shouldn't be a problem. How is your modem configured? Is it in bridge mode?
Look at your MBUF and states usage in the dashboard before you start the torrents and monitor it as the torrents pick up.
Steve
-
Thanks Steve I'll start a new thread so I don' t hijack this one.
I'll try your suggestion tomorrow when I have others off the system
Can you tell me what
"MBUF" is? Another really weird characteristic is, my local server which services files for our DB is inaccessible when this happens.
CPU usage is below. My UPNP is disabled should it be enabled?
When the system is crashed.
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 171 ki31 0K 32K CPU1 1 151:47 100.00% {idle: cpu1}
11 root 171 ki31 0K 32K CPU3 3 151:34 100.00% {idle: cpu3}
11 root 171 ki31 0K 32K CPU0 0 147:17 100.00% {idle: cpu0}
11 root 171 ki31 0K 32K RUN 2 149:46 81.49% {idle: cpu2}
61762 root 76 0 54624K 17156K accept 2 0:20 21.68% php
858 root 76 0 53600K 22084K piperd 0 0:18 0.78% php
12 root -32 - 0K 160K WAIT 1 1:50 0.49% {swi4: clock}
611 root 76 0 53600K 23640K accept 0 0:17 0.49% php
61713 root 46 0 54624K 17308K accept 3 0:04 0.20% php
12 root -28 - 0K 160K WAIT 0 2:24 0.00% {swi5: +}
0 root -68 0 0K 56K - 0 2:10 0.00% {em0 taskq}
40315 proxy 64 20 38016K 32684K kqread 0 0:59 0.00% squid
0 root 44 0 0K 56K sched 0 0:44 0.00% {swapper}
49971 root 64 20 250M 238M select 3 0:37 0.00% {clamd}
14 root -16 - 0K 8K - 0 0:13 0.00% yarrow
12 root -44 - 0K 160K WAIT 3 0:12 0.00% {swi1: netisr 0}
52685 root 76 20 3656K 1504K wait 2 0:03 0.00% sh
55164 root 64 20 3316K 1328K select 2 0:02 0.00% apingermy cpu when the system is running
last pid: 17083; load averages: 2.17, 1.12, 0.47 up 0+00:02:32 16:29:15
125 processes: 6 running, 99 sleeping, 20 waitingMem: 132M Active, 247M Inact, 140M Wired, 88K Cache, 112M Buf, 2713M Free
Swap: 8192M Total, 8192M FreePID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 171 ki31 0K 32K CPU1 1 1:11 69.58% {idle: cpu1}
11 root 171 ki31 0K 32K RUN 3 1:06 65.58% {idle: cpu3}
11 root 171 ki31 0K 32K CPU2 2 1:01 57.67% {idle: cpu2}
11 root 171 ki31 0K 32K RUN 0 1:01 54.98% {idle: cpu0}
25794 root 121 20 62888K 26220K CPU3 3 0:05 26.46% php
58769 root 76 20 3656K 1452K wait 1 0:00 13.38% sh
59019 root 76 20 1564K 580K nanslp 1 0:00 13.38% sleep
58113 root 76 20 247M 236M select 0 0:00 7.37% {clamd}
58113 root 76 20 247M 236M ucond 2 0:00 7.37% {clamd}
58113 root 76 20 247M 236M select 2 0:00 7.37% {clamd}
12 root -28 - 0K 160K WAIT 0 0:00 0.39% {swi5: +}
61981 root 45 0 54624K 17040K piperd 0 0:01 0.20% php
994 root 76 0 54624K 22536K accept 0 0:02 0.10% php
12 root -32 - 0K 160K WAIT 2 0:01 0.10% {swi4: clock}
0 root -68 0 0K 56K - 1 0:00 0.10% {em0 taskq}
0 root 44 0 0K 56K sched 0 0:44 0.00% {swapper}
1030 root 76 0 53600K 16176K lockf 1 0:01 0.00% php
62125 root 45 0 53600K 15524K lockf 0 0:00 0.00% php -
See: http://doc.pfsense.org/index.php/What_are_mbufs%3F
UPNP should only be enabled if you know you need to have it.
Your system output shows that PHP is struggling with something though that could be a symptom not a cause. That would tie in with the webgui being unresponsive.
Steve
-
his new thread for those curious:
http://forum.pfsense.org/index.php/topic,61616.msg332302.html#msg332302