Intermittently losing net access



  • For some reason which I dont know the firewall 2.0.3 AMD64 release keeps periodically losing the connection to the internet.

    What I have observed is the IP address assigned by the router is lost and goes to 0.0.0.0, I've tried two different routers but still experience the same problem. Now this only happens when I am not around so I cant vpn back into my home network.

    I've tried unplugging the WAN network cable from the router to see if a new IP address is assigned by the router but no IP address is assigned.

    I've reconfigured the WAN interface so its DHCP with the IP address and also changed it to static with the IP address the router assigns but the dashboard always shows 0.0.0.0 even though its got the green up arrow.

    What can I do to stop this from happening again?


  • Banned

    @firewalluser:

    Now this only happens when I am not around

    What can I do to stop this from happening again?

    Stop leaving home, so that it never happens again… ?  ;D :P

    P.S. Need a whole lot more info on the WAN configuration.



  • What info do you need?

    At the moment the Wan is setup with DHCP and is using an alias IP address which is what the router assigns.

    I have a block of IP addresses with one being the gateway IP, the router allocates the remaining IP addresses.



  • The real question is who is at home when you are not if this truely only happens when you are away?

    Or, does it only happen when you use VPN?  What are you doing or someone else doing thats different when you are away than when you are there?



  • It only happens when I am away and to eliminate the VPN I have been running pfsense with only snort installed for the last month or so to eliminate any compatibility issues with additional packages, so at best all I can say is there is no outward bound traffic ie me surfing the net or downloading emails.

    I have found this entry below in one of the logs which might be relevant?

    php: : The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf msk0 > /tmp/msk0_output > /tmp/msk0_error_output' returned exit code '15', the output was ''



  • MSK0 is my wan interface although I've just downloaded 2.1-RC0 (amd64) as I needed drivers for a Realtek 8111F motherboard nic which is in Freebsd8.3 and above and didnt fancy install freebsd onto a VM just so I can copy the drivers back.

    Will report back if the 2.1 version of pfsense has the same problem or not.



  • Had the same symptom occur over the last 12hours.

    This happened at 02:17 local time and the message on the console and in the system log says:
    msk0 Watchdog Timout (msk0 is my wan interface)
    Prefetch unit stuck?
    Initialization failed: No Memory for Rx Buffers.

    Does the above mean anything?

    My firewall has 4 Gb of ram on a dual core celeron cpu PC with a 500Gb HD using 2.1-RC0 (amd64) built on Tue Jul 16 16:31:34 EDT 2013 fwiw.



  • Its a long lived sometimes mentioned FreeBSD error that seems to occure from time to time depending on hardware.
    Disabling MSI is mentioned in possibly solving the problem (hw.msk.msi_disable loader tunable).
    I assume you would stick "hw.msk.msi_disable" in a config file to try it.
    (That is literally just google talking as I have never actually seen this myself)

    A little edit here.  Might also want to try increase size of mbuf.

    And take a look here at a post by stephenw10 much earlier:
    http://forum.pfsense.org/index.php/topic,57238.0.html

    "The new drivers didn't help in the Watchguard box with that same NIC.
    Instead try disabling MSI for that interface. Put:
    Code:

    hw.msk.msi_disable=1

    In the file: /boot/loader.conf.local
    You will probably have to create that file."

    I think doing both the MBUF increase and disabling watchdog in MSI will fix your issue.
    Perhaps someone here will have actually had some experience with this.

    so in    /boot/loader.conf.local    I would but both:
    kern.ipc.nmbcluster=131072
    hw.msk.msi_disable=1

    Just get to two possible issues out of the way.



  • I dont have a /boot/loader.conf.local  only /boot/loader.conf on my system so I have added hw.msk.msi_disable=1 to it for now, rebooted and will see what happens. I assume this is the correct file but the reference to .local maybe from a livecd instance running perhaps?

    I dont recall seeing this problem on my old HW which was changed about 3-4months ago and I'll try a new cable as well as I know how a poorly terminate cable can slow up some ISAM databases no end and this is also a 3-4month old cable as well.

    If I dont get any problems I'll report back in say a few weeks, if I do get the same symptom I'll try the kern.ipc.nmbcluster=131072 setting next and report back.

    Thanks for your help!



  • The file wouldn't have existed unless you created it.  You probably should have created the file exactly as /boot/loader.conf.local
    I have no idea if it will do much in the other place.

    I would have added:

    kern.ipc.nmbcluster=131072 to the file as well since low mbuf is also a general cause of issues.
    Just to kill 2 birds with one stone.

    If you have time, just go in, create the file /boot/loader.conf.local, make the changes and put the other file back the way it was.

    (I also didn’t have one til I made it and I also had the other file.)

    After that, please do reboot.



  • @kejianshi:

    The file wouldn't have existed unless you created it.  You probably should have created the file exactly as /boot/loader.conf.local
    I have no idea if it will do much in the other place.

    I would have added:

    kern.ipc.nmbcluster=131072 to the file as well since low mbuf is also a general cause of issues.
    Just to kill 2 birds with one stone.

    If you have time, just go in, create the file /boot/loader.conf.local, make the changes and put the other file back the way it was.

    (I also didn’t have one til I made it and I also had the other file.)

    After that, please do reboot.

    Just an update to let you know that I had the net access problem with what I did, carried out the instructions like you said and its been working without a problem for just over a couple of weeks.

    Thanks for your help!



  • Thats good to know.  I'm glad its fine.


Log in to reply