PfSense randomly loses connection, and reboot is only solution.

Hardware
Log in to reply
  • R

    So, I just did and fresh install on a new computer. Using the built-in NIC as LAN, and an USB-nic for WAN.
    After a few hours I lost connection to Internet, but I still could reach the FW, and I all clients could ping the GW. All DNS:es were unreachable tho.
    The only solution to solve the problem was to reboot.

    Here are some info, just after the connection-loss:

    $ dmesg
Copyright (c) 1992-2012 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 18:39:44 EDT 2013
    root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.53GHz (2527.08-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf41  Family = f  Model = 4  Stepping = 1
  Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x451d <sse3,dtes64,mon,ds_cpl,tm2,cnxt-id,xtpr>AMD Features=0x100000 <nx>TSC: P-state invariant
real memory  = 2147483648 (2048 MB)
avail memory = 2072616960 (1976 MB)
ACPI APIC Table: <dell  sx280 ="">
ioapic0: Changing APIC ID to 8
ioapic0 <version 2.0=""> irqs 0-23 on motherboard
lapic0: Forcing LINT1 to edge trigger
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc07bb6f0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07bb790, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07bb830, 0) error 1
kbd1 at kbdmux0
cryptosoft0: <software crypto=""> on motherboard
padlock0: No ACE support.
acpi0: <dell sx280 =""> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, f00000 (3) failed
acpi0: reservation of 1000000, 7e686c00 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: <acpi cpu=""> on acpi0
acpi_button0: <power button=""> on acpi0
pcib0: <acpi host-pci="" bridge=""> port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus=""> on pcib0
pcib1: <acpi pci-pci="" bridge=""> irq 16 at device 1.0 on pci0
pci1: <acpi pci="" bus=""> on pcib1
vgapci0: <vga-compatible display=""> port 0xecd8-0xecdf mem 0xdff00000-0xdff7ffff,0xc0000000-0xcfffffff,0xdfec0000-0xdfefffff irq 16 at device 2.0 on pci0
agp0: <intel 82915g="" (915g="" gmch)="" svga="" controller=""> on vgapci0
agp0: aperture size is 256M, detected 7932k stolen memory
vgapci1: <vga-compatible display=""> mem 0xdff80000-0xdfffffff at device 2.1 on pci0
pcib2: <acpi pci-pci="" bridge=""> irq 16 at device 28.0 on pci0
pci2: <acpi pci="" bus=""> on pcib2
bge0: <broadcom netxtreme="" gigabit="" ethernet="" controller,="" asic="" rev.="" 0x004001=""> mem 0xdfcf0000-0xdfcfffff irq 16 at device 0.0 on pci2
bge0: CHIP ID 0x00004001; ASIC REV 0x04; CHIP REV 0x40; PCI-E
miibus0: <mii bus=""> on bge0
brgphy0: <bcm5750 10="" 100="" 1000basetx="" phy=""> PHY 1 on miibus0
brgphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
bge0: [ITHREAD]
uhci0: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-a=""> port 0xff80-0xff9f irq 21 at device 29.0 on pci0
uhci0: [ITHREAD]
uhci0: LegSup = 0x3000
usbus0: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-a=""> on uhci0
uhci1: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-b=""> port 0xff60-0xff7f irq 22 at device 29.1 on pci0
uhci1: [ITHREAD]
usbus1: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-b=""> on uhci1
uhci2: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-c=""> port 0xff40-0xff5f irq 18 at device 29.2 on pci0
uhci2: [ITHREAD]
usbus2: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-c=""> on uhci2
uhci3: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-d=""> port 0xff20-0xff3f irq 23 at device 29.3 on pci0
uhci3: [ITHREAD]
usbus3: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-d=""> on uhci3
ehci0: <intel 82801fb="" (ich6)="" usb="" 2.0="" controller=""> mem 0xffa80800-0xffa80bff irq 21 at device 29.7 on pci0
ehci0: [ITHREAD]
usbus4: EHCI version 1.0
usbus4: <intel 82801fb="" (ich6)="" usb="" 2.0="" controller=""> on ehci0
pcib3: <acpi pci-pci="" bridge=""> at device 30.0 on pci0
pci3: <acpi pci="" bus=""> on pcib3
isab0: <pci-isa bridge=""> at device 31.0 on pci0
isa0: <isa bus=""> on isab0
atapci0: <intel ich6="" udma100="" controller=""> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf irq 16 at device 31.1 on pci0
ata0: <ata channel=""> at channel 0 on atapci0
ata0: [ITHREAD]
ata1: <ata channel=""> at channel 1 on atapci0
ata1: [ITHREAD]
atapci1: <intel ich6="" sata150="" controller=""> port 0xfe00-0xfe07,0xfe10-0xfe13,0xfe20-0xfe27,0xfe30-0xfe33,0xfea0-0xfeaf irq 20 at device 31.2 on pci0
atapci1: [ITHREAD]
ata2: <ata channel=""> at channel 0 on atapci1
ata2: [ITHREAD]
ata3: <ata channel=""> at channel 1 on atapci1
ata3: [ITHREAD]
pci0: <serial bus,="" smbus=""> at device 31.3 (no driver attached)
acpi_hpet0: <high precision="" event="" timer=""> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 900
atrtc0: <at realtime="" clock=""> port 0x70-0x7f irq 8 on acpi0
ppc0: <parallel port=""> port 0x378-0x37f,0x778-0x77f irq 7 on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus=""> on ppc0
plip0: <plip network="" interface=""> on ppbus0
plip0: [ITHREAD]
lpt0: <printer> on ppbus0
lpt0: [ITHREAD]
lpt0: Interrupt-driven port
ppi0: <parallel i="" o=""> on ppbus0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
pmtimer0 on isa0
orm0: <isa option="" roms=""> at iomem 0xc0000-0xcafff,0xcb000-0xcc7ff,0xcc800-0xcdfff,0xce000-0xcffff pnpid ORM0000 on isa0
sc0: <system console=""> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <generic isa="" vga=""> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atkbdc0: <keyboard controller="" (i8042)=""> at port 0x60,0x64 on isa0
atkbd0: <at keyboard=""> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
p4tcc0: <cpu frequency="" thermal="" control=""> on cpu0
Timecounter "TSC" frequency 2527082964 Hz quality 800
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ugen0.1: <intel> at usbus0
uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus0
ugen1.1: <intel> at usbus1
uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus1
ugen2.1: <intel> at usbus2
uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus2
ugen3.1: <intel> at usbus3
uhub3: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus3
ugen4.1: <intel> at usbus4
uhub4: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr=""> on usbus4
acd0: CDROM <hl-dt-st gcr-8240n="" 1.06=""> at ata0-master UDMA33 
ad4: 38146MB <wdc wd400bd-75jma0="" 05.01c05=""> at ata2-master UDMA100 SATA
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
uhub4: 8 ports with 8 removable, self powered
ugen4.2: <vendor 0x0b95=""> at usbus4
axe0: <vendor 2="" 0x0b95="" product="" 0x772a,="" rev="" 2.00="" 0.01,="" addr=""> on usbus4
Trying to mount root from ufs:/dev/ad4s1a
miibus1: <mii bus=""> on axe0
ukphy0: <generic ieee="" 802.3u="" media="" interface=""> PHY 16 on miibus1
ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
ue0: <usb ethernet=""> on axe0
ZFS NOTICE: Prefetch is disabled by default on i386 -- to enable,
            add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
             Consider tuning vm.kmem_size and vm.kmem_size_max
             in /boot/loader.conf.
ZFS filesystem version 5
ZFS storage pool version 28
ue0: link state changed to DOWN
bge0: link state changed to DOWN
tun2: changing name to 'ovpns2'
tun3: changing name to 'ovpns3'
ovpns2: link state changed to UP
pflog0: promiscuous mode enabled
ue0: link state changed to UP
bge0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP</usb></generic></mii></vendor></vendor></wdc></hl-dt-st></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></cpu></at></keyboard></generic></system></isa></parallel></printer></plip></parallel></parallel></at></high></serial></ata></ata></intel></ata></ata></intel></isa></pci-isa></acpi></acpi></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></bcm5750></mii></broadcom></acpi></acpi></vga-compatible></intel></vga-compatible></acpi></acpi></acpi></acpi></power></acpi></dell></software></version></dell ></nx></sse3,dtes64,mon,ds_cpl,tm2,cnxt-id,xtpr></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>

    I have no idea if the connection-loss started when ue0 seems to have went crazy.

    Here is a picture of System Activity after connection was lost:

    Help would me much appreciated, since I finally upgraded the CPU from 450mhz to 2.53ghz, and 192mb ram > 2gb.

    Thanks.

    0
  • R

    Forget to say that the USB-NIC is Asix ax88772b, using axe_4.ko

    [2.1-RELEASE][admin@firewall.ninya.org]/root(4): usbconfig -u 4 dump_device_desc

ugen4.2: <product 0x772a="" vendor="" 0x0b95="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON

  bLength = 0x0012
  bDescriptorType = 0x0001
  bcdUSB = 0x0200
  bDeviceClass = 0x00ff
  bDeviceSubClass = 0x00ff
  bDeviceProtocol = 0x0000
  bMaxPacketSize0 = 0x0040
  idVendor = 0x0b95
  idProduct = 0x772a
  bcdDevice = 0x0001
  iManufacturer = 0x0001  <asix elec.="" corp.="">iProduct = 0x0002  <ax88x72a>iSerialNumber = 0x0003  <000002>
  bNumConfigurations = 0x0001</ax88x72a></asix></product>
    0
  • B

    Did you already do the MBUF tweak?  In /boot/loader.conf… you might try setting kern.ipc.nmbclusters="32768".  The default I believe is 0.  You'll need to reboot the firewall after the change.

    This fixed some goofy NIC behavior in 2 of my remote office deployments.

    0
  • M

    I had the same issue using a USB nic. The fix was to ditch the USB nic and do both lan and wan on the same port using vlans. Of course you will need a switch capable of vlans to make this work.

    0
  • stephenw10
    Netgate Administrator

    @rocketdog:

    Forget to say that the USB-NIC is Asix ax88772b, using axe_4.ko

    Do you just mean its using the axe driver or you have actually loaded some alternative kernel module? I'm not familiar with 'axe_4.ko'.

    Steve

    0
  • R

    @BeerHat:

    Did you already do the MBUF tweak?  In /boot/loader.conf… you might try setting kern.ipc.nmbclusters="32768".  The default I believe is 0.  You'll need to reboot the firewall after the change.

    This fixed some goofy NIC behavior in 2 of my remote office deployments.

    Thanks! I'll give this a try.

    P.S. The FW hasn't dropped in 24 hours now!

    @mikeisfly:

    I had the same issue using a USB nic. The fix was to ditch the USB nic and do both lan and wan on the same port using vlans. Of course you will need a switch capable of vlans to make this work.

    The thing is, I don't want to get rid of my USB-nic.

    @stephenw10:

    Do you just mean its using the axe driver or you have actually loaded some alternative kernel module? I'm not familiar with 'axe_4.ko'.

    Steve

    Yeah, I just meant it's using the axe driver. I dunno why I wrote "axe_4.ko"

    0
  • R

    I noticed this during bootup:

    ukphy0: <generic ieee="" 802.3u="" media="" interface=""> PHY 16 on miibus1
ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
ue0: <usb ethernet=""> on axe0
usb_alloc_device: set address 2 failed (USB_ERR_STALLED, ignored)
usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_STALLED
ZFS NOTICE: Prefetch is disabled by default on i386 -- to enable,
            add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
             Consider tuning vm.kmem_size and vm.kmem_size_max
             in /boot/loader.conf.</usb></generic>

    Anyone knows what those STALLED-errors means?

    And how should the loader.conf look?

    vm.kmem_size="4355443200"
vm.kmem_size_max="4355443200"

    or```
    vm.kmem_size=4355443200
    vm.kmem_size_max=4355443200

    0
  • R

    Google didnt gave me much, so I give it a shot here:
    Another problem I've found is that I can't reach http://192.168.0.1 with Mozilla (with or without safemode), only through Chrome. With Mozilla it just keeps "reading 192.168.0.1", while in Chrome it's in matter of milliseconds.

    And by the way, the comp I'm running the current FW on is an Dell SX280, I'm not sure if you guys can see it directly through dmesg, but I cannot get the thermal sensors to work. Any ideas?

    0
  • stephenw10
    Netgate Administrator

    The thermal sensors dashboard widget (I assume that's what you mean?) relies on the sensor selection in System: Advanced: Miscellaneous:. Since the SX280 is pre-Core architecture it can only use ACPI to read the CPU temperature which relies on Dell having written a bios that passes that info to a non Windows OS.
    If you just want to know what the CPU temp is you can probably use the mbmon FreeBSD package to read it but it doesn't talk to the dashboard widget.

    Steve

    0
  • R

    @stephenw10:

    The thermal sensors dashboard widget (I assume that's what you mean?) relies on the sensor selection in System: Advanced: Miscellaneous:. Since the SX280 is pre-Core architecture it can only use ACPI to read the CPU temperature which relies on Dell having written a bios that passes that info to a non Windows OS.
    If you just want to know what the CPU temp is you can probably use the mbmon FreeBSD package to read it but it doesn't talk to the dashboard widget.

    Steve

    Excatly. After a lot of testing, I've come to realize that neither the ACPI-thing nore mbmon works.

    [2.1-RELEASE][admin@firewall.ninya.org]/root(4): mbmon
ioctl(smb0:open): No such file or directory
No Hardware Monitor found!!
InitMBInfo: Bad file descriptor
    0
  • R

    I'm not sure what wrong, but suddenly my FW starts to act like a monkey. It loses all connection to my gateway, and the only solution is, as topis say, reboot. 'dmesg' gives nothing. Anyone got a clue? This is really frustrating since I'm running TOR, http, mumble etc.

    0
  • stephenw10
    Netgate Administrator

    So you can still access the webgui? And can you, like previously, still ping the gateway?

    What is the gateway? Is the pfSense box behind another router or does it have a public IP on WAN? How is it connected?

    You need to methodically go through and identify exactly which part of the connection is failing. What you can ping and what you can't. Is DNS working? Does the routing table look reasonable?

    It's interesting that neither ACPI or mbmon work with that box. There must be a few people running identical hardware since they are so common. There will at least be people running FreeBSD on it. Do you have the most recent bios?

    Steve

    0
  • R

    Yeah, I can access the webGui. The GW is down, cannot be pinged (red-flagged @ webGui) etc. DNS:es can't be reached..

    I have a static ip, static GW, and the FW is connected directly to the "wall-jack".

    Not sure about the BIOS, but could take a look..Been thinking about things getting overheated, but then why would just the GW drop?
    The box seems no the have any support for temp-support, so I have no idea about if it is a overheat-problem..

    0
  • stephenw10
    Netgate Administrator

    Ok so the gateway device is some box at your ISP?
    When the gateway is marked down there will be something in the system logs. Often it will report the reason for marking it down as either excessive packet loss or delay. If it does not it usually means the connection has gone down. Is the WAN interface still showing as UP?
    It may be the remote box doesn't like being pinged continuously. You could try altering the ping interval (1s be default) or disabling apinger entirely in System: Routing: Gateways: (edit gateway - advanced section for apinger tuning).

    Steve

    0
  • D

    @rocketdog:

    Not sure about the BIOS, but could take a look..Been thinking about things getting overheated, but then why would just the GW drop?

    If you do a Dmesg after the GW drops, does it show the link flapping on the ue0 nic?

    If so, you either have a failing NIC or just general instability with the USB NIC (these aren't exactly what I would consider to be stable).

    If the System Logs do not show Apinger alarm, restarting the NIC and followed by a filter reload, then the problem probably lies with the NIC (I've had this with a failing NIC before).

    0
  • R

    @dreamslacker:

    If you do a Dmesg after the GW drops, does it show the link flapping on the ue0 nic?

    If so, you either have a failing NIC or just general instability with the USB NIC (these aren't exactly what I would consider to be stable).

    If the System Logs do not show Apinger alarm, restarting the NIC and followed by a filter reload, then the problem probably lies with the NIC (I've had this with a failing NIC before).

    Yeah, tons of ups and downs. The FW has worked as a charm for the last few days…I tuned some stuff on a server (did some ifconfig eth0 RX downtune IIRC), and the TOR-server went down about 20%...Before, and when the FW-problems occured, the tor-relay was full throttle.. So I guess it's just this damn USB NIC. Too much traffic and it goes bananas..

    How do you reload filters?

    0
  • R

    Looking at dmesg, I've lost connections several times…probably while I've not been using internet etc. And I have no idea for how long the ue0 is down, and why it comes back up again. Ideas?

    ukphy0: <generic ieee="" 802.3u="" media="" interface=""> PHY 16 on miibus1
ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
ue0: <usb ethernet=""> on axe0
ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
             Consider tuning vm.kmem_size and vm.kmem_size_max
             in /boot/loader.conf.
ZFS filesystem version 5
ZFS storage pool version 28
ue0: link state changed to DOWN
bge0: link state changed to DOWN
pflog0: promiscuous mode enabled
ue0: link state changed to UP
bge0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: promiscuous mode enabled
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP
ue0: link state changed to DOWN
ue0: link state changed to UP</usb></generic>

    Found this! What could cause this? 1-5 minutes downtime, but no "uplink" messages?

    Edit: Missed to get these lines in the screenshot.

    Feb 10 19:35:41 	apinger: Starting Alarm Pinger, apinger(17013)
Feb 10 19:35:51 	apinger: ALARM: WANGW(188.133.122.1) *** down ***
Feb 10 21:20:37 	apinger: ALARM: GW_WAN(188.122.133.1) *** down ***
Feb 11 00:39:54 	apinger: Starting Alarm Pinger, apinger(13674)
Feb 11 00:40:05 	apinger: ALARM: WANGW(188.133.122.1) *** down ***
Feb 11 03:03:19 	apinger: ALARM: GW_WAN(188.122.133.1) *** down ***
Feb 11 03:31:54 	apinger: Starting Alarm Pinger, apinger(15720)
Feb 11 03:32:04 	apinger: ALARM: WANGW(188.133.122.1) *** down ***
Feb 13 00:17:28 	apinger: ALARM: GW_WAN(188.122.133.1) *** loss ***
Feb 13 00:47:10 	apinger: alarm canceled: GW_WAN(188.122.133.1) *** loss ***

    "Starting Alarm Pinger", then 10 seconds later I'm offline. Where can I find options about this thingy?

    0
  • stephenw10
    Netgate Administrator

    How far apart are these up down events?
    Why is it using promiscuous mode? Is it bridged?

    Steve

    0
  • R

    @stephenw10:

    How far apart are these up down events?
    Why is it using promiscuous mode? Is it bridged?

    Steve

    Promiscuous mode? I have no idea. I've never seen options like that. It is no bridged.

    0
  • stephenw10
    Netgate Administrator

    Usually a NIC would only need to use promiscuous mode if it has to be able to process frames addressed to other MACs.  This is the case if it is part of a bridge or has been used for packet capturing among others.

    Steve

    0
  • R

    @stephenw10:

    Usually a NIC would only need to use promiscuous mode if it has to be able to process frames addressed to other MACs.  This is the case if it is part of a bridge or has been used for packet capturing among others.

    Steve

    According to "Diagnostics > Packet Capture" promiscuous mode is disabled. By the way did, did you see my edit on my previous post?

    0
  • stephenw10
    Netgate Administrator

    You can tune apinger or disable it completely in System: Routing: Gateways: edit gateway, advanced.
    That's not going to help if your usb nic really is flaky though.

    Steve

    0
  • D

    @rocketdog:

    So I guess it's just this damn USB NIC. Too much traffic and it goes bananas..

    How do you reload filters?

    Seems like the case.  USB NICs aren't exactly stellar performers.  I seriously recommend getting a cheap VLAN capable switch (Netgear GS108T or HP Procurve 1810-8G or Mikrotik RB260GS) and using that with your BGE nic to create the WAN & LAN interfaces via VLANs instead.  It's far more stable than trying to work with the USB NIC.

    0
  • R

    As soon as I turn on squid, the USB drops within hours. Since I disabled it, it hasnt dropped once.  :) Too bad tho, since I really liked Squid. I guess I'll start using it the day I find relaying onion traffic boring.  8)

    0
  • R

    Sorry for keeping this thread alive, but..since I figured out, the reason the USB-NIC overloads is because of Squid, is there any certain tweaks I could do to Squid towards the hardware?

    0
  • B

    @rocketdog:

    Sorry for keeping this thread alive, but..since I figured out, the reason the USB-NIC overloads is because of Squid, is there any certain tweaks I could do to Squid towards the hardware?

    What is squid doing when the USB nic drops? Line up the logs. Look to make the logs more verbose.

    Have you tried a different set of USB headers? Does it correspond with high load on the PC?

    0
  • R

    @bryan.paradis:

    @rocketdog:

    Sorry for keeping this thread alive, but..since I figured out, the reason the USB-NIC overloads is because of Squid, is there any certain tweaks I could do to Squid towards the hardware?

    What is squid doing when the USB nic drops? Line up the logs. Look to make the logs more verbose.

    Have you tried a different set of USB headers? Does it correspond with high load on the PC?

    After all, it's just not Squid, it is traffic itself. USB-NIC/GW still drops, just not as frequent as with Squid enabled.

    Attached some RRD graphs. If you want RRD graphs of CPU or other system-related stuff, just give me a shout.






    0
  • P

    Hi there,

    We used to use USB NICs and can confirm this flapping behavior - UP/DOWN within seconds. The only solution is NOT to use USB NICs with pfSense/FreeBSD. Go for VLAN switches and non-USB NICs.

    Thanks,
    msu

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy