Check_reload_status goes to 100% then OpenVPN Client restarts



  • Hi,

    I am running pfSense 2.1.2-RELEASE (i386) built on Thu Apr 10 05:23:34 EDT 2014 FreeBSD 8.3-RELEASE-p15

    Recently, I have noticed that the CPU goes to 100% and then my OpenVPN clients (I have 2) restart. If I watch "top" during this, I notice that "check_reload_status" is maxing out at 100%. This seems to happen while there has been little internet activity for awhile and then I get on my computer and use the internet and my pfSense box maxes out and restarts the VPN and then I it starts working. Can anyone advise on why this might be happening. If you need more test results please let me know how I can get those for you.



  • I was reading the pfSense min requirements and it states

    10-20 Mbps
    We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
    21-100 Mbps
    We recommend a modern 1.0 GHz Intel or AMD CPU

    My CPU is a Intel Pentium 4 CPU 2.60GHz which is much older than 4 years… around 8 years it looks like. My download speed is 30 Mbps. Could it be that the CPU fails when I first start using the internet? However, when I am downloading at max speeds of 30 Mbps the CPU normally only shows about 45 - 55% used. Just thought I would throw that out there.



  • Maybe when you start a big download… that maxs out your internet connection and latency goes up. Then pfSense "apinger" thinks the link has a problem and starts reacting.
    When this happens, what are the latency (RTT) and packet loss figures reported by the dashboard Gateways widget?
    You can try extending the parameters in System->Routing, Gateways, Edit a gateway, Advanced parameters.



  • This is what happens when the CPU goes to 100%

    RTT        Loss  Status
    892.8ms 0% Latency

    Normally it is:

    8.4ms 0% Online

    I changed RTT to 4000/1000 which stops the CPU from going to 100% and freezing everything. If I disable my VPN Clients it still is showing really high RTT values. If I do a speedtest.net I get normal results, but if I download a file it goes super slow. This usually happens after dinner. Why is the RTT getting so high or does RTT fluctuate a lot when connected to VPN clients?

    EDIT: Now downloading a file is normal again but RTT still is bouncing around pretty high.



  • @archedraft:

    This is what happens when the CPU goes to 100%

    No, that's what causes the CPU to go to 100%. Your gateway status is flapping because of the loss and latency in the replies. As it goes in and out of alarm, it treats that like a WAN IP change, which restarts your VPNs. That usually only happens for one of two reasons. One, you have a shaper config in place (and/or limiters) that's restricting the monitor pings. Two, the replies really are that flaky either because of a connection problem, or just an ISP's router rate limiting replies (better to use something anycasted like 8.8.8.8).



    1. I don't believe that I have any limiters. I do have two VPN Clients setup and rules that dictate which computer traffic goes to each VPN.
    2. I have been using my current setup for about a year with no problems until this last month. I am using 8.8.8.8 and 8.8.4.4 as my DNS.

    Any thoughts on what I should try/test next or is this something I may have to learn to live with?



  • Check this thread for having a smoother GW failure handling for small Alix architecture :

    https://forum.pfsense.org/index.php?topic=73243.15

    Try not to ping Google as the server could response from a far location and produce high pings. Pinging too far can transform a ISP routing failure into a false link failure (seen from PF).
    So try to ping something close to you (geographically and/or in terms or router hop), but not your ISP GW : some routers (like Cisco does) are known to drop some ICMP ping replies (even if not under heavy load) and thus produce false high response time or false loss.