Check_reload_status goes to 100% then OpenVPN Client restarts



  • Hi,

    I am running pfSense 2.1.2-RELEASE (i386) built on Thu Apr 10 05:23:34 EDT 2014 FreeBSD 8.3-RELEASE-p15

    Recently, I have noticed that the CPU goes to 100% and then my OpenVPN clients (I have 2) restart. If I watch "top" during this, I notice that "check_reload_status" is maxing out at 100%. This seems to happen while there has been little internet activity for awhile and then I get on my computer and use the internet and my pfSense box maxes out and restarts the VPN and then I it starts working. Can anyone advise on why this might be happening. If you need more test results please let me know how I can get those for you.



  • I was reading the pfSense min requirements and it states

    10-20 Mbps
    We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
    21-100 Mbps
    We recommend a modern 1.0 GHz Intel or AMD CPU

    My CPU is a Intel Pentium 4 CPU 2.60GHz which is much older than 4 years… around 8 years it looks like. My download speed is 30 Mbps. Could it be that the CPU fails when I first start using the internet? However, when I am downloading at max speeds of 30 Mbps the CPU normally only shows about 45 - 55% used. Just thought I would throw that out there.



  • Maybe when you start a big download… that maxs out your internet connection and latency goes up. Then pfSense "apinger" thinks the link has a problem and starts reacting.
    When this happens, what are the latency (RTT) and packet loss figures reported by the dashboard Gateways widget?
    You can try extending the parameters in System->Routing, Gateways, Edit a gateway, Advanced parameters.



  • This is what happens when the CPU goes to 100%

    RTT        Loss  Status
    892.8ms 0% Latency

    Normally it is:

    8.4ms 0% Online

    I changed RTT to 4000/1000 which stops the CPU from going to 100% and freezing everything. If I disable my VPN Clients it still is showing really high RTT values. If I do a speedtest.net I get normal results, but if I download a file it goes super slow. This usually happens after dinner. Why is the RTT getting so high or does RTT fluctuate a lot when connected to VPN clients?

    EDIT: Now downloading a file is normal again but RTT still is bouncing around pretty high.



  • @archedraft:

    This is what happens when the CPU goes to 100%

    No, that's what causes the CPU to go to 100%. Your gateway status is flapping because of the loss and latency in the replies. As it goes in and out of alarm, it treats that like a WAN IP change, which restarts your VPNs. That usually only happens for one of two reasons. One, you have a shaper config in place (and/or limiters) that's restricting the monitor pings. Two, the replies really are that flaky either because of a connection problem, or just an ISP's router rate limiting replies (better to use something anycasted like 8.8.8.8).



    1. I don't believe that I have any limiters. I do have two VPN Clients setup and rules that dictate which computer traffic goes to each VPN.
    2. I have been using my current setup for about a year with no problems until this last month. I am using 8.8.8.8 and 8.8.4.4 as my DNS.

    Any thoughts on what I should try/test next or is this something I may have to learn to live with?



  • Check this thread for having a smoother GW failure handling for small Alix architecture :

    https://forum.pfsense.org/index.php?topic=73243.15

    Try not to ping Google as the server could response from a far location and produce high pings. Pinging too far can transform a ISP routing failure into a false link failure (seen from PF).
    So try to ping something close to you (geographically and/or in terms or router hop), but not your ISP GW : some routers (like Cisco does) are known to drop some ICMP ping replies (even if not under heavy load) and thus produce false high response time or false loss.


Log in to reply