PfSense hangs for about 5min
-
Hi All,
i've got Pfsense v2.2 installed on a PC Engines APU with mSata disk. Basic install plus running squid, clamav and snort. All seems to be working fine except sometimes the firewall seems to hang.
What I mean is i notice the internet connection is down when browsing. I then try to ping the pfsense box and I get not even a ping response for about 5min. After that everything returns to normal.
The system log shows the below error message just before I notice the hang:
lighttpd[34464]: (connections.c.305) SSL: 1 error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
Has anybody an idea what could cause this and what I should be looking at to fix it?
Thanks!
-
Snort is notorious for being overly paranoid and blocking stuff. Things will work for a few minutes and then Snort will kill it.
-
My Snort is only monitoring at the moment but not set to block anything.
-
Uninstall the 3 mentioned packages and you will have zero issues with "hangs".
-
Uninstall the 3 mentioned packages and you will have zero issues with "hangs".
Seriously? Hero member, 3500+ post and that's the best advise you can give?
I thought pfSense being extensible via packages and all was one of the reason it was so popular? If that's not really working I can as well run my FreeBSd packet filet and be done with.
-
Yeah. Being extensible does not mean you should install every random piece of junk on it. Shooting yourself in the foot with intrusive, huge resource hogs. Running Squid on some 16GB mSATA? Really? The purpose being? Certainly not caching. If you are doing that for AV scanning, then I can tell you that pretty much every AV installed on a desktop can do better job than the ClamAV proxy. When you look at the Cache/Proxy subforum, you'll see pretty fast that installing the Squid thing is about the quickest way to get yourself into trouble. With ClamAV, the proxy is easily gonna eat 1GB+ of your RAM. Snort will merrily eat the rest (that is, if you have the 4GB RAM APU variant. If you are on the 2GB one, it's probably already swapping like mad now…) Now, you get "hangs". Surprised? I'm not.
-
Yeah. Being extensible does not mean you should install every random piece of junk on it. Shooting yourself in the foot with intrusive, huge resource hogs. Running Squid on some 16GB mSATA? Really? The purpose being? Certainly not caching. If you are doing that for AV scanning, then I can tell you that pretty much every AV installed on a desktop can do better job than the ClamAV proxy. When you look at the Cache/Proxy subforum, you'll see pretty fast that installing the Squid thing is about the quickest way to get yourself into trouble. With ClamAV, the proxy is easily gonna eat 1GB+ of your RAM. Snort will merrily eat the rest (that is, if you have the 4GB RAM APU variant. If you are on the 2GB one, it's probably already swapping like mad now…) Now, you get "hangs". Surprised? I'm not.
Well I am still surprised!
I didn't think that squid, clams and snort is considered to be "every random piece of junk". I did think that those where actually quiet useful network protection tools every user would want to run.
I am running my APU with 4GB of memory and a 60Gb mSATA drive. The CPU utilization is <1%, memory using is 15% out of 4GB, SWAP usage is 0% and disk usage is 6%.
So yes, while having all this "random piece of junk" installed I am still surprise pfSense hangs!
-
Snort/Suricata is anything but quiet and absolutely NOT something that "every user" would run. These IDS/IPS things are noisy, intrusive, paranoid, plagued with false positives and require weeks of careful tuning and babysitting. Absolutely NOT something an average Joe out there would do.
Regarding Squid, I already pointed you to the proper forum concerning the Squid experience. Also asked about the use case for proxy there, no answer.