2.2.2 Crash after enabling Syncronize States option



  • Hi guys,

    We run two firewalls using CARP to provide redundancy for our network. Recently I upgraded one of the firewalls to version 2.2.2 and just powered down the second until I was sure everything worked ok with 2.2.2. After a few days I was satisfied and loved some of the new features so I figured it was time to upgrade the second one. Both servers are identical in hardware so I didn't expect any type of problem.

    After getting the second firewall upgraded, as soon as I re-established the link between the systems and enabled "Synchronize States" it immediately went unresponsive. SSH would no longer work and any attempt to connect to the web configurator would error out bouncing between "503 - Service Not Available" and "500 - Internal Server Error" if you keep refreshing.

    So, I figured it was just a bad upgrade and decided to install 2.2.2 from scratch using the downloaded media. Same thing happened as soon as I enabled the Syncronize States option again.

    I am still able to console into the machine and pinging still seems to work. Also, I don't see anything worrying in any of the logs under /var/log/ but i'm not really sure where else to look.

    Please help! Any direction would be appreciated.


  • Rebel Alliance Developer Netgate

    Are you using Limiters?

    There are a few bugs related to crashes such as that which have been fixed on 2.2.3. You could try a 2.2.3 snapshot, which at this point should be more stable than 2.2.2 in many if not all areas.



  • On 2.2.2, limiters should just hang the secondary at worst, but if you are using them that's a good place to start troubleshooting. Remove limiters from all your firewall rules, and see if it's still replicable.

    If you're not using limiters, could you get me a copy of your config?



  • After talking with pfsense tech support, we have downgraded to 2.1.5. Unfortunately our setup requires we have redundant firewalls and use limiters, so waiting it out wasn't an option. We are looking forward to upgrading again once the bugs are worked out, we loved all of the new features.

    We still love pfSense!

    Thank you!
    Bill



  • I have had a similar issue, seemingly out of nowhere, with my master that was running 2.2 and my slave at 2.2.2 for a couple weeks (until Sunday afternoon).  Master affected with very slow performance, both throughput and it's own web interface.  I do not use any limiters, but I do use BGP.  I will also downgrade to 2.1.5.


Log in to reply