Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense 2.2.4 auf Watchguard X550e im Cluster verliert Netwerkfunktion

    Scheduled Pinned Locked Moved Deutsch
    3 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjaninhoff
      last edited by

      Ich habe hier PFsense auf 2x Watchguard x550 aufgesetzt.
      Version 2.2.4-Release i386 nanobsd (4g)

      Auf jewals auf 4 GB CF Card. Watchguard Bios Update ist eingespielt.

      Carp läuft.
      alle 4 Netzwerkkarten haben konfig (WAN, LAN, DMZ, CLUSTER)
      Nun zu meiner Frage.

      nach etwas Laufzeit ist erst das Lan nicht erreichbar auf einer pfsense, dann irgendwann Wan, DMZ und zu guterletzt auch Cluster.  :'(
      Reboot geht wieder alles.
      Aktuell hatte  das erst Box 1 und dann anschließend ein paar Stunden später auch Box 2.
      Ende war keines der Interface mehr erreichbar.

      Wenn man mit der Console verbunden ist und zum Beispiel versucht per Ping einen Host im gleichen Segment an spricht kommt "ping: sendto: No route to host".
      Die lokale Adresse der verbundenen Box kann man erreichen.

      Reboot behebt die Probleme.
      Was auch geht hilft , per "#ifconfig sk1 down & ifconfig sk1 up" aber das ist ja alles keine echte Alternative

      /boot/loader.conf:
      loader_color="NO"
      console=comconsole
      autoboot_delay="5"
      beastie_disable="YES"
      vm.kmem_size="435544320"
      vm.kmem_size_max="535544320"
      hw.usb.no_pf="1"
      hint.ata.0.mode=PIO4
      if_sk_load="yes"

      Services:
      apinger Gateway Monitoring Daemon
      lcdproc LCD Driver
      ntpd         NTP clock sync
      sshd    Secure Shell Daemon
      unbound DNS Resolver

      Installend Packages:
      LCDproc-dev

      Gerade wieder passiert hier die letzten Infos aus dmesg:

      k0: promiscuous mode disabled
sk0: promiscuous mode enabled
carp: VHID 2@sk0: INIT -> BACKUP
carp: VHID 2@sk0: BACKUP -> MASTER (preempting a slower master)
carp: VHID 3@sk2: MASTER -> BACKUP (more frequent advertisement received)
carp: VHID 1@sk1: MASTER -> BACKUP (more frequent advertisement received)
carp: VHID 2@sk0: MASTER -> BACKUP (more frequent advertisement received)
carp: VHID 3@sk2: BACKUP -> MASTER (preempting a slower master)
carp: VHID 2@sk0: BACKUP -> MASTER (preempting a slower master)
arp: xxx.xxx.xxx.xxx moved from 00:00:5e:00:01:03 to 00:90:7f:42:7b:b7 on sk2
carp: VHID 1@sk1: BACKUP -> MASTER (master down)
arp: xxx.xxx.xxx.xxx moved from 00:00:5e:00:01:01 to 00:90:7f:42:7b:b8 on sk1
sk3: link state changed to DOWN
sk3: link state changed to UP
sk3: link state changed to DOWN
sk3: link state changed to UP
carp: VHID 1@sk1: MASTER -> BACKUP (more frequent advertisement received)
carp: VHID 2@sk0: MASTER -> BACKUP (more frequent advertisement received)
arp: xxx.xxx.xxx.xxx moved from 00:90:7f:42:7b:b9 to 00:00:5e:00:01:02 on sk0
carp: VHID 3@sk2: MASTER -> BACKUP (more frequent advertisement received)
carp: VHID 2@sk0: BACKUP -> MASTER (master down)
carp: VHID 2@sk0: MASTER -> BACKUP (more frequent advertisement received)
carp: demoted by 240 to 240 (interface down)
sk0: link state changed to DOWN
carp: demoted by 240 to 480 (interface down)
sk2: link state changed to DOWN
carp: demoted by 240 to 720 (interface down)
sk1: link state changed to DOWN
sk3: link state changed to DOWN
ifa_del_loopback_route: deletion failed: 3
carp: VHID 1@sk1: INIT -> BACKUP
carp: demoted by -240 to 480 (interface up)
sk1: link state changed to UP
carp: VHID 1@sk1: BACKUP -> MASTER (master down)
sk3: link state changed to UP
sk3: link state changed to DOWN
sk3: link state changed to UP
carp: VHID 1@sk1: INIT -> BACKUP
carp: VHID 1@sk1: INIT -> BACKUP
carp: VHID 1@sk1: BACKUP -> MASTER (master down)
ifa_add_loopback_route: insertion failed: 17
carp: VHID 1@sk1: INIT -> BACKUP
carp: demoted by 240 to 720 (interface down)
sk1: link state changed to DOWN
carp: VHID 1@sk1: INIT -> BACKUP
carp: demoted by -240 to 480 (interface up)
sk1: link state changed to UP
carp: VHID 1@sk1: BACKUP -> MASTER (master down)
ifa_add_loopback_route: insertion failed: 17
sk3: link state changed to DOWN
sk3: link state changed to UP
sk3: link state changed to DOWN
sk3: link state changed to UP
carp: VHID 1@sk1: MASTER -> BACKUP (more frequent advertisement received)
carp: VHID 2@sk0: INIT -> BACKUP
carp: demoted by -240 to 240 (interface up)
sk0: link state changed to UP
ifa_del_loopback_route: deletion failed: 3
carp: demoted by -240 to 0 (vhid removed)
sk2: promiscuous mode disabled
sk2: promiscuous mode enabled
carp: demoted by 240 to 240 (interface down)
carp: demoted by 240 to 480 (interface down)
sk1: link state changed to DOWN
carp: VHID 3@sk2: INIT -> BACKUP
carp: demoted by -240 to 240 (interface up)
sk2: link state changed to UP
carp: VHID 1@sk1: INIT -> BACKUP
carp: demoted by -240 to 0 (interface up)
sk1: link state changed to UP
carp: demoted by 240 to 240 (interface down)
sk0: link state changed to DOWN
sonewconn: pcb 0xc73ea6e4: Listen queue overflow: 2 already in queue awaiting acceptance (1 occurrences)
carp: VHID 2@sk0: INIT -> BACKUP
carp: demoted by -240 to 0 (interface up)
sk0: link state changed to UP
carp: demoted by 240 to 240 (interface down)
sk0: link state changed to DOWN
sk3: link state changed to DOWN
sk3: link state changed to UP
carp: VHID 2@sk0: INIT -> BACKUP
carp: demoted by -240 to 0 (interface up)
sk0: link state changed to UP
carp: demoted by 240 to 240 (interface down)
sk2: link state changed to DOWN
carp: demoted by 240 to 480 (interface down)
sk0: link state changed to DOWN
carp: demoted by 240 to 720 (interface down)
sk1: link state changed to DOWN
sk3: link state changed to DOWN


      Sep 4 12:39:54	check_reload_status: Carp backup event
Sep 4 12:39:54	kernel: carp: demoted by 240 to 480 (interface down)
Sep 4 12:39:54	kernel: sk0: link state changed to DOWN
Sep 4 12:39:54	check_reload_status: Linkup starting sk0
Sep 4 12:39:56	php-fpm[93761]: /rc.carpbackup: Carp cluster member "xxx.xxx.xxx.xxx - WAN Gateway IP (2@sk0)" has resumed the state "BACKUP" for vhid 2@sk0
Sep 4 12:39:56	php-fpm[93761]: /rc.linkup: Hotplug event detected for WAN(wan) but ignoring since interface is configured with static IP (xxx.xxx.xxx.xxx  )
Sep 4 12:40:14	check_reload_status: updating dyndns WANGW
Sep 4 12:40:14	check_reload_status: Restarting ipsec tunnels
Sep 4 12:40:14	check_reload_status: Restarting OpenVPN tunnels/interfaces
Sep 4 12:40:14	check_reload_status: Reloading filter
Sep 4 12:40:23	check_reload_status: Carp backup event
Sep 4 12:40:23	kernel: carp: demoted by 240 to 720 (interface down)
Sep 4 12:40:23	kernel: sk1: link state changed to DOWN
Sep 4 12:40:23	check_reload_status: Linkup starting sk1
Sep 4 12:40:24	php-fpm[52693]: /rc.carpbackup: Carp cluster member "xxx.xxx.xxx.xxx  - Lan Gateway IP (1@sk1)" has resumed the state "BACKUP" for vhid 1@sk1
Sep 4 12:40:24	php-fpm[52693]: /rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (xxx.xxx.xxx.xxx )
Sep 4 13:11:17	check_reload_status: Linkup starting sk3

      Danke im Vorraus!

      1 Reply Last reply Reply Quote 0
      • D
        dkrizic
        last edited by

        Wie im US-Thread beschrieben, das Problem habe ich auch seit pfSense auf BSD 10.1. Ein Workaround ist es, die Interfaces hart auf 100baseTX zu setzen (statt 1000baseTX). Damit sind die Interfaces zwar nur 100MBit/s langsam, aber dafür stabil.

        1 Reply Last reply Reply Quote 0
        • H
          heiko3001
          last edited by

          Deinstalliere mal den LCD Displaydriver (schade ums Display) aber dann wird es sauber laufen, ich habe aktuell auch dieses Problem und nachdem ich nach langem Suchen das LCD Package deinstalliert habe, läuft es stabil mit 1000 Mbit.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.