Pfsense 1.2 stable with IPSEC trough WAN 100Mbps reboots the box
-
Hey guys i was doing some performance tests today and found something pretty disturbing hehe i grabbed one of those Watchguard firefox x edge (low-end model) and put that on one end of an IPSEC tunnel, and a pfsense box with an alix board on the other. The tunnel went up and was working but as soon as i tried to make a huge transfer of files he pfsense box just hangs and reboots itself, it happened all the times i tried.
I understand that amount of traffic could be too much but is just ridiculous that could make the pfsense box die. Surprisingly the watchguard mini appliance took it like a man. I was convinced that test would give exactly the opposite result … :(
So... what do you think?
A misconfiguration of my part?
Watchguard specs
Proc: Not sure probably 200-266Mhz
Mem:128pfsense box specs
Proc: Geode AMD 500Mhz
Mem: 256IPSEC SPECS
Phase 1
md5-3desPhase 2
md5-3des-pfs
-
I ran into a similar issue when testing with the old WRAP boards. When I setup an IPSEC VPN between a box with a crypto card, and one without a crypto card, it would crash the one without a crypto card. I bet that Watchguard has some sort of encryption offloading. Drop a Soekris crypto card in the pfSense box and it should be way faster than the Watchguard.
-
I've beaten the hell out of a WRAP with a Xeon server as the other end point and it was never unstable. That sounds like an ALIX, which I haven't put through the same rigor yet.
It's kernel panicing, so you're hitting either some sort of FreeBSD bug or hardware problem. Can you follow this:
http://devwiki.pfsense.org/ObtainingPanicInfoForDevelopersand get us the results from when it panics? Assuming you can reliably replicate it, or at least replicate it once. you can email it to me (cmb@pfsense.org), it'll be pretty long.