Crashing often after 2.2.5 and 2.2.6



  • I was on 2.2.3 for a long time without and crashes.  I upgraded to 2.2.5 and then 2.2.6.  Once I was on 2.2.5 I started to see issues with crashes.  I still encounter them with 2.2.6
    I have uploaded the crash dump from 71.193.74.9 at 8:22 am CST.

    Is there someone that could take a look and see what might be happening?



  • You uploaded a crash dump? Is that some pfSense Gold feature?



  • I don't believe so.  When you log in to the GUI after a crash there is a link with the option to upload the data.



  • The crash is in IPsec. That's the same issue as here.
    https://forum.pfsense.org/index.php?topic=99733.msg555655
    which we've never found the specific source of to back port, but it's something that's fixed in FreeBSD 10-STABLE (and hence 2.3). Not likely there will be another 2.2.x release. As often as you seem to be hitting it (once a day it seems from the crash reports), it may be worth trying 2.3 if you can mitigate the risks inherent in running a development version in your environment (if it works initially, it almost certainly won't stop working). Otherwise if you can switch from IPsec to OpenVPN or something else, that'll prevent hitting that issue.

    @Nullity:

    You uploaded a crash dump? Is that some pfSense Gold feature?

    No, crash reporting has existed for everyone for a few years. You'll be prompted to submit if you have a crash dump.



  • Thanks for looking at that.  I will see if I can move to 2.3.



  • Good morning. We have three pfSense firewalls which we upgraded from 2.1.5 to 2.2.5. Two went smoothly and one went two days without a hitch and then crashed. It crashed once or twice the next day and then got "crash happy". One of the other physical firewalls is the same hardware as the crash happy box. Same bios settings, versions, etc. We also have a spare at the site that is crash happy in case anything happens to the hardware. I went ahead and built a fresh version of the firewall and then loaded the backup config onto the firewall. (Netgate C2758) That unit also crashed. I reloaded fresh 2.1.5 and restored the config file from before the upgrade. It was rock solid stable for the last 2 weeks+. I built a fresh 2.2.6 install and manually set up all of the configs hoping that something was corrupted in the upgraded  config file. The firewall made it 2 hours before crashing so badly it did not build a crash dump and reboot. Back to 2.1.5. I have a ticket submitted currently and working through the process. All three firewalls are configured the same each with 2 active iPSec vpn connections to the 2 other offices. The other two have been fine. The "primary" crash happy firewall has additional virtual ips and 1:1 NAts on it (6). Both physical boxes in the primary crash happy site have had 2.2.5 loaded and both crashed.  I just wanted to get this posted out there so people could see it, as it sounds like there are major issues with ipsec vpns on 2.2.5 and 2.2.6. I do not agree that we should all wait for 2.3 or run 2.3 as a dev instance in production. I believe the issue should be patched in the 2.2.x tree as running to 2.3 may introduce other issues.



  • @tuscany22:

    I just wanted to get this posted out there so people could see it, as it sounds like there are major issues with ipsec vpns on 2.2.5 and 2.2.6. I do not agree that we should all wait for 2.3 or run 2.3 as a dev instance in production. I believe the issue should be patched in the 2.2.x tree as running to 2.3 may introduce other issues.

    pfSense 2.3 is based on FreeBSD 10.2-STABLE, which is FreeBSD 10.x some time after 10.2-RELEASE. pfSense 2.2.x is based on FreeBSD 10.1-RELEASE. This means there are a fair number of changes in the base operating system between the two versions. With no clear idea what triggers the crash and which FreeBSD change(s) would need backporting to the 10.1-RELEASE build used in 2.2.x to fix it, there's really not a lot that can be done. The vast amount of effort needed to bisect the issue really cannot be justified considering that a further 2.2.x release is unlikely and 2.3 is probably no more than a week or two from beta.

    Apart from packages, many of which still need some work, 2.3 is already very accomplished. It is only the packages situation that is stopping me from running 2.3 in production today.


Log in to reply