2.3 virtual machine: frequent hangs



  • After upgrading from 2.2.6 to 2.3 (i386) my pfSense machine, which is a virtual machine (VM) on an IBM x3650 server with VMware ESXi v.4.1, "hangs" frequently.  The mean time beetween hangs is about 2 - 3 days, compared to weeks (maybe months) on 2.2.6. It never hangs on ealier versions of pfSense.

    By "hanging" I mean it completely stops working – there're no traffic passing, no routings, no responses from the Web UI, the SSH console or the local console, absolutely nothing. The only sign of life is the system load graph from VMware ESXi control panel: one vCPU is full-loaded (i.e. 100%), and the other vCPU is idle (i.e. 0% load). The pfSense VM has two vCPU's.

    Anyone who experienced similar problem? Any suggestion?



  • you should update to esxi 5.5 or newer. 4.x is known to be unstable/have issues since pfSense 2.1.x

    Also, its advised to run amd64 versions of pfSense if you can.



  • Seriously.  ESXi standalone is free so there is no excuse to not stay current.  Same with i386 builds of pfSense.  Go to x64.


  • LAYER 8 Global Moderator

    esxi 4.1???  Pfsense which is freebsd based, and current versions are not supported on that old of setup.  Freebsd 10.1 was not supported until 5.5u2

    While it might run, wmware does not support the OS on that old of platform..  I would suggest if you want help to get current… then more than happy to help you.  Been running pfsense for years on esxi without any issues.. Runs and Runs and Runs..

    I am running 6u2 on very low end hardware hp n40l and handles running 2.3 pfsense just fine..



  • Quite possible you're having an issue because of the old ESX version, it should definitely be upgraded.

    That said you might be hitting another issue I'm working on tracking down. Do you have IPsec enabled?



  • @heper, KOM, johnpoz, cmb: thank you. I didn't know that later pfSense/FreeBSD versions are not supported under ESXi 4.x. I'll upgrade ESXi.

    Unfortunately upgrading ESXi is a long process it'll take (me) months to complete and I still need a workaround for pfSense meantime. Any suggestion on what could cause the hang or how to identify it?

    I've reduced VM configuration to single vCPU. Will report back if it works.

    @cmb:

    That said you might be hitting another issue I'm working on tracking down. Do you have IPsec enabled?

    Yes, I do. I use site-to-site IPsec, host-to-site OpenVPN, HFSC traffic shaping. My pfSense VM is in single-LAN multi-WAN configuration. The WAN interface is configured for DHCP and isn't NAT'ed. The OPTx interfaces are PPPoE and NAT'ed.



  • It's likely that changing it to 1 vCPU will work around the problem for now.
    https://forum.pfsense.org/index.php?topic=110710.msg618388#msg618388



  • Thanks. It's 9 days since the last reboot and it's still running smoothly. I therefore confirm that the single vCPU trick works.


  • LAYER 8 Global Moderator

    "months to complete"

    How is that.. Do you have hundreds of hosts?  All running 4.1??  Why were they not updated when newer versions came out??  Looks like that last patch that was released for 4.1 was ESXi410-201404001, back early 2014..  May of 2014 was the end of general support, shoot all support ends in a few days.

    You should of been moving away from 4.1 back in 2014 at the latest…



  • No I have few hosts and about a dozen VMs per host.

    At least two month for setting up a ESXi 6.x test lab, getting familiar with it and preparing the upgrade procedure.

    At least one month for actual upgrading (preparing some temporary hosts, evacuating VMs to the temp. hosts, installing the new ESXi on the original hosts, and backward migration).


  • LAYER 8 Global Moderator

    All of which should of been done back in late 2013 or first thing in 2014 as 4.1 was coming to an end of its life cycle..

    As to installing 6 on the existing hosts.. I have to assume this hardware was around when 4.1 came out since you don't seem to update… So more than likely since 4.1 came out in 2010.. I would guess prob time to refesh this hardware anyway... ;)  Don't you think 6 years is over refresh time?



  • Actually the hardware was purchased in 2008.

    I've considered upgrading several times (e.g. to 5.0 and 5.5) but decided not to due to performance of the migration utility (VMware Converter). For 5.x it's much slower compared to 4.x.

    And also, we still use Windows XP, where newer versions of the host control utility (VMware vSphere client) doesn't seem to run smoothly.


Log in to reply