ATT Uverse RG Bypass (0.2 BTC)
-
That's actually the issue that has been going on. That's why i haven't upgraded yet, i noticed in the github issues. There hasn't been an update in a bit. I was waiting for the next incremental release to see if anything changes.
-
And just FYI, 2.5.1 doesn't fix the wpa supplicant CPU locked at 100% problem. But so far, no mbuf panic either.
-
I think I may have figured out the problem. See here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252844 It seems this is the likely issue with the wpa-supplicant running at 100%, since we start it before the routing table is populated as well. The fix there would may solve our problem as well.
-
@fresnoboy said in ATT Uverse RG Bypass (0.2 BTC):
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252844
So does the kill and restart of supplicant fix the issue?
-
@fresnoboy I did notice this as well after upgrading, but I simply killed & restarted wpa_supplicant and things seem to be holding fine. I’ve not rebooted the box since then, so perhaps I’ll re-encounter it at such a time. Things are still working at the moment, so I’m inclined to just not touch anything, but if there’s a fix to test ping me and I can take a look.
-
@fresnoboy have you looked into applying the patch to pfs or would that not be easy/possible?
-
I haven't tried it yet. I don't have a build environment for PFSense set up (I do have a FreeBSD VM I can play with), but the patch there looks like it's been committed to the production environment, so it should be easy for the Netgate guys to cherry pick this and include it in a beta update.
Anyone from Netgate want to comment?
-
I have written a list of easy mitigation steps for cpu usage issue. Credits go to all ppl who root caused the issue.
https://github.com/MonkWho/pfatt/issues/41#issuecomment-830450022
-
Do you have steps of how to get vlan0 working on esxi?
-
@netnerdy Thanks, that was the one hurdle which was keeping me from upgrading.
-
You need to create a new switch (it can't be the same switch as your LAN). For the Switch, set the VLAN ID to (0) None. This will strip the VLAN tags off that interface. Make sure your physical adapter is mapped to that switch, and then connect that WAN switch to an interface on your PFSense VM. Enjoy.
BTW, the snapshotting feature is super useful when updates are having issues. :)
-
Do you still use ngeth with this method? I was assuming that ngeth wouldn't be necessary in this case. I couldn't get wpa_supplicant to work with virtualized interface. It only works when I pci passthrough the raw device.
-
I run virtualized and have no need for ngeth. I think if you are using the WPA supplicant mode, and clear the vlan 0 issue, then you don't need ngeth at all.
-
I use a Netgate SG-3100 which runs ARM7 32-bit . Wondering if anyone has/can compile this same fix for that platform. Would be great to have this.
Right now I have 1 core at constant 100% CPU, and I can't downgrade on this platform easily.
-
@slushieken maybe this might help? http://www.macfreek.nl/memory/FreeBSD_kernel_cross-compiling
-
Can you send support @Netgate a request to get a the cherry picked patch put into the main distribution? They really should just put the fix into the next release of the code so folks don't have to manually patch it, esp for appliance users.
-
@fresnoboy said in ATT Uverse RG Bypass (0.2 BTC):
Can you send support @Netgate a request to get a the cherry picked patch put into the main distribution? They really should just put the fix into the next release of the code so folks don't have to manually patch it, esp for appliance users.
How do I reach them? I don't have a paid support package...
--Edit-- I figured it out and opened a ticket. I'll reply with any feedback.
-
It looks like it should be possible to include this, it's a one line patch, but because it's not in 12-stable we would need to review what impact it might have.
Steve
-
Thanks for looking into this. It would be a blessing to many users to get this incorporated, but especially those on your appliances, as it's more painful to build a manual patch for them.
The patch has been successfully installed on many user's machines and had no issues reported so far.
Please let us know what you guys decide.
-
When you say 'patch' I assume you mean the patched SSL libs since this is not something that can be patched on an installed system directly.