Bug #16148
closed
OpenVPN socket listen queue overflow in pfSense 2.7.2
0%
Description
We have been running pfSense CE for several years with multiple OpenVPN server instances (5+), and everything worked flawlessly until recently. After upgrading to version 2.7.2-RELEASE, we started encountering recurring Listen queue overflow kernel messages related to OpenVPN Unix sockets.
Relevant kernel log entries:
sonewconn: pcb 0xfffff80051466600 (local:/var/etc/openvpn/server2/sock): Listen queue overflow: 2 already in queue awaiting acceptance
sonewconn: pcb 0xfffff8001000be00 (local:/var/etc/openvpn/server8/sock): Listen queue overflow: 2 already in queue awaiting acceptance
We attempted the following mitigation:
Set kern.ipc.soacceptqueue=1024 via System > Advanced > System Tunables
Also added the same setting to /boot/loader.conf.local and rebooted
However, the issue persists.
System specs:
10 CPU cores
16 GB RAM
Resource usage is not maxed out
vmstat -z shows no mbuf depletion
We also noticed that the pfSense WebGUI has become significantly slower to load around the same time this started happening, possibly related.
Please advise if this is a known issue and whether a fix is included in the upcoming 2.8 release. Let us know if you need additional logs, diagnostic outputs, or test feedback.
Thanks in advance.
Updated by Jim Pingle 18 days ago
- Status changed from New to Rejected
- Priority changed from Urgent to Normal
That particular error is on the management socket, so it could be from too many things in the GUI polling status for example (multiple people watching the dashboard, status page, etc.)
There isn't enough information to say for sure what might be happening and so much has changed on 2.8 it's likely already fixed, so you should try that and report back on the forum.
If you can find a way to replicate the problem on 2.8 we can take a deeper look into what might be happening.