Bug #5921
closed
Freeze when Gateway goes down
0%
Description
I have one failover group, tier 1 is WAN, tier 2 is another Gateway(Router) on the LAN.
As you can see in the logs attached (sort by time first) The trouble more or less starts when "LTE" goes down.
Things are getting reloaded and the last log message that the firewall sends out is "restarting IPsec" and "reloading filter". The box jumps to 100% CPU and never really recovers.
It's unresponsive to anything, no lan(ping), no console, no nothing.
No VPN, be it ipsec or openvpn uses the gateway group, they are all configured to WAN. There also is some mentioning of dyndns updating for LTE but all dyndns entries are deactivated in the webconfig.
I don't know why it reloads everything in the first place but the crash shouldn't happen anyways
Files
| pfSense.png (135 KB) pfSense.png | jumps to 100% CPU | ||
| graylog-searchresult (2).csv (205 KB) graylog-searchresult (2).csv | log 1 prior freeze | ||
| graylog-searchresult (5).csv (259 KB) graylog-searchresult (5).csv | log 2 prior freeze |
Updated by Chris Buechler about 8 years ago
- Status changed from New to Feedback
- Priority changed from Very High to Normal
going to need more than that to go on, it's certainly not replicable to freeze a machine when a gateway goes down. Nothing in the logs is indicative of any problem. The dyndns update log happens whether or not you have any enabled or configured, just a notice that it's checking if there are any to update.
What's using the CPU? What does top show when it's at 100% CPU?
Updated by Joel Linn about 8 years ago
It must be something with high priority because I am unable to operate a console. It just doesn't response to keyboard input for at least minutes.
The Box is running on XenServer and I use PCI passthrough for the Intel Dual NIC. Right now I am tempted to blame a faulty NIC to cause this but I am not sure and can't test with a second one.
Updated by Chris Buechler about 8 years ago
- Status changed from Feedback to Not a Bug
Doesn't seem to be any bug here. If you find specifics showing otherwise, please follow up.