Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - epionier

Pages: 1 [2] 3 4 5
I tried 2.4 Alpha testwise with latest Hyper-V Server 2016 TP5 as a Gen2 VM with Safe Boot disabled. ISO file:


When I power the VM on it displays the start screen of pfSense but when I try to install (Multi User and Single User) it is loading the kernel for one line and then the VM reboots and back to the start screen (loop). I tried all options but it will not go further.

How did you manage to get to the partition screen? Do you have a HDD already integrated in the VM?

Deutsch / Re: Virtualisierte pfSense frißt CPU?
« on: August 05, 2016, 12:46:28 pm »
Ich würde mal mit den erweiterten Netzwerkeinstellungen variieren, also TSO, LTO, Hardware offloading etc.

Deutsch / Re: Virtualisierte pfSense frißt CPU?
« on: August 04, 2016, 01:32:54 pm »
Kenne mich mit KVM nicht aus und würde dir als Hypervisor statt KVM zum Wechsel zur kostenfreien ESXI 6.0 Version anraten, die für deinen Zwecke alles abdeckt und kostenfrei ist.

Ansonsten würde ich versuchen bezüglich LAN-Ports kein Passthrough verwenden, sondern virtualisierte Netzwerkkarten.

Bei ESXI verwende ich statt den E1000 die VmxNet3 Treiber.


we are currently using ESXI 6.0 (without SR-IOV) and want to change to Hyper-V Standalone Hypervisor when Server 2016 will be released.

I read a lot about pfSense under Hyper-V but in respect to SR-IOV some questions remain. We could not use this feature under ESXI 6.0 because the igb-driver for the network adapter (Intel i350-T4) does not support SR-IOV.

In pfSense I will use under Hyper-V two non-legacy "NICS" of an Intel i350-T4, one bound to an external "WAN"-vSwitch and one to a external "LAN"-vSwitch. The management will be excluded from these vSwitches.

Upon creation of the vSwitches the decision has to made to use SR-IOV or not. So does pfSense current version support SR-IOV?
According to Intel:
FreeBSD is not listed as a supported Guest OS but there are virtual function drivers for FreeBSD (?)

If it is supported is there any configuration needed under pfSense settings?

If it is not supported are there any problems connecting pfSense to a vSwitch with SR-IOV activated (for other Windows Guests)?
Edit: This is resolved because I just saw that SR-IOV has not only to be activated on the vSwitch but also in the network adapter in the VM.

Kindly appreciated some help by some experienced Hyper-V users.

Thx for your statement and good to know. I assumed there will be a lot of releases in-between like with 2.2 version.


I noticed that under listed Feature #4044 in the upcoming version 2.4:

there will be support for Gen 2 virtual machines under Hyper-V. According to Chris Buechler this is resolved now so I wonder if this will maybe find its way already in version 2.3.2 or 2.3.3?

We are moving from ESXI to Hyper-V soon and Gen 2 support would be great especially in regards of the networking adapters (I know that I don`t have to use legacy network adapters anymore).

Perhaps this is just a small fix and not due to a later FreeBSD version and so an implementation could be earlier because 2.4 is so far away ;D

We do not need to do anything but you do:

System -> Advanced -> Miscellaneous -> Cryptographic & Thermal Hardware -> Cryptographic Hardware -> AES-NI

by the way, wrong group :)

IDS/IPS / Snort process runs crazy when WAN IP (PPPoE) reconnects
« on: June 06, 2016, 06:21:46 pm »

unfortunately I am having a problem with SNORT and I cannot find a solution.

I posted my problem in "General Questions" first but I can nail it down to misbehavior of the snort process that is why I am asking in this section again if anyone has the same problem - or better the solution - because it drives me crazy. Here is more information of my problem:

I am running pfSense 2.3.1_1 on ESXI 6.0 as a VM (v11). 1 vCPU (Xeon L5640) and 2 NICs (VMXNET3).

The vSwitch of ESXI is for WAN port set to allow promiscuous mode.

SNORT is activated for WAN port.

Every night when PPPoE reconnects on 0:10 my snort process runs crazy so that CPU usage is 100%. pfSense is still working (like IPSec and Squid) but I am unable to log in via Web Interface or Console/SSH and the CPU remains on 100% for hours. On the console I only see the line:
"*** Welcome to pfSense 2.3.1-RELEASE-p1 (amd64 full-install) on firewall ***" and nothing more (like the selection) so mostly I am unable to access the Shell to kill the snort process.

I tried to enable/disable TSO+LRO+device polling under "Advanced Networking" in all kind of combinations (with reboot) but the problem remains.

I also changed the NIC for WAN to an Intel i350 NIC but the problem remains.

I have to reboot pfSense to get it working properly again until the next WAN reconnect or - when I was already in the SHELL via Console - I can solve the problem temporarely by killing the snort process (kill -9 Snort_PID) and CPU is immediately going down to 0% again.

Pattern match is AC-BNFA and Barnyard2 is disabled. RAM is more than sufficient.
I can post more information about configuration/etc. when needed.

I also tried to uninstall SNORT (including configuration) and reinstalled it freshly but the problem remains.
(Also not all configuration is deleted this way, e.g. the Oinkmaster code for Snort VRT rules is still listed in the text field after the fresh reinstall.)

Does anyone has a clue how to fix this?

IPsec / Re: IPSec - Mobile Clients - wrong subnet bug?
« on: June 04, 2016, 07:03:54 am »
Ok I understand, so in consequence this assures that all traffic of a IPSec client is routed by pfSense and that there is no "direct" connection between those clients.

IPsec / IPSec - Mobile Clients - wrong subnet bug?
« on: June 03, 2016, 02:23:07 pm »

I am using IPSec IKEv2 MSCHAPv2 on pfSense 2.3.1_1 and everything is working fine. I am just wondering about the subnet that is used. In the "mobile clients" section I set "provide a virtual IP to clients" and it set it to in the text field an 24 in the selection. So usually a mobile client should receive an IP/subnet.

When I check Status->IPSec with one client connected it says in the lower "show child entries" that the IP/subnet of the connected client is

Why is there a 32 subnet instead of a 24 subnet?

General Questions / Re: 100% CPU problem with pfSense 2.3
« on: May 24, 2016, 02:46:48 am »
I don`t belive so because the process connected with the WAN IP reconnect is a script that is loaded when IP changes. Also when the VM starts. I believe the problem is in the script or in the (startup/reload) script the script invokes itself (maybe in conjunction with the snort process).

I listed here: my cronjobs that are directly related with snort and snort2c. Perhaps you could compare to yours if they are identical because they were set automatically.

General Questions / Re: 100% CPU problem with pfSense 2.3
« on: May 22, 2016, 05:44:10 pm »

Thank you for your explanation. Some days have passed since then and I have the following experiences:

1. I generally run into the 100% CPU problem when pfSense is shutdown and restarted after a couple of minutes. I changed my sort of backup (pfSense is a VM) that it backups from a snapshot and does not power off in advance and restarts pfSense after backup. But this just a workaround and not a permanent solution in my opinion. I strongly believe the CPU problem is mainly due to SNORT (see 3.)

2. The (2nd) problem still remains that SNORT is not properly re-activated when WAN IP changes. E.g. I just looked in the system logs and the WAN IP changed 3 hours ago because of the 24h provider disconnection. Since then there is no SNORT alert (which usually are in an interval of approx. 5 min) in the system logs. The script /rc.newwanip did not restart snort at all, there is no entry for snort in the system logs but the ("old") snort process is still running according to TOP.

3. After snort did not re-activate I manually restarted snort via Services->Snort->Reload. And the CPU went to 100% again. I noticed that a second snort service started and CPU is almost 100% for this process. The second snort process is 0% CPU. But after minute it changed and two processes "sh" took almost 80% of the CPU and the remaining 20% by snort. Some minutes later one "sh" process is 0% but a "cat /tmp/tmpHOSTS" process is using 70% (20% snort, 10% remaining sh process) and a further couple of minutes later the second sh process is 0% too and a "sleep 55" process is using 70%CPU (20% snort, 10% cat). And then CPU usage changes between cat, sleep and snort and so on. Sometimes there are a couple of processes "/usr/local/bin/php -f /usr/local/pkg/snort/" active, too (in total >10%). The CPU does not lower but when I kill the snort process with its PID (kill -9 PID) the CPU goes down to 0%.

Maybe this information helps with improving the scripts.

Messages from the pfSense Team / Re: 2.3.1-RELEASE Now Available!
« on: May 18, 2016, 04:55:44 pm »
Good work! Thanks for your efforts!

Ok, die von mir genannten Einstellungen hatten bei mir funktioniert. Wenn du AES256 bei Phase 2 möchtest, dann wähle dies aus und markiere SHA1+SHA256. Ansonsten ist AES128 auch völlig ausreichend.

General Questions / Re: 100% CPU problem with pfSense 2.3
« on: May 17, 2016, 04:08:16 am »

The SSD disk partition is 15GB with 18% in use. RAM disks are not in use neither for /tmp nor /var.
Here are actual stats of my pfsense having a good life ;) :

MBUF Usage   4%   1016/26584
Load average   0.12, 0.07, 0.07
CPU usage   6%
Memory usage   23% of 3037 MiB
SWAP usage   0% of 4095 MiB
Disk usage ( / )   18% of 15GiB - ufs
Disk usage ( /var/run )   4% of 3.4MiB - ufs in RAM

I reduced the RAM to 3GB to try something but as I found out RAM is not the issue. The issue is mostly connected when pfSense reboots / WAN Ip changes or when I re-activate snort services (because of not being "really" active).

A backup of the pfSense VM is done every workday, like last night. The VM is powered off in advance (Open-VM-Tools installed) und is being restarted after the Backup. When I checked it last night after the backup I noticed that the CPU hits again 100%. So I rebooted via Vmware ESXI Manager (connected via IPSec) and quickly started "top -aSH" in the shell and the CPU went striaght to 100% again.

I noticed that there were two identical snort processes running which is the first point I cannot explain. And the CPU main usage changed between the two snort processes and the process "currentipsecpinghosts" and "netstat". I took a picture of that:

As I said sometimes the both snort processes mainly used the cpu and then it changed to the other mentioned processes and back again, but CPU was always 100%.

Pages: 1 [2] 3 4 5