pfSense Support Subscription

Author Topic: 2.0.1 - HUGE session usage?  (Read 196 times)

0 Members and 1 Guest are viewing this topic.

Offline Lectrician

  • Full Member
  • ***
  • Posts: 169
  • Karma: +3/-0
    • View Profile
2.0.1 - HUGE session usage?
« on: September 11, 2017, 01:14:52 pm »
Hi.

I have three sites, three PFSense firewalls, 3 Draytek routers.

The PFSense firewall provides guest WiFi on the three sites.

All have been running fine for years.

One site now is running slow, both on the PFSense network and the other network fed from the router.
On looking in the router stats, 150,000 sessions in use out of an available 50,000!  Rebooting cures it for a few hours.
The 150,000 sessions are from the PFSenses WAN IP.

The Captive Portal only has around 15-20 users concurrently.

How do I go about narrowing this problem down?

I am not sure on the best course of action to trace this massive usage?

Thanks!!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14265
  • Karma: +1329/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: 2.0.1 - HUGE session usage?
« Reply #1 on: September 11, 2017, 01:20:12 pm »
First thing I would suggest is move your pfsense to currently support version.. 2.0.1 is from 2011-12-20

Once your on a current support version 2.2 or higher.. I would highly suggest current which is 2.3.4p1

Then you can look into what is eating up your states, and then either allow for more or fix whatever it is creating them.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline Lectrician

  • Full Member
  • ***
  • Posts: 169
  • Karma: +3/-0
    • View Profile
Re: 2.0.1 - HUGE session usage?
« Reply #2 on: September 11, 2017, 01:42:48 pm »
I know I need to upgrade, but had modded the original installs to include captive portal pages which take username, email, postcode and write these into a database.  I need to find time to add these mods to a more recent version.

Is there anything I can do to search for the session hungry resource?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14265
  • Karma: +1329/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: 2.0.1 - HUGE session usage?
« Reply #3 on: September 11, 2017, 01:50:13 pm »
Well what IP is creating the states?  What does your state table look like?

Have not used 2.0.1 in 6 some years.  But in current you can dump the state table from diagnostic menu..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline beatvjiking

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: 2.0.1 - HUGE session usage?
« Reply #4 on: September 12, 2017, 04:08:27 pm »
One thing that can help is setting the "max src. states" in your LAN-side allow rule(s) to max out at something (even something huge - I use 8192 on my campus firewalls) will limit the ability of a user or malware-infected machine to use up states. On top of that, you should start getting firewall log messages about the device(s) trying to use all those states so you can narrow down your search quickly.

Offline Lectrician

  • Full Member
  • ***
  • Posts: 169
  • Karma: +3/-0
    • View Profile
Re: 2.0.1 - HUGE session usage?
« Reply #5 on: September 14, 2017, 02:15:27 pm »
Turns out the router in front of the PFSense box wasn't clearing down sessions.  This is why I couldn't see loads of sessions in PFSense.  The router had a non released version of firmware on it (Draytek) to try to stabilise the VDSL BT Infinity line, but seems this caused issues with sessions.  Putting the current firmware on it has sorted the problem.