Netgate SG-1000 microFirewall

Author Topic: pfsense is not making sense  (Read 1000 times)

0 Members and 1 Guest are viewing this topic.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4915
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: pfsense is not making sense
« Reply #15 on: November 01, 2017, 02:44:13 pm »
The "idle" process is using way too much processor...   (kidding)

Don't see anything odd.  I'd reinstall and test again.   

Offline raffi30

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: pfsense is not making sense
« Reply #16 on: November 01, 2017, 02:49:13 pm »
haha tech humor. I'm going to hold off a reinstall for now since it's not a show stopper, but I have a feeling that may be the only option. I'll have to find a good time to get it done.

Thanks for the help.

Raffi

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4915
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: pfsense is not making sense
« Reply #17 on: November 01, 2017, 02:53:37 pm »
Yeah -  I'd wait for a good time.  It could take seconds or perhaps minutes to hit the "default settings" button in the console. 

Might work as well as a fresh install. 

Offline raffi30

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: pfsense is not making sense
« Reply #18 on: November 01, 2017, 03:02:26 pm »
lol good idea, I'll try that first.

Have you had any experience with a reinstall when an issue came up? I wonder if restoring my config on a fresh install would also "restore" the issue? I guess, I'll only know by trying.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4915
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: pfsense is not making sense
« Reply #19 on: November 01, 2017, 03:04:21 pm »
Likely so.  I've noticed that when I screw up my settings, save them and then restore them, they are still screwed up.  Maybe its just me. 

Offline raffi30

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: pfsense is not making sense
« Reply #20 on: November 01, 2017, 09:11:22 pm »
It turns out it's not my settings. A factory reset didn't help either. Is a factory reset the same as a fresh install? Could there still be some files that are corrupt or not quite right?

I'm beginning to think it could be due to the jump from 2.3.x to 2.4.0. I think that's when it  also changed the freeBSD version to 11? I won't know for sure until I try a fresh install of 2.3.x and see if that fixes it or not.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4915
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: pfsense is not making sense
« Reply #21 on: November 01, 2017, 11:19:32 pm »
Id try a fresh install before I blamed the new version.  I think that even a factory reset could leave some stray code, depending on whats been done to it.

Offline raffi30

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: pfsense is not making sense
« Reply #22 on: November 02, 2017, 08:44:11 am »
I'll have to wait for a time when the office is nearly empty before I do a fresh install. I may not be able to get that done for a while since I won't be in the office again till Tuesday. I guess the bit of good news is that it looks like it's not my settings. If it is due to some bit of bad/left over code, doing a fresh install of 2.4.1 will hopefully take care of that. I could run a test right after the install. Then, restore my latest config and it should get me back up and running, hopefully without issues. We shall see... but that is the game plan for now.

Offline roveer

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: pfsense is not making sense
« Reply #23 on: November 04, 2017, 09:07:38 pm »
I just happened to be searching around tonight as I'm embarking on my own pfsense installation.

You description seems like it somewhat matches that of this video on Youtube:  https://www.youtube.com/watch?v=v2rK5F461aM

He upgraded the processor and problems went away.  You may be under powered since you turned a bunch of stuff on.

Roveer

Offline BlueKobold

  • Hero Member
  • *****
  • Posts: 2449
  • Karma: +193/-104
  • pfSense rocks!
    • View Profile
Re: pfsense is not making sense
« Reply #24 on: November 05, 2017, 07:42:31 am »
Quote
Since then, the network topology has not changed. I have installed pfsense OS updates along the way, Snort, squid (with cache and AV), and pfblocker. I have been running speed tests recently and my upload is consistently fine. The issue is with my download speeds. I can't get above ~97 Mbps.
Snort, Squid, ClamAV and pfBlockerNG means you were turning your pfSense into a fully acting UTM device and this
on a small Atom based board with 1.6GHz so it could really be that you are not right sorted with enough horse power.

Quote
He upgraded the processor and problems went away.  You may be under powered since you turned a bunch of stuff on.
Could be also that the memory system gets saturated. To small footprint or to lame RAM.
Greetings from Germany
Frank

Offline marvosa

  • Hero Member
  • *****
  • Posts: 746
  • Karma: +39/-0
    • View Profile
Re: pfsense is not making sense
« Reply #25 on: November 05, 2017, 09:36:44 am »
I'm in alignment with roveer's post, your box is underpowered.

Per the PFsense hardware requirements page (https://www.pfsense.org/products/#requirements), for your bandwidth you should be running:

"No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters."

I would also double your ram at a minimum.
« Last Edit: November 05, 2017, 09:50:04 am by marvosa »

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2195
  • Karma: +201/-12
    • View Profile
Re: pfsense is not making sense
« Reply #26 on: November 05, 2017, 11:34:20 am »
His box may technically be underpowered, but it is not showing any usual load.

@OP: Run "ps -aux" while you're doing a speedtest. We need to see what's using CPU, if any, under load.

Offline JeGr

  • Hero Member
  • *****
  • Posts: 3068
  • Karma: +195/-7
  • old man standing
    • View Profile
Re: pfsense is not making sense
« Reply #27 on: November 07, 2017, 06:45:36 am »
> on a small Atom based board with 1.6GHz so it could really be that you are not right sorted with enough horse power.

Geez, guys! The celeron 1017U is an Ivy Bridge gen. Notebook CPU. Not a small-time old-school Atom.

> "No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters."

What for? That recommendation is really old-school, even the pfSense hardware doesn't match that ;) Not even their own SG-2440 would match that description and is described as running IDS and Proxies just fine. I agree with Harvy, the screens don't show high CPU load and if the box should be that underpowered you'd see that in the 5 or 15m load values. The Celeron is a dual core, so a load of 2 would still be acceptable at peaks.
Don't forget to [applaud] those offering their time and brainpower to help you!

If you're interested in paid support, I'm available via PM for details of German pfSense support either for corporate or personal cases.

Offline raffi30

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: pfsense is not making sense
« Reply #28 on: November 07, 2017, 08:33:35 am »
Thanks for the replies. I wish it were as simple as my hardware being under powered. I have no beast under the hood, but I have several points to squash that argument.
1. My CPU load has never been max out even under the heaviest of use.
2. My CPU load is almost always sitting close to 0% usage. The biggest load is probably me accessing the GUI/graphs.
3. The idle process uses most of the processor.
4. I disabled all the mentioned services which are known to be a burden and still have the issue.
5. I did a factory reset and still had the issue.
6. I have 4GB of newish laptop ram. It is not fully utilized.
7. There is no use and never has been any use of swap space.

I did not have this issue when I originally ran the system on 2.3.x, so I'm beginning to think it could be due to the jump to 2.4.x. It could also be that I have a botched install which happened somewhere along the way. I'm pretty sure the factory reset simply restores a config file with all the defaults from a fresh install. It's not re-imaging the partition from a recovery partition. I realized this when I saw my custom WPAD files still in the /usr/local/www/ directory even after the factory reset. I deleted those files as well just to be sure they had no part in the problem, but this made me think, if those files were untouched, what if a potentially corrupted file was also untouched. I think the only thing that makes sense at this point is a fresh install. I'll keep you all posted.

Thanks.


Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4915
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: pfsense is not making sense
« Reply #29 on: November 07, 2017, 08:39:00 am »
It will be interesting to see what a fresh install does.