OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: elektroinside on March 30, 2018, 12:52:07 pm
-
Hi guys,
So.. testing multiwan on my system...
I have a WAN1 which is my PPPoE link and WAN2 which is a Mikrotik with a Huawei 3G modem in it.
I configured a failover group with "packet loss", having as TIER1 the IPv4 gateway of the PPPoE link and as TIER2 the IPv4 gateway of the Mikrotik.
OPNsense crashes every time I disconnect the PPPoE link from Interfaces: Overview.
I submitted the crash report from the WebGUI, don't know if it got uploaded...
Any ideas what's happening?
-
Did you set it up like in the docs?
-
Yep...
If I restart and the WAN is still down (the interface physically disconnected), it never comes back, no network, no GUI. I think it keeps crashing. I don't have a monitor attached to it as it is back in the rack so it's just a guess.
-
Screenshots from all Gateways please. Surely related to apinger
-
And please start with Neighbor Down and not Packet loss
-
Screenshots attached.
OK, switched to "member down". Will get back with the results, I'll try a simple PPPoE disconnect.
UPDATE:
Nope, either it panics and never reboots, or simply just hangs. I had to reset the box.
-
I noticed that first RDS_DHCPv6 is first reported down in the GUI.
WAN2 is still up, managed to stabilize the modem.
Then my guess is it crashes when RDS_PPPoE is down as well, cause after that, no GUI, no network, and from what i'm seeing, it doesn't come back until a physical reset.
-
Another update: I disabled the IPv6 gateway monitoring, but didn't help, still crashes.
-
Please disable V6 completely .. just for testing
-
Nope.. same thing.
Submitted another crash report package. Do these work btw? Where are they stored (I'm guessing & hoping that they are privately available to the devs - didn't read any confidentiality agreement or similar).
-
Hm, OK, without a Display it's just guessing, sorry
-
I disabled "Sticky connections" and "Shared forwarding" and no more crashes.
Narrowed it down to these two.
Multiwan works fine now, I think, I just did a few tests. IPv6 is gone on my PPPoE once I reconnect, but this is known and it's getting a fix soon.
Although I don't think we should consider the issue closed. It shouldn't crash, right?
-
Anyway, thank you mimugmail for your assistance.
Regarding the monitor part, I attached a picture of my rack. It is close to impossible to connect anything anymore there, not to mention I need a ladder to get up there...
I have to take everything out every time I need to connect a display to anything.
-
Be aware that you can't use Traffic Shaping without Shared Forwarding! :(
I'd be interested in the system.log at the time it crashes (console would be way more cooler).
-
Yeah, I know, I don't use it anyway. But it would still be better not to use it and not get a crash...
Ok, I'll collect the logs tomorrow, I'll send you a PM with a gdrive share.
-
Anyway, thank you mimugmail for your assistance.
Regarding the monitor part, I attached a picture of my rack. It is close to impossible to connect anything anymore there, not to mention I need a ladder to get up there...
I have to take everything out every time I need to connect a display to anything.
You could just leave a cable coiled up there for monitor use, that's what I've done on a few installs.
-
True, but i need an extra cable for that :))
I always forget to buy one, and I obviously don't have it at the time being, hence the pain to connect a display.
I got to use the reminders on my phone more often...
-
So... what should I do with the original issue itself?
I think crashes should be avoided if possible, even in case of a misconfiguration (which I'm not sure if it's the case...), exceptions should be caught somehow...
Not sure how to proceed.
EDIT: Oh, forgot about the logs, mimugmail, reproducing and sending you the log files :)
EDIT2: sent you a PM with a google drive share containing the logs. Thank you!
-
A high number of crashes is an indicator of dying hardware / bad NICs more ofthen than it is of feature combinations / additions.
Cheers,
Franco
-
Well... it's the same in MS systems as well. But usually if something's crashing always doing the same thing, might not be the case. Also, regarding the NICs, I have no other errors or issues anywhere, no indication of anything anywhere is wrong.
I thought about the NICs being the problem, but i don't think it's the case here, i just couldn't include (yet) a hardware failure.
If i disable those two options, everything works perfectly fine (aka both WANs, both LANs).
-
I also constantly keep getting this in the logs:
OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN2_DHCP.
Mar 31 18:28:11 configd.py: [2ed9a37d-27c1-47d9-acb5-ae0e7088351c] refresh url table aliases
Mar 31 18:28:10 configd.py: generate template container OPNsense/Filter
Mar 31 18:28:10 configd.py: [5bf84dd1-8f7a-4b40-aae8-1c1452c82927] generate template OPNsense/Filter
Mar 31 18:28:10 configd.py: [3deca8e6-4590-4fca-b99c-2068c122cf38] Reloading filter
Mar 31 18:28:10 opnsense: /usr/local/etc/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN2_DHCP.
Mar 31 18:28:10 configd.py: [fef1eaaf-e054-4ec6-8ef2-42867ba89535] Restarting OpenVPN tunnels/interfaces WAN2_DHCP
Mar 31 18:28:10 configd.py: [e9a7af05-4070-4513-ba3b-a0ed5221ee93] updating dyndns WAN2_DHCP
Mar 31 18:28:01 configd.py: [36da586e-4a8b-49b3-a783-6018f3cc25b5] refresh url table aliases
Mar 31 18:28:01 configd.py: generate template container OPNsense/Filter
Mar 31 18:28:01 configd.py: [2497ea8e-7882-4320-9584-42648ef69160] generate template OPNsense/Filter
Mar 31 18:28:00 configd.py: [0171db3f-a20e-4a09-83db-6d4771dd415c] Reloading filter
Mar 31 18:28:00 opnsense: /usr/local/etc/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN2_DHCP.
Mar 31 18:28:00 configd.py: [04d97a83-9a50-4069-b0d1-5c153304cf73] Restarting OpenVPN tunnels/interfaces WAN2_DHCP
Mar 31 18:28:00 configd.py: [1941d1a4-2656-440c-83e0-114382df30cb] updating dyndns WAN2_DHCP
My single OpenVPN server doesn't even listen to WAN2, only WAN1.
WAN2 of OPNsense means this: the LAN of the Mikrotik, and the WAN of the Mikrotik receives an IP from a private class anyway from the ISP via a mobile 3G connection, making my OPNsense WAN2 a double NAT-ed setup, so basically is useless to try to listen to it.
Also, my OPNsense WAN2 is set to DHCP but has a static lease configured in the Mikrotik, it will never receive another IP.
Everything started with this multiwan setup, so I believe something with it is wrong in this particular config.
-
To keep the thread updated, mimugmail & Franco, I have uploaded a fresh new set of logs & dump file on the google drive. I personally don't see anything helpful in them. Console doesn't helps either (please check the video).
Also, as pointed out before, the single option which crashes the system if wan1 goes down in way or another is "Use shared forwarding between packet filter, traffic shaper and captive portal".
-
Interresting Thread!
Seems that I have a similar problem here. If I physically disconnect one of my two PPoE the system goes immediately into reboot.
I configured my system like elektroinside and have shared forwarding enabled.
I will test without shared forwarding
-
I can see some kind of stack trace in the video .. let's see how to catch this one.
-
So, I'm not the only one.
mimugmail, I've attached some dump file in the google drive, does that helps or you need something else?
-
This may may your life easier:
https://www.amazon.com/vga-extension-cable/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3Avga%20extension%20cable (https://www.amazon.com/vga-extension-cable/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3Avga%20extension%20cable)
-
Thanks, but I just needed to go to any store and buy a longer HDMI cable, which I did :)