Author Topic: Primary firewall crashes in HA setup (Read 5663 times)

shade73 · « **on:** September 15, 2016, 04:40:21 pm »

We have two opnsense boxes in HA setup, and every 6-7 day the primary firewall "crashes" (it does not generate a crash report).

When it happens we notices it by our VPN users cannot get access, the primary have stopped processing trafic and does not accept connections (GUI/SSH cannot be accessed).

On the secundary firewall, in "Firewall / Virtual IPs / Status" shows that it have taken control of all 3 CARP interfaces as master. So all normal trafic flows.

The CLI/Console on the primary firewall is working, so the problem can be fixed by selecting reboot in the menu, then the primary firewall comes up agian, and resumes the CARP interfaces as master, and the secundary becomes slave.

6-7 days later, it starts over agian..

franco · « **Reply #1 on:** September 19, 2016, 12:30:52 am »

Hi Shade,

Doesn't sound normal, this would require a peek into the system, something like "top" to look at memory usage, dmesg for out-of-memory-kills, process list to check against.

7 days sounds suspiciously like a Cron job of some yet unknown variety.

Cheers,
Franco

shade73 · « **Reply #2 on:** September 20, 2016, 05:45:09 pm »

7 days in average, it can happen after 4 days but also first after 10.

I will get a top and dmesg output next time it happens.

shade73 · « **Reply #3 on:** October 09, 2016, 05:58:04 pm »

Now it happened again, we have been "lucky" with the updates to OPNsense - they reset the process when the firewall reboots.

Logs attached.

shade73 · « **Reply #4 on:** October 09, 2016, 05:58:38 pm »

truss from openvpn and filterlog

Author Topic: Primary firewall crashes in HA setup (Read 5663 times)

shade73

Primary firewall crashes in HA setup

franco

Re: Primary firewall crashes in HA setup

shade73

Re: Primary firewall crashes in HA setup

shade73

Re: Primary firewall crashes in HA setup

shade73

Re: Primary firewall crashes in HA setup