|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|
|||
Ethernet port becomes unresponsive - troubleshooting suggestions
Hello:
I have a remote site where I'm having a problem with the OpenBSD network gateway I'm using there. This site is one of five that are all configured basically the same, and this site has been in service for many years. What we thought was a minor change has apparently caused a new problem. The remote site's gateway forwards packets between its upstream port and its local network port. Most traffic comes in on enc0, because the gateway is one end of a point-to-point VPN tunnel set up using ipsec, but the upstream port is pingable and permits ssh logins. For the longest time a Soekris 4801 ran the tunnel flawlessly. A recent change put a new embedded controller behind this gateway. From the local network, you can log into the controller by telneting to port 1400, and the same port is used to push data back to a Macintosh on our main campus through the tunnel. No changes were made to our remote ruleset to accommodate this move. After we added this controller and Mac connection, we began to experience times when the upstream port at the remote site would become unresponsive. Data wasn't traversing the tunnel for anything behind the Soekris; I believe the tunnel was being dropped. The upstream port would not allow ssh logins and would not respond to pings. Power-cycling the Soekris would bring everything back. To eliminate the possibility that the Soekris was the cause, we replaced it with a (faster) PC Engines Alix unit. The problems seemed to go away for over a year, until last week, when the tunnel dropped again. Due to some other problems I wasn't able to log into the Alix's serial port, but the upstream (and local network) ports still had link, and the admin for the switch that the upstream port was plugged into said he could see link and get the MAC address of the gateway. I am open to suggestions on what to look for if this should occur again to help resolve the problem. tia kmb Last edited by kbeaucha; 11th March 2013 at 08:09 PM. Reason: Add some details on state of upstream port from other admin |
|
|||
..and the version of OpenBSD used is what?
|
|
|||
I tried to log into the Alix, but was unable to due to problems unrelated to the Alix itself (another story). I opted for the power cycle because this was an after-hours call and I wanted to restore service as quickly as possible.
I do lose ping response on the Alix. The admin for the upstream switch logged into his Cisco and checked the status on the port our Alix plugs into. It was the Cisco that reported a "link"ed device on the appropriate port and its (the Alix's) MAC address (although I'm uncertain if the Cisco just had that information cached). As you suspect, the version running is 5.0 I'm in the process of resolving the console availability issue. When monitoring mbufs (netstat -m), is there something specific I should look for, or just usage over time? Thanks for the suggestions. kmb |
|
||||
Quote:
But you will also see an output line showing a percentage in use. I recommend a cron job that parses that line for the percentage, and notifies you if it exceeds some threshold you set -- for example, choose a threshold of 50% or 75%. While writing that cron job, you might also want to look at consumption of PF states in that remote router-- the default is 10,000, and while a small office firewall should not exceed that, perhaps there is a problem causing excess state table consumption. See the pfctl(8) man page, and option -s info. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Upgraded all ports, now slow and unresponsive X | caravel | FreeBSD Ports and Packages | 5 | 12th July 2012 07:45 PM |
need help with troubleshooting pf.conf | tinhead | OpenBSD Security | 11 | 25th March 2011 09:34 PM |
need troubleshooting tip for vpn connections | badguy | OpenBSD Security | 19 | 10th November 2010 02:53 PM |
Need suggestions on what to name this project | TerryP | Off-Topic | 10 | 6th November 2010 03:13 PM |
CD/DVD burner becomes unresponsive after burncd | dewarrn1 | FreeBSD General | 2 | 23rd October 2008 01:45 AM |