[guide] pfsense VM on QNAP in 2020

[Moogle Stiltzkin]

Makes complete sense since pfsense would be off, and isn't able to assign the desktop an IP on the network.

correct. so maybe the solution is to set a static ip on the machine that is managing the pfsense router, or you get locked out like this ?

but oddly when i did that, although i can access the qnap and pfsense page. i didn't have internet still until i switched back to ip and dns auto.

perhaps i needed to go

windows cmd and do a

Code: Select all

ipconfig /release

followed by a

Code: Select all

ipconfig /renew

https://www.lifewire.com/renewing-ip-ad ... ows-816528



i'll test this next time this happens again.

[Moogle Stiltzkin]

i suspect there is an issue with pfsense 2.4.5 p1 for vm.

never had an issue with the previous pfsense version. but since p1, every now and then, the internet and local networking wouldn't work. i noticed the issue was that the pfsense had crashed somehow because pfsense gui was inaccessible.

had to restart it via shell "5" to get it up again.

i read here
https://www.reddit.com/r/PFSENSE/commen ... available/

and there seems to be some agreement that 2.4.5 p1 may have issues in stability.

[MikeLagit]

Next time this happens, see if you have a WAN IP in the Overview panel of Network and Virtual Switch. You said local network wouldn't work, but if you have a third cable to the NAS with static IP, see if you can ssh to it and ping 1.1.1.1 on the outside. I'm curious if the net is somehow still there even if the gui is locked.

[Moogle Stiltzkin]

well

in virtual station it seemingly looks as if pfsense is still up.

i can even view the pfsense shell options and run them.

BUT, i cannot access the pfsense admin gui in browser. Internet is down, and network connectivity on lan is disrupted. No internet at all checked from a few different client devices including my NAS that says no WAN.

only solution for me was to run the "5" reboot. i also tried reboot via virtual station by shutting down the vm and starting it up again.


I don't know is this due to recent virtual station update? or is this pfsense itself?

When i try to check logs, it resets after the crash so i cannot check what happened, unless someone else knows how to keep a record of this :/

[Moogle Stiltzkin]

hm... i notice i can consistently trigger this by downloading multiple torrents at once.

e.g. 6 torrent...linux isos... *cough

then shortly after, i notice internet is down. then i check the pfsense browser cannot be accessed either.

I never had this issue in the previous pfsense version. Or maybe one of my settings caused this? i'm not sure :/

for now i tried to limit my torrent bandwidth ingoing and outgoing and hopefully not maxing out won't cause a trigger. but even if that worked, not being able to max out broadband is sad :{

[MikeLagit]

I haven't seen any issues like this and can hammer mine with a full 200 Meg down for days, it's rock solid. I can't think of what would be causing this for ya. I do run my downloads on a PC VM totally independent of the NAS though. On pfsense I run VPN for whole house and it's been working amazing. If I think of something to try I will post back.

[Moogle Stiltzkin]

the only time i saw something like this happen before, was back when i was testing suricata and noticed that during max load for my 100 mbps bandwidth, the cpu hits 100% which triggers this kind of crash.


atm the only active packages i have are

avahi Avahi mDNS/DNS-SD daemon
dhcpd DHCP Service
dpinger Gateway Monitoring Daemon
ntpd NTP clock sync
pfb_dnsbl pfBlockerNG DNSBL service
pfb_filter pfBlockerNG firewall filter service
syslogd System Logger Daemon
unbound DNS Resolver



ntopng is disabled. i only activate when i'm actively checking something out. rest of the time i leave it off.


my pfblockerng rules not too complicated.

-malicious
-malicious2
-bbcan177
-cryptojackers
-url shorterners
-perflyst smart tv

mostly setup as this guy suggested, with some minor tweaks
https://www.youtube.com/watch?v=G9_a-7wQ_QU


so i don't reckon my packages are the cause of this, although i'm not too sure



but even when i'm not torrenting, sometimes when i'm just playing valorant, fragging some newbs, my internet gets cut off because of pfsense going awol. i'll just keep observing for now.

i highly doubt it's a ram issue, i have 16gb and it never maxes out.

[MikeLagit]

I haven't had time to go past my basic core setup and only have: bandwidthd, darkstat, iperf, nmap, and openvpn-client-export installed in the packages section.

Configured and running I have the basics like ntp, dhcp server, openvpn-client for whole house VPN, and openvpn-server for when I need to connect remotely.

Very stable with this setup I am using. If it keeps acting up, maybe try removing packages, and/or reverting back to a previous snapshot with the basics, and then add packages back in one at a time.

[Yippym]

i suspect there is an issue with pfsense 2.4.5 p1 for vm.

Working fine here, I've just did another network with pfSense solution on QNAP.

Both updated to the latest 2.4.5-RELEASE-p1.

Have you installed the pfSense directly from ISO or from QNAP custom made VM Import, apparently they are differently made (QNAP support mentioned VLAN don't work from their VM Installer for example). Don't ask me what's different between the two method, but I've imported the QNAP VM.

[Moogle Stiltzkin]

i suspect there is an issue with pfsense 2.4.5 p1 for vm.

Working fine here, I've just did another network with pfSense solution on QNAP.

Both updated to the latest 2.4.5-RELEASE-p1.

Have you installed the pfSense directly from ISO or from QNAP custom made VM Import, apparently they are differently made (QNAP support mentioned VLAN don't work from their VM Installer for example). Don't ask me what's different between the two method, but I've imported the QNAP VM.

i initially tried the qnap one from the vm market, but that didn't work for me.

so i had to download from the pfsense site direct and use theirs.

wow... i didn't know this, or at least this was never explained

could that be why when i tried to setup the guest vlan it didn't fully work? now i wonder

[MikeLagit]

I couldn't get the QNAP image one to work, and the stock pfsense one worked straight away. I would think the difference would be settings, but I'd love to know.

[OneCD]

I couldn't get the QNAP image one to work, and the stock pfsense one worked straight away.

This reminds me of another company known for looking at popular, open-source projects that work-well for everyone. So, they create their own rather limited and bug-ridden versions that work for them and no-one else.

Microsoft.

[MikeLagit]

Zactly! I don't trust what someone else has done to it, especially for security reasons. I didn't try any vlans, but I'd rather see QNAP just publish how we can enable the "fixes" on our own.

[Yippym]

I can see why you would be concerned on how it works, but I think it's to do with the connection to the Virtual Switch on QNAP side communicating in.

There are 4 ways to install pfSense on QNAP

• ISO directly pfSense

• QNAP VM Marketplace

• QNAP - Import image https://www.qnap.com/solution/pfsense/en/

• QNAP App - VM Installer (only available on QGD-1600P)

I've made a new post on how VLAN works with pfSense in QNAP QGD-1600P, the way it works is that the Virtual Switch auto filter the VLAN. Just need to assign the interface.
https://poyu.co.uk/2020/08/16/qnap-qgd- ... h-pfsense/

[Moogle Stiltzkin]

testing maxing my bandwidth again because i experience where the pfsense shutdown again.

so i rebooted then ran torrent and later a steam download for new world.






no problem.



so perhaps the reason pfsense crashes is either
1. it happens when it's running a long time, and then something stresses the router
2. probly because i updated qts recently and didn't reboot pfsense again?
3. stressing max bandwidth causes an overload for extended bandwidth download/upload
4. too many connections?
5. one of the packages is causing a crash? (i highly suspect this as being the likely cause)