Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want to complain that Netgate couldn’t… what, exactly? There are thousands of FW-75xx systems in the world, happily running pfSense. The problems we have tend to develop when people assume they know better about what the machine can support, and start treating it like a garden-variety PC. It’s not. It shares the Intel architecture, sure, but it’s an embedded system, with attendant requirements (mostly environmental) that no PC would deal with for long. I actually know that the replacement unit you received was running (“in service”) between two fiber connections. The one you received was one of the last remaining 7535s(*), in something like mint condition, which we could lay our hands on. It was pulled from a live environment, put back through the factory load process, and shipped to you. It goes without saying that there was no “packet corruption” evident when it was last in-service here. I, for one, would be curious to know if the ‘corruption’ which you accuse recurs with the original, as-shipped configuration. Jim (*) Another choice was to take the 7535 we have running Asterisk (FreePBX), and refurbish it to factory fresh. On Sep 29, 2013, at 7:45 AM, master8...@aol.com wrote: I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the problem disappeared on the new device. After all the installs with the various Netgate FW models over the years (not the m1n1wall, those have been awesome but are too outdated for me to be using on 100meg+ internet), Their reliability has been lacking and the issues that arise are always hard to diagnose and prove (freezing, no response situations, corrupting packets). I think I am just going to give up a few Ethernet ports that I don't end up using anyways and start building my own. Jonathon On 8/20/2013 11:08 AM, master8...@aol.com wrote: I switched out the memory and the SSD, reinstalled pfsense, and after a few weeks of operation, VPN traffic started corrupting again. A soft reset doesn't fix it. A hard reset (by pulling the power cord for a few seconds) does. I tried contacting Netgate and didn't receive a response. Does anyone know what could be going on here? Thanks, Jonathon On 7/26/2013 9:04 AM, master8...@aol.com wrote: Scanned the memory with memtest this morning and scanned the Intel SSD as well, it's all fine. I did stumble across something that fixes it though. Pulling the power cord for a few seconds. The act of removing power from my Netgate FW-7535 caused everything to start working. I probably soft reset it from the console 10 times and kept getting corrupted OpenVPN connections until I actually pulled power from the thing. I am starting to lean towards something on it's motherboard being defective. I will switch out the memory and SSD in a few days just to make sure it's not them. Thanks, Jonathon On 7/25/2013 6:25 PM, Bob Gustafson wrote: On 07/25/2013 04:59 PM, master8...@aol.com wrote: The last few months I have been having issues with OpenVPN connections from my road warriors. It appears that most of the traffic crossing the link is corrupted. I can't use remote desktop, it always says because of an error in data encryption, the session will end. I can't use the company intranet, it always displays the pages corrupted or doesn't load them at all. What do I mean by corrupted? See how it butchered the page load of the pfSense web admin interface. http://imgur.com/3B6EAAT This doesn't look too bad. I am assuming that you have sliced out the data for security purposes - or is that the corruption? All of this obvious data corruption and not a single peep in the logs. Nothing, nowhere. I have 20 installs and this is the only one that has ever given me an issue like this. Does anyone have any ideas? Are you saying 20 installs on different hardware, or 20 installs sequentially over several months/versions on the same box. If 20 on separate boxes, I would do a memory test on the failing box. Bob G Thanks, Jonathon ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
Jim, Netgate has a solid reputation for quality stuff and I happen to be a happy customer. On occasion when I've called with technical questions, your support has been very good. Enough for me to recommend your company and products... and support. Therefore, I find your starting tone a bit defensive. The customer in question obviously had the need to make the changes he did. And it messed up the machine. We all get that. You do not need to point that out. Yudhvir On Mon, Sep 30, 2013 at 8:23 AM, Jim Thompson j...@netgate.com wrote: Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want to complain that Netgate couldn’t… what, exactly? There are thousands of FW-75xx systems in the world, happily running pfSense. The problems we have tend to develop when people assume they know better about what the machine can support, and start treating it like a garden-variety PC. It’s not. It shares the Intel architecture, sure, but it’s an embedded system, with attendant requirements (mostly environmental) that no PC would deal with for long. I actually know that the replacement unit you received was running (“in service”) between two fiber connections. The one you received was one of the last remaining 7535s(*), in something like mint condition, which we could lay our hands on. It was pulled from a live environment, put back through the factory load process, and shipped to you. It goes without saying that there was no “packet corruption” evident when it was last in-service here. I, for one, would be curious to know if the ‘corruption’ which you accuse recurs with the original, as-shipped configuration. Jim (*) Another choice was to take the 7535 we have running Asterisk (FreePBX), and refurbish it to factory fresh. On Sep 29, 2013, at 7:45 AM, master8...@aol.com wrote: I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the problem disappeared on the new device. After all the installs with the various Netgate FW models over the years (not the m1n1wall, those have been awesome but are too outdated for me to be using on 100meg+ internet), Their reliability has been lacking and the issues that arise are always hard to diagnose and prove (freezing, no response situations, corrupting packets). I think I am just going to give up a few Ethernet ports that I don't end up using anyways and start building my own. Jonathon On 8/20/2013 11:08 AM, master8...@aol.com wrote: I switched out the memory and the SSD, reinstalled pfsense, and after a few weeks of operation, VPN traffic started corrupting again. A soft reset doesn't fix it. A hard reset (by pulling the power cord for a few seconds) does. I tried contacting Netgate and didn't receive a response. Does anyone know what could be going on here? Thanks, Jonathon On 7/26/2013 9:04 AM, master8...@aol.com wrote: Scanned the memory with memtest this morning and scanned the Intel SSD as well, it's all fine. I did stumble across something that fixes it though. Pulling the power cord for a few seconds. The act of removing power from my Netgate FW-7535 caused everything to start working. I probably soft reset it from the console 10 times and kept getting corrupted OpenVPN connections until I actually pulled power from the thing. I am starting to lean towards something on it's motherboard being defective. I will switch out the memory and SSD in a few days just to make sure it's not them. Thanks, Jonathon On 7/25/2013 6:25 PM, Bob Gustafson wrote: On 07/25/2013 04:59 PM, master8...@aol.com wrote: The last few months I have been having issues with OpenVPN connections from my road warriors. It appears that most of the traffic crossing the link is corrupted. I can't use remote desktop, it always says because of an error in data encryption, the session will end. I can't use the company intranet, it always displays the pages corrupted or doesn't load them at all. What do I mean by corrupted? See how it butchered the page load of the pfSense web admin interface. http://imgur.com/3B6EAAT This doesn't look too bad. I am assuming that you have sliced out the data for security purposes - or is that the corruption? All of this obvious data corruption and not a single peep in the logs. Nothing, nowhere. I have 20 installs and this is the only one that has ever given me an issue like this. Does anyone have any ideas? Are you saying 20 installs on different hardware, or 20 installs sequentially over several months/versions on the same box. If 20 on separate boxes, I would do a memory test on the failing box. Bob G Thanks, Jonathon ___ List mailing list List@lists.pfsense.org
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
Yudhvir, I’m just grumpy, because of messages like the below (OP, not you), and threads like this: http://forum.pfsense.org/index.php/topic,66684.15.html Note again that it’s someone who decided to put their own SSD in the box, loaded their own version of pfSense, then blew their foot off when they upgraded to 2.1. First, netgate does NOT have “it’s own version of pfSense”.Yes, we re-brand the GUI, or rather, we have the pfSense team do it. Costs us money, every month. (Money we’ve been happy to pay every month since sometime in 2006. Money which directly supports the pfSense project. There is a version of pfSense 2.0.3 (specifically, 2.0.3p1) which specifically adds support for the Realtek devices on the Jetway system we sell. When we made this release, it was pushed back through the build process by Jim Pingle. Restated: it didn’t come directly from Netgate personnel. Second, most people should be aware by now that Jamie and I (the ‘owners’ of Netgate) are also (with cmb) co-owners of the company behind pfSense. This has been true for a bit over a year now. I am involved with both companies, both in terms of day to day operations and things more strategic. cmb’s office is next door to mine. Third, most people should have noted that Netgate’s version 2.1 didn’t ship simultaneous with the ‘stock’ pfSense. There are reasons, mostly related to a lack of testing by the pfSense crew, and my desire to drive any changes for same back through the pfSense side. As was discovered late in the thread referenced above, the ‘name’ of the disk changes, assuming a HD is present. When we build these (once we did), the settings were updated (first by hand, and now with a custom BIOS config) the CMOS is set such that the upgrade to 2.1 will correctly complete. We take a lot of time and care releasing systems into the world. We develop and test specific processes for the people building systems to follow, such that we *know* what is in the field. We spent a long time with people hammering the sales side of Netgate for a SSD solution before I allowed one to ship. There are many reasons for this, including a distinct lack of reliable SSDs, lack of TRIM support in the underlaying FreeBSD kernel, lack of a repeatable high-speed loading solution, some insight into what 2.1 would bring, etc. So when people decide they know better, make a mess, and then (worse) occasionally demand a refund “because the system doesn’t work”, it raises my ire. Sorry for allowing that to show through. I’m doing my best to keep the codebases from diverging, but I keep hearing echoes in the community that Netgate has all but forked pfSense. If there was one company most unlikely to fork pfSense, it’s Netgate. Jim On Sep 30, 2013, at 10:56 AM, Mehma Sarja mehmasa...@gmail.com wrote: Jim, Netgate has a solid reputation for quality stuff and I happen to be a happy customer. On occasion when I've called with technical questions, your support has been very good. Enough for me to recommend your company and products... and support. Therefore, I find your starting tone a bit defensive. The customer in question obviously had the need to make the changes he did. And it messed up the machine. We all get that. You do not need to point that out. Yudhvir On Mon, Sep 30, 2013 at 8:23 AM, Jim Thompson j...@netgate.com wrote: Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want to complain that Netgate couldn’t… what, exactly? There are thousands of FW-75xx systems in the world, happily running pfSense. The problems we have tend to develop when people assume they know better about what the machine can support, and start treating it like a garden-variety PC. It’s not. It shares the Intel architecture, sure, but it’s an embedded system, with attendant requirements (mostly environmental) that no PC would deal with for long. I actually know that the replacement unit you received was running (“in service”) between two fiber connections. The one you received was one of the last remaining 7535s(*), in something like mint condition, which we could lay our hands on. It was pulled from a live environment, put back through the factory load process, and shipped to you. It goes without saying that there was no “packet corruption” evident when it was last in-service here. I, for one, would be curious to know if the ‘corruption’ which you accuse recurs with the original, as-shipped configuration. Jim (*) Another choice was to take the 7535 we have running Asterisk (FreePBX), and refurbish it to factory fresh. On Sep 29, 2013, at 7:45 AM, master8...@aol.com wrote: I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
You misunderstood completely. I added those items AFTER I started having problems as a diagnostic to eliminate things people would recommend I try. The BASE HARDWARE was causing this issue. The replacement UNIT you sent me IS FINE and i'm thankful for reaching a resolution and the old unit is being shipped back. I was just commenting I have had to replace two other units at a DIFFERENT LOCATION, IN THE PAST, for freezing and the eventual replacement worked fine then as well, another hardware issue with the actual unmodified device that was a nightmare to diagnose with no answers again. I was just commenting on my experience if someone else had the issue, that the replacement did fix it and the route I was taking for the future. Then I get a personal attack, it was uncalled for and really reflects poorly on the attitude of Netgate as a company. I never called out Netgate or any of the employees there. Only my experience with this one particular device and its predecessor. I was commenting on packet corruption that occurred in my initial brand new unit that the replacement resolved. If you had something to say about it, I would have liked to hear about it before I went through hell trying to find out if it was a unit issue or a software issue. Thanks, Jonathon On 9/30/2013 11:23 AM, Jim Thompson wrote: Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want to complain that Netgate couldn’t… what, exactly? There are thousands of FW-75xx systems in the world, happily running pfSense. The problems we have tend to develop when people assume they know better about what the machine can support, and start treating it like a garden-variety PC. It’s not. It shares the Intel architecture, sure, but it’s an embedded system, with attendant requirements (mostly environmental) that no PC would deal with for long. I actually know that the replacement unit you received was running (“in service”) between two fiber connections. The one you received was one of the last remaining 7535s(*), in something like mint condition, which we could lay our hands on. It was pulled from a live environment, put back through the factory load process, and shipped to you. It goes without saying that there was no “packet corruption” evident when it was last in-service here. I, for one, would be curious to know if the ‘corruption’ which you accuse recurs with the original, as-shipped configuration. Jim (*) Another choice was to take the 7535 we have running Asterisk (FreePBX), and refurbish it to factory fresh. On Sep 29, 2013, at 7:45 AM, master8...@aol.com wrote: I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the problem disappeared on the new device. After all the installs with the various Netgate FW models over the years (not the m1n1wall, those have been awesome but are too outdated for me to be using on 100meg+ internet), Their reliability has been lacking and the issues that arise are always hard to diagnose and prove (freezing, no response situations, corrupting packets). I think I am just going to give up a few Ethernet ports that I don't end up using anyways and start building my own. Jonathon On 8/20/2013 11:08 AM, master8...@aol.com wrote: I switched out the memory and the SSD, reinstalled pfsense, and after a few weeks of operation, VPN traffic started corrupting again. A soft reset doesn't fix it. A hard reset (by pulling the power cord for a few seconds) does. I tried contacting Netgate and didn't receive a response. Does anyone know what could be going on here? Thanks, Jonathon On 7/26/2013 9:04 AM, master8...@aol.com wrote: Scanned the memory with memtest this morning and scanned the Intel SSD as well, it's all fine. I did stumble across something that fixes it though. Pulling the power cord for a few seconds. The act of removing power from my Netgate FW-7535 caused everything to start working. I probably soft reset it from the console 10 times and kept getting corrupted OpenVPN connections until I actually pulled power from the thing. I am starting to lean towards something on it's motherboard being defective. I will switch out the memory and SSD in a few days just to make sure it's not them. Thanks, Jonathon On 7/25/2013 6:25 PM, Bob Gustafson wrote: On 07/25/2013 04:59 PM, master8...@aol.com wrote: The last few months I have been having issues with OpenVPN connections from my road warriors. It appears that most of the traffic crossing the link is corrupted. I can't use remote desktop, it always says because of an error in data encryption, the session will end. I can't use the company intranet, it always displays the pages corrupted or doesn't load them at all. What do I mean by corrupted? See how it butchered the page load of the pfSense web
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the problem disappeared on the new device. After all the installs with the various Netgate FW models over the years (not the m1n1wall, those have been awesome but are too outdated for me to be using on 100meg+ internet), Their reliability has been lacking and the issues that arise are always hard to diagnose and prove (freezing, no response situations, corrupting packets). I think I am just going to give up a few Ethernet ports that I don't end up using anyways and start building my own. Jonathon On 8/20/2013 11:08 AM, master8...@aol.com wrote: I switched out the memory and the SSD, reinstalled pfsense, and after a few weeks of operation, VPN traffic started corrupting again. A soft reset doesn't fix it. A hard reset (by pulling the power cord for a few seconds) does. I tried contacting Netgate and didn't receive a response. Does anyone know what could be going on here? Thanks, Jonathon On 7/26/2013 9:04 AM, master8...@aol.com wrote: Scanned the memory with memtest this morning and scanned the Intel SSD as well, it's all fine. I did stumble across something that fixes it though. Pulling the power cord for a few seconds. The act of removing power from my Netgate FW-7535 caused everything to start working. I probably soft reset it from the console 10 times and kept getting corrupted OpenVPN connections until I actually pulled power from the thing. I am starting to lean towards something on it's motherboard being defective. I will switch out the memory and SSD in a few days just to make sure it's not them. Thanks, Jonathon On 7/25/2013 6:25 PM, Bob Gustafson wrote: On 07/25/2013 04:59 PM, master8...@aol.com wrote: The last few months I have been having issues with OpenVPN connections from my road warriors. It appears that most of the traffic crossing the link is corrupted. I can't use remote desktop, it always says because of an error in data encryption, the session will end. I can't use the company intranet, it always displays the pages corrupted or doesn't load them at all. What do I mean by corrupted? See how it butchered the page load of the pfSense web admin interface. http://imgur.com/3B6EAAT This doesn't look too bad. I am assuming that you have sliced out the data for security purposes - or is that the corruption? All of this obvious data corruption and not a single peep in the logs. Nothing, nowhere. I have 20 installs and this is the only one that has ever given me an issue like this. Does anyone have any ideas? Are you saying 20 installs on different hardware, or 20 installs sequentially over several months/versions on the same box. If 20 on separate boxes, I would do a memory test on the failing box. Bob G Thanks, Jonathon ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
On Sun, Sep 29, 2013 at 2:45 PM, master8...@aol.com master8...@aol.com wrote: I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the problem disappeared on the new device. After all the installs with the various Netgate FW models over the years (not the m1n1wall, those have been awesome but are too outdated for me to be using on 100meg+ internet), Their reliability has been lacking and the issues that arise are always hard to diagnose and prove (freezing, no response situations, corrupting packets). Generally speaking, I don't believe that to be true. There are a lot of those systems out there and we don't seem to see problems with them more than anything else. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
I switched out the memory and the SSD, reinstalled pfsense, and after a few weeks of operation, VPN traffic started corrupting again. A soft reset doesn't fix it. A hard reset (by pulling the power cord for a few seconds) does. I tried contacting Netgate and didn't receive a response. Does anyone know what could be going on here? Thanks, Jonathon On 7/26/2013 9:04 AM, master8...@aol.com wrote: Scanned the memory with memtest this morning and scanned the Intel SSD as well, it's all fine. I did stumble across something that fixes it though. Pulling the power cord for a few seconds. The act of removing power from my Netgate FW-7535 caused everything to start working. I probably soft reset it from the console 10 times and kept getting corrupted OpenVPN connections until I actually pulled power from the thing. I am starting to lean towards something on it's motherboard being defective. I will switch out the memory and SSD in a few days just to make sure it's not them. Thanks, Jonathon On 7/25/2013 6:25 PM, Bob Gustafson wrote: On 07/25/2013 04:59 PM, master8...@aol.com wrote: The last few months I have been having issues with OpenVPN connections from my road warriors. It appears that most of the traffic crossing the link is corrupted. I can't use remote desktop, it always says because of an error in data encryption, the session will end. I can't use the company intranet, it always displays the pages corrupted or doesn't load them at all. What do I mean by corrupted? See how it butchered the page load of the pfSense web admin interface. http://imgur.com/3B6EAAT This doesn't look too bad. I am assuming that you have sliced out the data for security purposes - or is that the corruption? All of this obvious data corruption and not a single peep in the logs. Nothing, nowhere. I have 20 installs and this is the only one that has ever given me an issue like this. Does anyone have any ideas? Are you saying 20 installs on different hardware, or 20 installs sequentially over several months/versions on the same box. If 20 on separate boxes, I would do a memory test on the failing box. Bob G Thanks, Jonathon ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
I switched out the memory and the SSD, But did you test the ram? Make sure the ram doesn't require a special voltage - this is usually written on the sticker on the ram. And run memtest86 on it overnight. And suspect the ssd - try a small hdd. I like to use laptop drives as boot drives for my servers. Only need the speed of an ssd for running my VMs. That also leaves the nics. Some pci nics will run at 66MHz if they are placed in a 66MHz pci slot. That causes them to run very hot in some cases. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list