My pfSense firewall was receiving an “re0: Watchdog Timeout Error”, and I was able to fix it and my connection speeds.
re0 Watchdog Timeout Error – Introduction
First, this is a fairly common issue, and this post helped me a ton while fixing it.
As you can see, the Zotac pfSense firewall that I built is running 2x Realtek adapters.
device = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller' device = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
Additionally, I would often come back to my office to see error messages like the following on my router’s monitor.
re0: watchdog timeout re0: link state changed to DOWN
YouTube Version of this Post
If you prefer video and audio over just reading the text, then you can find the YouTube version of this post below.
That said, don’t forget to hit those like and subscribe buttons to help support the blog and channel!
Verifying the Issue
Other than the watchdog timeout issues I was seeing, the OS would drop and restart the link state.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/root: dmesg | grep re0 | more re0: <:RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet>: port 0xe000-0xe0ff mem 0x81400000-0x81400fff,0xa0100000-0xa0103fff irq 17 at device 0.0 on pci1 re0: Using 1 MSI-X message re0: Chip rev. 0x4c000000 re0: MAC rev. 0x00000000 miibus0: <:MII bus>: on re0 re0: Using defaults for TSO: 65518/35/2048 re0: Ethernet address: 00:01:xx:xx:xx:xx re0: netmap queues/slots: TX 1/256, RX 1/256 re0: link state changed to DOWN re0: link state changed to UP
And, as you can see, there was an issue with my connections, especially when it came to uploads.
Updating the Drivers
First, I found a post on the Netgate forums about where I could download the updated drivers.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: curl https://forum.netgate.com/assets/uploads/files/1537813753467-if_re.zip -o if_re.zip % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 137k 100 137k 0 0 371k 0 --:--:-- --:--:-- --:--:-- 371k
Next, I unzipped the archive in my /boot/kernel directory.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: unzip if_re.zip Archive: if_re.zip extracting: if_re.ko
I also updated the permissions of the file, so that the OS would properly load the driver.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: chown root:wheel if_re.ko [2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: chmod 0555 if_re.ko
Finally, I updated the /boot/loader.conf file, and set if_re_load to “YES”.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: cat /boot/loader.conf kern.vty=sc if_re_load="YES" autoboot_delay="3" hw.usb.no_pf="1" net.pf.request_maxcount="2000000"
With the driver installed, it was time to reboot my router.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: exit exit pfSense - Serial: GXXXX301XXXXX - Netgate Device ID: 22be57e0e3d3d3afe1d6 *** Welcome to pfSense 2.4.5-RELEASE (amd64) on pfSense *** WAN (wan) -> re0 -> v4/DHCP4: 184.108.40.206/22 LAN (lan) -> re1 -> v4: 192.168.5.1/24 IOT (opt1) -> re1.10 -> v4: 192.168.10.1/24 GUEST (opt2) -> re1.20 -> v4: 192.168.20.1/24 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Enter an option: 5 pfSense will reboot. This may take a few minutes, depending on your hardware. Do you want to proceed? Y/y: Reboot normally R/r: Reroot (Stop processes, remount disks, re-run startup sequence) S: Reboot into Single User Mode (requires console access!) F: Reboot and run a filesystem check Enter an option: y pfSense is rebooting now.
Verifying the Fix
As you can see in my previous post, I was able to resolve this issue.
First, I verified that the OS was properly loading the kernel driver.
[2.4.5-RELEASE][admin@pfSense.sanctuary]/root: kldstat Id Refs Address Size Name 1 9 0xffffffff80200000 2e9f160 kernel 2 1 0xffffffff830a0000 7d2c0 if_re.ko 3 1 0xffffffff83211000 10c0 cpuctl.ko 4 1 0xffffffff83213000 32d8 cryptodev.ko
As it was, I reran the speedtest-cli application, and got a much more reasonable upload speed!
[2.4.5-RELEASE][admin@pfSense.sanctuary]/root: speedtest-cli Retrieving speedtest.net configuration... Testing from AT&T ... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by AT&T [7.88 km]: 12.618 ms Testing download speed................................................................................ Download: 534.40 Mbit/s Testing upload speed...................................................................................................... Upload: 376.16 Mbit/s
Other than that, I was no longer seeing the timeout issue, so I finally solved this problem.
re0 Watchdog Timeout Error – Conclusion
This wasn’t an issue that I had noticed (or even seen) until I had upgraded my internet.
That said, this will be something that you need to do if you are running with speeds of over 300 mbps.
In the end, I’m glad I fixed this, but I might have another router upgrade in the works soon!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here.