re0 Watchdog Timeout Error – Realtek FreeBSD Fix

My pfSense firewall was receiving a "re0: Watchdog Timeout Error", and I was able to fix it and my connection speeds.

re0 Watchdog Timeout Error - Introduction

First, this is a fairly common issue, and this post helped me a ton while fixing it.

As you can see, the Zotac pfSense firewall that I built is running 2x Realtek adapters.

device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'

Additionally, I would often come back to my office to see error messages like the following on my router's monitor.

re0: watchdog timeout
re0: link state changed to DOWN

Verifying the Issue

Other than the watchdog timeout issues I was seeing, the OS would drop and restart the link state.

[2.4.5-RELEASE][admin@pfSense.sanctuary]/root: dmesg | grep re0 | more
re0: <:RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet>: port 0xe000-0xe0ff mem 0x81400000-0x81400fff,0xa0100000-0xa0103fff irq 17 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: Chip rev. 0x4c000000
re0: MAC rev. 0x00000000
miibus0: <:MII bus>: on re0
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: 00:01:xx:xx:xx:xx
re0: netmap queues/slots: TX 1/256, RX 1/256
re0: link state changed to DOWN
re0: link state changed to UP

And, as you can see, there was an issue with my connections, especially when it came to uploads.

re0 Watchdog Timeout Error - Upload test error

Updating the Drivers

First, I found a post on the Netgate forums about where I could download the updated drivers.

[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: curl https://forum.netgate.com/assets/uploads/files/1537813753467-if_re.zip -o if_re.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  137k  100  137k    0     0   371k      0 --:--:-- --:--:-- --:--:--  371k

Next, I unzipped the archive in my /boot/kernel directory.

[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: unzip if_re.zip
Archive:  if_re.zip
extracting: if_re.ko

I also updated the permissions of the file, so that the OS would properly load the driver.

[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: chown root:wheel if_re.ko
[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: chmod 0555 if_re.ko

Finally, I updated the boot loader.conf file, and set if_re_load to "YES".

[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: cat /boot/loader.conf
kern.vty=sc
if_re_load="YES"
autoboot_delay="3"
hw.usb.no_pf="1"
net.pf.request_maxcount="2000000"

With the driver installed, it was time to reboot my router.

[2.4.5-RELEASE][admin@pfSense.sanctuary]/boot/kernel: exit
exit
pfSense - Serial: GXXXX301XXXXX - Netgate Device ID: 22be57e0e3d3d3afe1d6

*** Welcome to pfSense 2.4.5-RELEASE (amd64) on pfSense ***

WAN (wan)       -> re0        -> v4/DHCP4: 70.229.194.201/22
LAN (lan)       -> re1        -> v4: 192.168.5.1/24
IOT (opt1)      -> re1.10     -> v4: 192.168.10.1/24
GUEST (opt2)    -> re1.20     -> v4: 192.168.20.1/24

0) Logout (SSH only)                  9) pfTop
1) Assign Interfaces                 10) Filter Logs
2) Set interface(s) IP address       11) Restart webConfigurator
3) Reset webConfigurator password    12) PHP shell + pfSense tools
4) Reset to factory defaults         13) Update from console
5) Reboot system                     14) Disable Secure Shell (sshd)
6) Halt system                       15) Restore recent configuration
7) Ping host                         16) Restart PHP-FPM
8) Shell

Enter an option: 5


pfSense will reboot. This may take a few minutes, depending on your hardware.
Do you want to proceed?

    Y/y: Reboot normally
    R/r: Reroot (Stop processes, remount disks, re-run startup sequence)
    S: Reboot into Single User Mode (requires console access!)
    F: Reboot and run a filesystem check

Enter an option: y

pfSense is rebooting now.

Verifying the Fix

As you can see in my previous post, I was able to resolve this issue.

First, I verified that the OS was properly loading the kernel driver.

[2.4.5-RELEASE][admin@pfSense.sanctuary]/root: kldstat
Id Refs Address            Size     Name
1    9 0xffffffff80200000 2e9f160  kernel
2    1 0xffffffff830a0000 7d2c0    if_re.ko
3    1 0xffffffff83211000 10c0     cpuctl.ko
4    1 0xffffffff83213000 32d8     cryptodev.ko

As it was, I reran the speedtest-cli application, and got a much more reasonable upload speed!

[2.4.5-RELEASE][admin@pfSense.sanctuary]/root: speedtest-cli
Retrieving speedtest.net configuration...
Testing from AT&T ...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by AT&T [7.88 km]: 12.618 ms
Testing download speed................................................................................
Download: 534.40 Mbit/s
Testing upload speed......................................................................................................
Upload: 376.16 Mbit/s

Other than that, I was no longer seeing the timeout issue, so I finally solved this problem.

re0 Watchdog Timeout Error - Conclusion

This wasn't an issue that I had noticed (or even seen) until I had upgraded my internet.

That said, this will be something that you need to do if you are running with speeds of over 300 mbps.

In the end, I'm glad I fixed this, but I might have another router upgrade in the works soon!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

As an Amazon Associate I earn from qualifying purchases.

Common passed on this blog, I made it to a jam.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.