Pfsense box stopped working

New to pfsense. Been running it 2 weeks on a pretty good i7 16GB 500SSD etc. Today it stopped providing internet to all devices. I pingged the LAN IP and it did reply. The interface would not load in my browser, ‘bad gateway’. The console didnt show any errors. I could see the ‘menu’ on the console. I ended up restarting the box from the menu option. After reboot all was good. I checked the Status>System Logs>System>General.
What am I looking for to find the reason and prevent this happening in the future?
How do I go back in the log entries to yesterday?

New more info

What device are you running PFsense

What version of PFsense

What network cards - intel or another manufacture

Do you see if unbound server was running ?

welcome to the world of pfsense!

it’ll frustrate you until you ‘get it’, then you’ll be fully addicted… mine’s been running for a couple of years now, never had a problem that was caused by pfsense (the only problems i’ve ever had were hardware dying, and comcast internet… again, pfsense never gave me a an issue).

scour the documentation, as netgates documentation is absolutely THE BEST. you’ll learn more from their config recipes than anything else.

i can’t imagine hyperthreading causing stability issues, however for use in a firewall, it does cause efficiency issues, so if you haven’t gone into the bios and disabled hyper threading, do it. As for me, with hyperthreading i was only getting 80mb down from my 100/10 comcast connection. however after disabling it, my throughput jumped to 120/12… yes, you read that right…

again, i can’t imagine hyperthreading causing stability problems, but it’s just a tip to improve throughput if you were previously unaware…

Oh that’s interesting, I’m curious do you have a meaty processor and then you saw the jump in speed ? I would have guessed if you have a lot of available cycles switching off hyper-threading wouldn’t make much difference.

I might give this a go on my celeron router, though it never maxes out I’m just curious why it would make a difference.

If you haven’t made any major configuration changes on your pfSense, it seems likely (especially if you’re running on pfSense CE 2.6.0 or earlier) that the unbound service may have crashed as @Paul was referring to. It doesn’t often leave very useful logs that I’ve seen when that service crashes, so you might not find much. If you run into that issue again, check Status > System Services and see if unbound is running.

The unbound crash is a common bug that has finally been resolved in pfSense+ 23.01, but for anyone using Community Edition it is recommended for the time being to install the Service Watchdog package and have it monitor the unbound service.

Im running 2.6.0-RELEASE (amd64)
Its a Dell 990 Intel(R) Core™ i7-4770 CPU @ 3.40GHz, 16GB ram, 250SSD
Is there a way to see the NIC vendor from pfsense dashboard?
I will check Unbound is running and install watchdog. Thanks @Paul and @LTS_Eric

It’s somewhat annoying to determine the exact identity of the network cards in the web interface. If you go to Status->Interfaces, you’ll see each interface, followed by an internal naming for the interface that provides info on the driver used along with a number:
for instance, if you use an intel gigabit network card (you really should), you’ll see igb0, igb1, etc., or perhaps em0, em1, … for some of the intel i2xx cards. I believe that realtek network cards might use rtl0, etc.
In the end, if you really want to power-debug things, you’ll have to get familiar with the command line. That’s enables you to better examine older log entries and a lot more.

But you can do some limited command line work in the web interface. Once you determine the driver used, you can get more info.
Go to ‘Diagnostics → Command prompt’ and run the following:
dmesg | grep DRIVERNAME
where DRIVERNAME is the driver you determined above. In my case, it’s igb or em (for simplicity, only do one at a time).

You might see a lot of info, but toward the top, you should see info about the detection of the network card.
For instance, I see the following:

igb0: <Intel(R) I340 82580 (Copper)>

and for ‘em’:

em0: <Intel(R) I217-LM LPT> 

I agree that you may have run into the unbound problem. It’s rather annoying at times. If the ping worked, you could have tried to connect to the web interface using the numeric IP rather than the alphanumeric name. You can use nslookup from a client to test if the local nameserver is happy.

If you’re debugging a lost internet and you still can ping the router, I’d recommend trying to ping an internet numeric IP address (google’s 8.8.8.8 is a good choice). By testing numeric IP’s you bypass any problems with the local nameserver.

dmesg | grep command worked great, thanks. I was able to determine I have 1 Intel I1217, but 2 Realtek 8168’s
Im going to change out the Realteks to Intel
Thanks

sorry for responding so late.

nope, no ‘meaty’ cpu… it was an i7-2600. that has since died and i moved it over to box that runs an i5-7500… absolute overkill for pfsense even now after upping my connection to 500/10. but it’s 4c4t, so… i had it laying around and decided to use it.

just the other day i set up another pfsense box out of a very old pc to show my boss what it could do so he didn’t waste his $$ on something from microcenter for his home…
it’s running a generic intel motherboard (yup… from back in the day when intel made their own motherboards), and a 2 core i3 540 (yeah, very very old). 8gigs of whatever ram i found at the moment and an old intel p1000 (1000p?.. i dunno, something like that…) dual port nic…

without suricata and pfblockerng-dev running (on our 1gig network) it passed traffic at about wire speed… activating pfblocker and suricata (running inline-mode) dropped the speed down to 750mb/s and the cpu went into the red… but it did it! yeah, freebsd is incredibly efficient…

the point is, unless you’re running gig fiber with a bunch of data-hungry users, pretty much any cpu that was produced within the past 5-7 years will pass the traffic at wire speed even with a few of the heavier services pfsense can take advantage of. just be sure to disable hyperthreading.

Thanks for confirming, now just need to free up some time to test this.

I have the same issue with PFSense runnig on AWS as a EC2.

Anyone some experience.

After about 5hrs it has to be rebooted. The interface responds but VPN traffic stops going through, all tunnels drop.

Any pointers will be appreciated.

look in Status > System Logs > openVPN