Pfsense WAN timeout with logs

Long time lurker first time poster. I’m having issues with my pfsense instance and have been chasing my tail for the better part of the week to try and figure out what’s taking place. At what appears to be random times, I receive high WAN gateway alarm and end up dropping the WAN for 3-5 minutes at a time. This happes maybe 2-3 times a day–again at what seems like random times. I’m running this on a Dell R-210 with 16 megs of RAM. Pfsense is running under Proxmox. I’m running both pfBlockerNG and Snort. I’ve tried disabling Snort to determine if that was the case, but there was no change.

Additionally, I have called the ISP and they show no issues with the modem during these times. The modem appears to be online when the WAN Gateway goes down and believe that this is strictly on my end.

Any help or pointers on where to begin would be greatly appreciated.

So, can you hook up straight to you modem and experience dropped packets? That will tell you real quick if it’s a modem/ISP issue or a proxmox/pfsense issue.

Are you suggesting to take pfsense out and plug a computer directly into the modem? If so, that would unfortunately take the home network down which is needed now with everyone teleworking and with it only taking place once every 2-3 times a day, it might go missed unless I was actively on the computer when it started dropping packets.

Is there something obvious that I’m missing?

traceroute to 8.8.8.8 and take a copy of the output.

Disable the connection monitoring (so it doesn’t force it down)

Run a ping from inside to pfSense LAN, WAN GW, ISP dns server and 8.8.8.8 see which if any drop.

If you do start dropping packets then run trace route to the first one that stops working to narrow down exactly which hop is playing up

Typically you start with layer 1 and move your way up. How long have you had this set up like this? Were there any updates or changes made after the issue started happening?

Thanks for the pointers!

I performed a traceroute as suggested. I have about 10 hops prior to reaching its destination. Total time is about 35ms which isn’t bad?

I poked around for awhile, but I wasn’t able to locate where I could disable the connecction monitoring? Is that in the advanced features?

I pinged from all my interfaces and I have zero packet losses.

I only started using pfSense since March where I moved from a GoogleWiFi mesh setup to what I descibed in the beginning of the post. It took awhile to get everything tuned with pfBlockerNG and Snort. Once I had those running, I probably had a good solid 3 weeks before I started getting any issues. I don’t know if has anything to do with it, but the only thing that I tried recently was setting up OpenVPN. I created a few certs and ended up running into issues so I deleted everything and returned it back before starting to dabble with that feature. The only thing I wasn’t ablet o remove was a user cert I created, but I can’t imagine that would have any contribution to the symptoms I’m experiencing?

There was another crash this afternoon around 6. It was a little different and it had over 250 log entries in the 5 minutes. Everything from kernal

So, I’m not exactly sure what’s going on. Reviewing the Proxmox CPU usage, I see a small spike that coincides with the event, but it isn’t prolonged.

System > Routing > edit
6th item down “Gateway Monitoring” untick.

I had a similar issue where for some reason the gateway monitoring thought the interface was down because the connection monitoring was having issues.

That’s probably good news. Did you ping all of the things I suggested? If the interface did go down then I would have thought you would have some loss. If you didn’t get any losses to 8.8.8.8 then the internet connection didn’t go down.

Yes, I pinged everything you had suggsted in your initial post. No issues at all on all seven interfaces that I’m running. I take that as a good thing…

Great, found it! I didn’t dig down that path! I’ve checked that and will let you know if that helps.

Another packet loss once again occurred this morning. I only posted the Gateway logs below.

I’m not familiar on how the packet loss is measured–is this packet loss based on the ping to the DNS being used? I’m using Cloud9 9.9.9.9 and Cloudflares 1.1.1.2 and 1.0.0.2 for my servers and I was curious if using either of these could cause the issues I’m experiencing? Is the dpinger using these to measure packet loss, or what is it reaching out to in order to determine that theres packet loss?

Thanks again for everyone’s input!

Ok, I’m a little bit confused at this point.

If the connection monitor is downing your WAN (only one wan connection?) but you are getting pings from 8.8.8.8 (are you directly connected to 8.8.8.8…)

My understanding of the the connection monitor is that it pings the dns server for the Interface and uses the latency / loss from that to decide if it’s up. That’s why it’s often better to use an IP right on the edge of your ISP as the connection monitor IP. Additionally if you have multiple WAN connections then using a different IP is a good idea.

I had an issue where BT (British Telecom) were rate limiting connections to 8.8.8.8 and that kept making pfSense thing there was a problem. Switching connection monitoring off resolved the issue. I forget what the final fix was (I handed it back down to local support after working out what the problem was) but I think they switched to using BT’s DNS servers for that interface.

Yes, I only have one WAN which is connected directly to my ISP modem. I may try changing my setup to use only a single DNS and to re-enable monitoring to see if there’s any difference with the DNS? I don’t know if having the three DNS options for a single WAN interface is causing any issues.

I’m unable to get to the computer to ping anything when I’m having an event that has taken down the WAN with it being so sporadic in nature. This might be something else to toy around with. Since I’ve stopped monitoring the WAN interface, I don’t think that I’ve experienced any interfaces going down.

I’ll report back on the DNS reduction to a single address while enabling monitoring. Thanks for the ideas!

Update: I just now noticed that there’s the option to monitor, perform no action for the WAN. I checked that option in order to receive logs on any latency issues.

I have been experiencing the same thing and unable to figure it out.

I also have the same issue. I told pfSense to take now actions on these alerts, but my internet connection still freezes a few times a day. I think I read somewhere on this forum that pfSense 2.6.0 can cause very high latency at times. Can anyone confirm this?

To be honest I have ran into this issue before and I am ashamed to admit that it was literally as silly as the physical ethernet cable from the modem to the pfsense router that was causing my issues. And it wasn’t just 1 time it was twice where we had a site at the company I work for had the same issues and at my house. Just random drops for no reason. Even worse it was within the same month I believe. It might be worth swapping the ethernet cable or checking the ethernet cable for electrical interference.