Running pfsense 2.7.0-release (amd64) and it randomly fails losing connectiion to ISP

Wylbur

It was in another part of the web pages. And it involved a long string of text including some hex as I recall. Since I don't know a lot about the internals of PFsense (I do not know c or Intel assembly language), I wasn't sure what to make of it. It had initially seemed to me to have been a glitch with the ISP, but after talking to them, they had nothing for our area. So it was too late to capture that. I will the next time.

stephenw10

Hmm, not sure what that could have been. Grab a screenshot of it if you see it again.
pfSense is mostly built in php.

Wylbur

Found the error in Crash Reporter.:

Crash report begins. Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n255866-686c8d3c1f0: Wed Jun 28 04:21:19 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/obj/amd64/LwYAddCr/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/sources/FreeBSD-src-REL

Crash report details:

No PHP errors found.

No FreeBSD crash data found.

Looks useless from where I sit. The hex string I saw looks like it might be part of a path name(?).

stephenw10

Hmm, yeah that's....not especially helpful!

You would only expect to see a full crash-report if it actually panicked and rebooted. If that was the case it should be linked but would also be in /var/crash

Wylbur

I have had the system fail again, same outward symptoms -- DNS fails, streaming suddenly stops, etc. I went through everything I could think of and couldn't find anything that matched the time frame. Could not find Crash Report for this (so it didn't crash?), but do have some logging. Notice that this log I captured starts SEP 13 running into the point that the system failed. I captured this log, if I remember correctly, just before I told the system to reboot.

I have been reading the doc for PFSense and honestly, it doesn't make sense. Having done doc writing, the index needs some work. And in diagnostics, it needs to tell one where this crash report will be (should it exist). But this is from a noobie who has done software development and L2 support. So Doc from my perspective needs to be written more to the Interns that something is handed to, if you get my drift.

Sep 13 05:19:08 dpinger 18642 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 13 05:19:11 dpinger 18642 exiting on signal 15
Sep 13 05:19:11 dpinger 49410 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 13 10:03:13 dpinger 17995 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 13 10:03:16 dpinger 17995 exiting on signal 15
Sep 13 10:03:16 dpinger 48168 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 13 10:26:00 dpinger 16049 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 13 10:26:04 dpinger 16049 exiting on signal 15
Sep 13 10:26:04 dpinger 36606 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 14 23:25:52 dpinger 36606 WAN_DHCP 100.66.96.1: Alarm latency 2147us stddev 937us loss 22%
Sep 14 23:37:00 dpinger 36606 exiting on signal 15
Sep 14 23:37:00 dpinger 14712 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 14 23:37:02 dpinger 14712 WAN_DHCP 100.66.96.1: Alarm latency 0us stddev 0us loss 100%
Sep 14 23:37:15 dpinger 14712 exiting on signal 15
Sep 14 23:37:25 dpinger 82961 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 100.66.96.1 bind_addr 100.66.97.204 identifier "WAN_DHCP "
Sep 14 23:37:27 dpinger 82961 WAN_DHCP 100.66.96.1: Alarm latency 0us stddev 0us loss 100%

Wylbur

I forgot, it was saying the WAN was not responding, but the ONT (fiber optic "modem") showed it was up and ready. It did not require recycling to get the connections to be re-established.

stephenw10

Hmm, so dpinger is being restarted. Is that the main system log or the gateways log? I would expect more in the system log that might show why dpinger is restarting.

However it also shows complete packet loss after some time. Do you have to reboot pfSense to recover from that?

Are those 100.x.x.x addresses real? That looks like you're behind CGN. We have seen CGN gateways object to the monitoring pings pfSense sends. Try setting an external montoring IP on the WAN gateway like 8.8.8.8 or 1.1.1.1.

Steve

Wylbur

As far as I remember, that was system log not WAN.

The 100...* are from ISP (MetroNet Fiber Inc, aka Metronet). I've been seeing those addresses for as long as I can remember. And with other gateway software I had with a different network device I built, heart beats would fail and I'd end up failing over to a second ISP (Spectrum) and that was using 8.8.8.8. I used various heartbeat type things such as DNS (for resolving google.com) and that would sometimes fail.

Meanwhile, I have been was looking, and I didn't see where I can override to 8.8.8.8 on the WAN.

Lastly, what is CGN? I just know enough to be dangerous.

Wylbur (aka Steve.T -- Too many Steves in this world for the next 30 years).

stephenw10

You can set a different monitoring IP in System > Routing > Gateways edit the WAN gateway.

CGN is Carrier Grade NAT. That IP address is in the CGN allocated range:
https://en.wikipedia.org/wiki/Carrier-grade_NAT#Shared_address_space

It's not a problem in general but it's not a routable IP so you would have issues with incoming connections if you wanted to setup a VPN server for example.

Wylbur

Crashed again, but it took me a bit to realize it as I was reading a manual trying to determine something for a product I'm devoloping.... Here is the Log (I caused a reboot):

Sep 22 04:42:00 sshguard 44847 Exiting on signal.
Sep 22 04:42:00 sshguard 61909 Now monitoring attacks.
Sep 22 13:51:27 php-fpm 381 /index.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)
Sep 22 13:56:35 kernel re2: link state changed to DOWN
Sep 22 13:56:35 check_reload_status 443 Linkup starting re2
Sep 22 13:56:36 check_reload_status 443 Reloading filter
Sep 22 14:07:00 php-fpm 382 /index.php: User logged out for user 'admin' from: 192.168.1.21 (Local Database)
Sep 22 14:07:02 php-fpm 382 /index.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)
Sep 22 14:11:00 sshguard 61909 Exiting on signal.
Sep 22 14:11:00 sshguard 68208 Now monitoring attacks.
Sep 22 14:49:00 sshguard 68208 Exiting on signal.
Sep 22 14:49:00 sshguard 95186 Now monitoring attacks.
Sep 22 15:27:00 sshguard 95186 Exiting on signal.
Sep 22 15:27:00 sshguard 93698 Now monitoring attacks.
Sep 22 16:05:00 sshguard 93698 Exiting on signal.
Sep 22 16:05:00 sshguard 49375 Now monitoring attacks.
Sep 22 16:25:22 rc.gateway_alarm 66367 >>> Gateway alarm: WAN_DHCP (Addr:100.66.96.1 Alarm:1 RTT:2.017ms RTTsd:.906ms Loss:22%)
Sep 22 16:25:22 check_reload_status 443 updating dyndns WAN_DHCP
Sep 22 16:25:22 check_reload_status 443 Restarting IPsec tunnels
Sep 22 16:25:22 check_reload_status 443 Restarting OpenVPN tunnels/interfaces
Sep 22 16:25:22 check_reload_status 443 Reloading filter
Sep 22 16:25:23 php-fpm 381 /rc.openvpn: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP'
Sep 22 16:25:23 php-fpm 381 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Sep 22 16:43:00 sshguard 49375 Exiting on signal.
Sep 22 16:43:00 sshguard 43160 Now monitoring attacks.
Sep 22 17:01:00 sshguard 43160 Exiting on signal.
Sep 22 17:01:00 sshguard 10057 Now monitoring attacks.
Sep 22 17:02:52 php-fpm 381 /status_interfaces.php: Resyncing OpenVPN instances for interface WAN.
Sep 22 17:02:52 check_reload_status 443 Reloading filter
Sep 22 17:02:52 php-fpm 381 /status_interfaces.php: Gateway, NONE AVAILABLE
Sep 22 17:02:52 php-fpm 381 /status_interfaces.php: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Sep 22 17:02:52 check_reload_status 443 Starting packages
Sep 22 17:02:53 php-fpm 381 /rc.start_packages: Restarting/Starting all packages.
Sep 22 17:02:53 php-fpm 381 /rc.start_packages: [zeek] Removing cronjobs ...
Sep 22 17:13:53 php-fpm 381 /diag_reboot.php: Stopping all packages.
Sep 22 17:13:55 reroot 85370 rerooted by root
Sep 22 17:13:59 syslogd kernel boot file is /boot/kernel/kernel
Sep 22 17:13:59 kernel pflog0: promiscuous mode disabled
Sep 22 17:13:59 kernel Trying to mount root from zfs:pfSense/ROOT/default []...
Sep 22 17:13:59 kernel CPU: AMD Ryzen 5 5500 (3593.25-MHz K8-class CPU)
Sep 22 17:13:59 kernel Origin="AuthenticAMD" Id=0xa50f00 Family=0x19 Model=0x50 Stepping=0
Sep 22 17:13:59 kernel Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
Sep 22 17:13:59 kernel Features2=0x7ef8320b<SSE3,PCLMULQDQ,MON,SSSE3,FMA,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
Sep 22 17:13:59 kernel AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
Sep 22 17:13:59 kernel AMD Features2=0x75c237ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,TCE,Topology,PCXC,PNXC,DBE,PL2I,MWAITX,ADMSKX>
Sep 22 17:13:59 kernel Structured Extended Features=0x219c97a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,PQE,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA>
Sep 22 17:13:59 kernel Structured Extended Features2=0x40069c<UMIP,PKU,OSPKE,VAES,VPCLMULQDQ,RDPID>
Sep 22 17:13:59 kernel Structured Extended Features3=0x10<FSRM>
Sep 22 17:13:59 kernel XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
Sep 22 17:13:59 kernel AMD Extended Feature Extensions ID EBX=0x191ef657<CLZERO,IRPerf,XSaveErPtr,RDPRU,WBNOINVD,IBPB,IBRS,STIBP,STIBP_ALWAYSON,PREFER_IBRS,SSBD>
Sep 22 17:13:59 kernel SVM: (disabled in BIOS) NP,NRIP,VClean,AFlush,DAssist,NAsids=32768
Sep 22 17:13:59 kernel TSC: P-state invariant, performance statistics
Sep 22 17:13:59 kernel done.
Sep 22 17:13:59 php-cgi 70563 rc.bootup: calling interface_dhcpv6_configure.
Sep 22 17:13:59 php-cgi 70563 rc.bootup: Accept router advertisements on interface re1
Sep 22 17:13:59 php-cgi 70563 rc.bootup: Starting DHCP6 client for interfaces re1 in DHCP6 without RA mode
Sep 22 17:13:59 php-cgi 70563 rc.bootup: Starting rtsold process on wan(re1)
Sep 22 17:13:59 check_reload_status 64002 rc.newwanip starting re1
Sep 22 17:14:00 php-fpm 52220 /rc.newwanip: rc.newwanip: Info: starting on re1.
Sep 22 17:14:00 php-fpm 52220 /rc.newwanip: rc.newwanip: on (IP address: 100.66.97.204) (interface: WAN[wan]) (real interface: re1).
Sep 22 17:14:01 kernel done.
Sep 22 17:14:01 kernel pflog0: promiscuous mode enabled
Sep 22 17:14:01 php-cgi 70563 rc.bootup: Resyncing OpenVPN instances.
Sep 22 17:14:01 kernel ....
Sep 22 17:14:02 kernel .done.
Sep 22 17:14:02 kernel done.
Sep 22 17:14:02 php-cgi 70563 rc.bootup: Gateway, NONE AVAILABLE
Sep 22 17:14:02 php-cgi 70563 rc.bootup: Default gateway setting Interface WAN_DHCP Gateway as default.
Sep 22 17:14:02 php-cgi 70563 rc.bootup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Sep 22 17:14:02 kernel done.
Sep 22 17:14:02 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:03 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:04 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:05 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:06 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:07 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:09 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:10 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:11 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:12 php-cgi 70563 rc.bootup: Unbound start waiting on dhcp6c.
Sep 22 17:14:13 php-cgi 70563 rc.bootup: sync unbound done.
Sep 22 17:14:13 kernel done.
Sep 22 17:14:13 kernel done.
Sep 22 17:14:20 kernel done.
Sep 22 17:14:20 kernel done.
Sep 22 17:14:20 php-cgi 70563 rc.bootup: NTPD is starting up.
Sep 22 17:14:21 kernel done.
Sep 22 17:14:21 check_reload_status 64002 Updating all dyndns
Sep 22 17:14:21 kernel done.
Sep 22 17:14:21 kernel ....
Sep 22 17:14:21 php-cgi 70563 rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).'
Sep 22 17:14:21 kernel .done.
Sep 22 17:14:25 php-cgi 70563 rc.bootup: Creating rrd update script
Sep 22 17:14:26 syslogd exiting on signal 15
Sep 22 17:14:26 syslogd kernel boot file is /boot/kernel/kernel
Sep 22 17:14:26 kernel done.
Sep 22 17:14:26 php-fpm 52303 /rc.start_packages: Restarting/Starting all packages.
Sep 22 17:14:26 php-fpm 52303 /rc.start_packages: [zeek] Removing cronjobs ...
Sep 22 17:14:26 root 5009 Bootup complete
Sep 22 17:14:27 login 25485 login on ttyv0 as root
Sep 22 17:14:27 sshguard 27207 Now monitoring attacks.
Sep 22 17:15:29 php-fpm 52303 /diag_reboot.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)

stephenw10

@Wylbur said in Running pfsense 2.7.0-release (amd64) and it randomly fails losing connectiion to ISP:

Sep 22 16:25:22 rc.gateway_alarm 66367 >>> Gateway alarm: WAN_DHCP (Addr:100.66.96.1 Alarm:1 RTT:2.017ms RTTsd:.906ms Loss:22%)

Looks like you are still monitoring the ISPs gateway IP directly. You should change that to something external. Both to get better monitoring data and because we have seen ISPs that will react to the pings as an attack and block a host device eventually.

Steve

Wylbur

@stephenw10 Thank you. I'll find the manual and figure this out. This way I learn the product better.

stephenw10

Start here: https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html#advanced-gateway-settings

Wylbur

@stephenw10
Read that, and wasn't sure of everything, but then I went to the Gateway and changed it to use 8.8.8.8 for testing.

So I'll let that run for a while. Unless you have other better ideas.

But I have to admit, I've learned something here about ISP behaviors. I can now understand why certain things I was doing for heartbeat testing a year or two ago was having problems.

Wylbur

Wylbur

Had it happen again after changing to go against 8.8.8.8. I've been a bit busy that's why it has taken me a bit to get the log copied. I think I caught the problem....:

Sep 25 18:45:00 sshguard 97559 Exiting on signal.
Sep 25 18:45:00 sshguard 16795 Now monitoring attacks.
Sep 25 19:18:00 sshguard 16795 Exiting on signal.
Sep 25 19:18:00 sshguard 62985 Now monitoring attacks.
Sep 25 20:19:26 php-fpm 52303 /widgets/widgets/snort_alerts.widget.php: Session timed out for user 'admin' from: 192.168.1.21 (Local Database)
Sep 25 20:29:26 php-fpm 52303 /status_services.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)
Sep 26 00:23:00 sshguard 62985 Exiting on signal.
Sep 26 00:23:00 sshguard 98064 Now monitoring attacks.
Sep 26 02:46:22 rc.gateway_alarm 92587 >>> Gateway alarm: WAN_DHCP (Addr:8.8.8.8 Alarm:1 RTT:24.661ms RTTsd:.925ms Loss:22%)
Sep 26 02:46:22 check_reload_status 64002 updating dyndns WAN_DHCP
Sep 26 02:46:22 check_reload_status 64002 Restarting IPsec tunnels
Sep 26 02:46:22 check_reload_status 64002 Restarting OpenVPN tunnels/interfaces
Sep 26 02:46:22 check_reload_status 64002 Reloading filter
Sep 26 02:46:23 php-fpm 65862 /rc.openvpn: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP'
Sep 26 02:46:23 php-fpm 65862 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Sep 26 03:52:30 php-fpm 52220 /status_interfaces.php: Session timed out for user 'admin' from: 192.168.1.21 (Local Database)
Sep 26 03:52:33 php-fpm 52220 /status_interfaces.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)
Sep 26 03:54:14 php-fpm 52220 /diag_reboot.php: Stopping all packages.
Sep 26 03:54:17 reroot 40140 rerooted by root
Sep 26 03:54:21 syslogd kernel boot file is /boot/kernel/kernel
Sep 26 03:54:21 kernel pflog0: promiscuous mode disabled
Sep 26 03:54:21 kernel Trying to mount root from zfs:pfSense/ROOT/default []...
Sep 26 03:54:21 kernel CPU: AMD Ryzen 5 5500 (3593.25-MHz K8-class CPU)
Sep 26 03:54:21 kernel Origin="AuthenticAMD" Id=0xa50f00 Family=0x19 Model=0x50 Stepping=0
Sep 26 03:54:21 kernel Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
Sep 26 03:54:21 kernel Features2=0x7ef8320b<SSE3,PCLMULQDQ,MON,SSSE3,FMA,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
Sep 26 03:54:21 kernel AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
Sep 26 03:54:21 kernel AMD Features2=0x75c237ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,TCE,Topology,PCXC,PNXC,DBE,PL2I,MWAITX,ADMSKX>
Sep 26 03:54:21 kernel Structured Extended Features=0x219c97a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,PQE,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA>
Sep 26 03:54:21 kernel Structured Extended Features2=0x40069c<UMIP,PKU,OSPKE,VAES,VPCLMULQDQ,RDPID>
Sep 26 03:54:21 kernel Structured Extended Features3=0x10<FSRM>
Sep 26 03:54:21 kernel XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
Sep 26 03:54:21 kernel AMD Extended Feature Extensions ID EBX=0x191ef657<CLZERO,IRPerf,XSaveErPtr,RDPRU,WBNOINVD,IBPB,IBRS,STIBP,STIBP_ALWAYSON,PREFER_IBRS,SSBD>
Sep 26 03:54:21 kernel SVM: (disabled in BIOS) NP,NRIP,VClean,AFlush,DAssist,NAsids=32768
Sep 26 03:54:21 kernel TSC: P-state invariant, performance statistics
Sep 26 03:54:21 check_reload_status 14298 rc.newwanip starting re1
Sep 26 03:54:21 php-cgi 19716 rc.bootup: calling interface_dhcpv6_configure.
Sep 26 03:54:21 php-cgi 19716 rc.bootup: Accept router advertisements on interface re1
Sep 26 03:54:21 php-cgi 19716 rc.bootup: Starting DHCP6 client for interfaces re1 in DHCP6 without RA mode
Sep 26 03:54:21 php-cgi 19716 rc.bootup: Starting rtsold process on wan(re1)
Sep 26 03:54:22 php-fpm 4257 /rc.newwanip: rc.newwanip: Info: starting on re1.
Sep 26 03:54:22 php-fpm 4257 /rc.newwanip: rc.newwanip: on (IP address: 100.66.97.204) (interface: WAN[wan]) (real interface: re1).
Sep 26 03:54:22 php-fpm 4257 /rc.newwanip: Removing static route for monitor 8.8.8.8 and adding a new route through 100.66.96.1
Sep 26 03:54:23 kernel done.
Sep 26 03:54:23 kernel pflog0: promiscuous mode enabled
Sep 26 03:54:23 php-cgi 19716 rc.bootup: Resyncing OpenVPN instances.
Sep 26 03:54:23 kernel ....
Sep 26 03:54:24 php-cgi 19716 rc.bootup: Removing static route for monitor 8.8.8.8 and adding a new route through 100.66.96.1
Sep 26 03:54:24 kernel .done.
Sep 26 03:54:24 kernel done.
Sep 26 03:54:24 php-cgi 19716 rc.bootup: Gateway, NONE AVAILABLE
Sep 26 03:54:24 php-cgi 19716 rc.bootup: Default gateway setting Interface WAN_DHCP Gateway as default.
Sep 26 03:54:24 php-cgi 19716 rc.bootup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Sep 26 03:54:24 kernel done.
Sep 26 03:54:25 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:26 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:27 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:28 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:29 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:30 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:31 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:32 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:33 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:34 php-cgi 19716 rc.bootup: Unbound start waiting on dhcp6c.
Sep 26 03:54:35 php-cgi 19716 rc.bootup: sync unbound done.
Sep 26 03:54:35 kernel done.
Sep 26 03:54:36 kernel done.
Sep 26 03:54:42 kernel done.
Sep 26 03:54:42 kernel done.
Sep 26 03:54:42 php-cgi 19716 rc.bootup: NTPD is starting up.
Sep 26 03:54:43 kernel done.
Sep 26 03:54:43 check_reload_status 14298 Updating all dyndns
Sep 26 03:54:43 kernel done.
Sep 26 03:54:43 kernel ....
Sep 26 03:54:44 php-cgi 19716 rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).'
Sep 26 03:54:44 kernel .done.
Sep 26 03:54:48 php-cgi 19716 rc.bootup: Creating rrd update script
Sep 26 03:54:48 syslogd exiting on signal 15
Sep 26 03:54:48 syslogd kernel boot file is /boot/kernel/kernel
Sep 26 03:54:48 kernel done.
Sep 26 03:54:48 php-fpm 4258 /rc.start_packages: Restarting/Starting all packages.
Sep 26 03:54:48 php-fpm 4258 /rc.start_packages: [zeek] Removing cronjobs ...
Sep 26 03:54:48 root 57927 Bootup complete
Sep 26 03:54:50 login 77807 login on ttyv0 as root
Sep 26 03:54:50 sshguard 80105 Now monitoring attacks.
Sep 26 03:55:13 php-fpm 4258 /pkg_mgr_install.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)

stephenw10

Hmm, nothing is shown there really. The gateway monitoring shows packet loss and marked the gateway as down. Then you logged in and rebooted.

The NIC did not lose link. Nothing else is logged. Was anything else shown at the time? Or did modem show any unusual behaviour perhaps?

Wylbur

To answer your question directly - The modem looked like it was functional. It had the normal data light flickering. No alarm or error light lit.

However, DNS and streaming stopped - trying restart of streaming device could not resolve address(es). Ping of 8.8.8.8 failed (done via DOS box from my W11 system).

So I checked to see what errors I could find looking at the logs.

And that is all I had. So I rebooted with re-root (maybe just plain reboot would also work). And we've been up and running ever since.

I will be shutting down the system tomorrow afternoon before we leave for a conference. And I'll bring it all back online when I get back.

stephenw10

Hmm, what NICs do you have in that?

Do you see errors or collisions in Status > Interfaces?

Wylbur

I'm not sure what the Nics are. I have a card with two ports. Don't know who the maker is or what chips they used. Then the MOBO has a port on it.

This is what the status shows:

WAN Interface (wan, re1)

Status
up
DHCP
up

    Relinquish Lease

MAC Address
00:e0:4c:61:b4:94
IPv4 Address
100.66.97.204
Subnet mask IPv4
255.255.240.0
Gateway IPv4
100.66.96.1
IPv6 Link Local
fe80::2e0:4cff:fe61:b494%re1
DNS servers
206.225.75.225
206.225.75.226
MTU
1500
Media
1000baseT <full-duplex>
In/out packets
1034069/552948 (1.13 GiB/49.02 MiB)
In/out packets (pass)
1034069/552948 (1.13 GiB/49.02 MiB)
In/out packets (block)
205/0 (18 KiB/0 B)
In/out errors
0/0
Collisions
0
Interrupts
1400102 (60/s)

LAN Interface (lan, re0)

Status
up
MAC Address
00:e0:4c:61:b4:93
IPv4 Address
192.168.1.1
Subnet mask IPv4
255.255.255.0
IPv6 Link Local
fe80::2e0:4cff:fe61:b493%re0
MTU
1500
Media
1000baseT <full-duplex>
In/out packets
494979/978908 (53.66 MiB/1.13 GiB)
In/out packets (pass)
494979/978908 (53.66 MiB/1.13 GiB)
In/out packets (block)
1342/0 (113 KiB/0 B)
In/out errors
0/0
Collisions
0
Interrupts
1083589 (46/s)

Cool_Corona

Disable IP6 and reboot the FW.