Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense cant be accessed, internet gone, must reboot

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 4 Posters 429 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gems @stephenw10
      last edited by

      @stephenw10 It does not respond to ping nor ssh. When I connect a screen and keyboard/mouse, I do not see anything. It also does not respond to the web gui attempting to connect from my laptop, but I suspect that is more due to the lost dns services when it hangs. I have not thought of another way to attempt to connect or validate.

      G stephenw10S 2 Replies Last reply Reply Quote 0
      • G
        gems @bmeeks
        last edited by

        @bmeeks Thanks, I suspected this, but I have not found any of the commands within the freebsd to show any errors, nor do I see any errors in syslog after the reboot.

        1 Reply Last reply Reply Quote 0
        • G
          gems @gems
          last edited by

          @gems I caught some logs between dropping internet and losing web gui access.

          Here are some of the initial lines when the internet dropped....

          Apr 15 22:34:31 check_reload_status 441 Linkup starting igc0
          Apr 15 22:34:31 kernel igc0: link state changed to DOWN
          Apr 15 22:34:32 php-fpm 97244 /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp, 6: dhcp6)
          Apr 15 22:34:32 php-fpm 97244 /rc.linkup: DEVD Ethernet detached event for wan
          Apr 15 22:34:35 check_reload_status 441 Reloading filter
          Apr 15 22:34:35 rc.gateway_alarm 9149 >>> Gateway alarm: WAN_DHCP (Addr:23.252.245.1 Alarm:down RTT:0ms RTTsd:0ms Loss:100%)
          Apr 15 22:34:35 check_reload_status 441 updating dyndns WAN_DHCP
          Apr 15 22:34:35 check_reload_status 441 Restarting IPsec tunnels
          Apr 15 22:34:35 check_reload_status 441 Restarting OpenVPN tunnels/interfaces
          Apr 15 22:34:35 check_reload_status 441 Reloading filter
          Apr 15 22:34:37 check_reload_status 441 Linkup starting igc0
          Apr 15 22:34:37 kernel igc0: link state changed to UP
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp, 6: dhcp6)
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: DEVD Ethernet attached event for wan
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: HOTPLUG: Configuring interface wan
          Apr 15 22:34:39 check_reload_status 441 rc.newwanip starting igc0
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: calling interface_dhcpv6_configure.
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: Accept router advertisements on interface igc0
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: Starting DHCP6 client for interfaces igc0 in DHCP6 without RA mode
          Apr 15 22:34:39 php-fpm 24 /rc.linkup: Starting rtsold process on wan(igc0)

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @gems
            last edited by

            @gems
            Is igc0 your WAN ?
            If so, it start by going up at 15 22:34:31 - and go down again moments (ms) later.

            Have a "talk" with the device that's connected to your pfSese, and figure out why it flaps the WAN line like that : why it pulls down its LAN interface that is connected to the pfSense WAN interface ?

            That said, it could also be pfSense that 'restes' the line.
            This happens when the WAN quality monitoring detectes that the WAN line is bad.
            This is done by a process called "dpinger" that pings the/a WAN upstream gateway, and mesres the delay.
            You can see that delay here :

            06093408-c91e-46ec-855f-b0aefacb673c-image.png

            where it shows my IPv4 and IPv6 connectivity "quality".

            If the ping requests don't come back anymore == bad connection ? then dpinger can 'reset' (that's called the "action") the WAN interface. This provokes a WAN down event followed by a WAN UP event, and this will recreate (rebuild) the WAN connection.
            As per your instructions : System >Routing > Gateways > Edit :

            0c6d943a-9b6e-42d6-a6a8-53349a9b5c0d-image.png

            If dpinger starts to detect that ping requests stop to come back, then this even is also logged :

            ef20556f-951e-49cd-8c85-75933ca2f43f-image.png

            ( this shows the start of a dpinger process for the the IPv4 WAN part )

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator @gems
              last edited by

              @gems said in pfsense cant be accessed, internet gone, must reboot:

              When I connect a screen and keyboard/mouse, I do not see anything.

              Do you see something when it's running normally? Or when you reboot? You might be using the wrong console if it's serial console only.

              Seeing no output at the console (assuming it works normally) and no crash report after rebooting starts to look like a hardware issue.

              If the console is working normally you might catch something on it just before it hangs. If it's a failing disk for example it can show there and be unable to log anything.

              G 1 Reply Last reply Reply Quote 0
              • G
                gems @stephenw10
                last edited by

                @stephenw10 Mine has 2 hdmi ports, I have tried both.
                I have also contacted the internet provider and they believe that there may be an issue with the card that converts the fiber to ethernet and are scheduled to replace later today..

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @gems
                  last edited by

                  @gems

                  protectli vault fw4c ... also has a serial port, which could also be used.
                  Btw : afaik, its the serial prt, or the hdmi port, not both of them.

                  But it does not have any 'fiber' plug as far as I can see ... so how do you hook up this box ?
                  I get it, with an RJ45 going to the ISP equipment. So : why wait, that wire : instead of hooking up the Protocli as the WAN line, hook up your PC or whatever has a RJ45, and test the connection. You'll know right away if its a ISP issue, or something else.

                  Although I never saw a Protocli in my live, something tells me that thousands are using that device with pfSense.
                  You mission is : make the console work - serial = this port:
                  bdbd1c2c-180a-4c49-84e8-2d78189e9e2d-image.png

                  or, more obvious, any of these two :

                  9b525306-59af-4dfa-b9f6-d92a004735fd-image.png

                  ( and then you need an usb keyboard )

                  Both type of ports, the serial, or the HDMI, if configured correctly = check this with the protocli doc, will show text as soon as the BIOS boots.
                  No need to install Linux, Windows, or even pfSense on it.

                  You've said that it worked for some time : so you know how to access the console, as in the beginning, when there was no OS on the internal drive, none of the 4 the Ethernetport could work. You need the console access to do some initial setup to make pfSense - or any other OS - work.
                  If that console doesn't work work anymore, then the issue isn't the installed OS, as that one will start up later on, when the BIOS loaded and starts the OS (pfSense in this case - but it could be any access).

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • G
                    gems
                    last edited by

                    my bad, I was not clear.
                    My internet provider runs fiber to the outside of the house. The provider also own the card that converts the fiber to ethernet. The cable from that card plugs into an ethernet port labelled WAN on the vault. So it is possible that this is a hardwatre issue, but with the equipment from the internet provider and not the vault.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      You should see something on at least one of the HDMI ports even if it's just the POST output at boot.

                      Most pfSense installs boot dual console but only one can be primary.

                      But, yes, check the serial console. It's generally more useful than video anyway because you can log the output or connect to it via some other local host. So worth while getting that setup even if it not necessary to solve this.

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        gems @stephenw10
                        last edited by

                        @stephenw10 Quick update, my isp provider came out yesterday about lunch time an replaced the card that converts the fiber to ethernet and replaced the rj45 socket. We tested with no errors and i have not seen a hang on the vault yet and it is now almost 30 hours running.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.