Does pfSense do any kind of resets every hour?
-
@hansolo77 In general no but do you have say pfBlocker updating? There is a cron package you can install to view cron jobs.
-
@SteveITS I don't believe so. If pfBlocker is what I think it is (an addon similar to Pi-Hole), I never set it up. I actually installed a different addon called AdGuard. It raises an interesting point though. I might have to check AdGuard's logs and see if it's doing something.
You mentioned something about check cron jobs... How would I go about doing that?
-
@hansolo77 System > Packages and install the "cron" package. It then shows up under one of the menus...System, I think, but not sure.
If it was pfSense task related I'd think it would need to be maxing out CPU during that time so you could just watch "top" as well.
-
@SteveITS Installed and checked... I do see this:
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
So I think it's running a virus check, but I don't even remember installing a virus client..I'll keep looking.
Looked "virusprot" up and I see what it's used for. Interesting thing is, when I go to diagnostics->tables and look up the virusprot table, it's empty. So I wonder why it's lagging me..
-
@hansolo77 That's the only thing running? Is there a process using CPU at that time? maybe it's just not a cron job.
-
@SteveITS I'm sure there's other things running.. that's just what shows up in CRON. I'm looking through the logs again to see if I missed something but I don't think so. Maybe it's my ISP.. I'll keep digging.
-
That cronjob for the virusprot table is default and normally would never have anything in it anyway. It should use any measurable CPU.
Check the system logs.
Check the Status > Monitoring graphs. Do you see traffic spikes at that time or CPU usage spikes?
-
@stephenw10 I've looked through all the graphs but nothing is being thrown out as obvious to me. I even looked through AdGuard's logs. Maybe it's just my ISP.
-
It could be. Does the WAN monitoring graphs show any change in latency? What is it monitoring? Consider setting that to something external if it's still using the ISP gateway directly.
-
@stephenw10 I actually have it monitoring 1.1.1.1. I never saw anything spike on the WAN or any of the LAN connections either. I suppose it could be my modem too. It's an Arris and not an ISP supplied one. So, of course, it's not going to be accessible from the ISP to run tests, or update the firmware, etc. Kinda lame actually because even though they SAY you get a free modem with the service, if you read the fine print they start charging rent for it after the first year and I've already had it 2 years now.
-
Mmm, seems like it could be a real upstream issue then. What hardware are you running pfSense on?
-
Checking what pfSense does every hours sharp - or some other regular moment, is a good start.
But don't stop there !
Check also : all devices connected to your pfSense LANs ! as these can all do something at that very moment.ISP love to sell you numbers. Like 'a 1 Gbit/sec connection just for you'. If the country where you live has some enforced consumer rights movements, these ISPs add now at the bottom of the contract "... or whatever we have avaible for you".
After all, ISP tend to hookup up entire roads, cities, etc to one main equipment with, guess what, a limited, up front determined throughput. For example : you all share the same 100 Gbits very expensive router/switch.
If more then 100 clients are hookup up to this expense router, then ... you get it : what happens when every all these clients, all their devices, do 'something' at xx sharp ? So you have to check all of them (which you probably can't do) - or disconnect them all while you are testing.
You can even go one level higher, and check all the POP of your ISP ....Inspecting the cron list is one thing.
You still have to use the console or better, the SSH access, and use menu option 8, and type 'top'.
Make sure the list is sorted at 'CPU usage'.Use also this command :
ps auxand look for the process that mention minicron, these are also timed processes.
On my pfSense :
[25.07-RC][root@pfSense.bhf.tld]/root: ps aux | grep 'minicron' root 89370 0.0 0.1 13980 2484 - Is 18Jul25 0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh root 89826 0.0 0.1 13980 2480 - Is 18Jul25 0:00.00 /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php root 90216 0.0 0.1 13980 2500 - I 18Jul25 0:00.17 minicron: helper /usr/local/bin/ipsec_keepalive.php (minicron) root 90313 0.0 0.1 13980 2476 - Is 18Jul25 0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts root 90699 0.0 0.1 13980 2500 - I 18Jul25 0:00.01 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts (minicron) root 90868 0.0 0.1 13980 2504 - I 18Jul25 0:00.20 minicron: helper /usr/local/bin/ping_hosts.sh (minicron) root 91166 0.0 0.1 13980 2480 - Is 18Jul25 0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data root 91830 0.0 0.1 13980 2504 - I 18Jul25 0:00.00 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data (minicron) root 84792 0.0 0.1 14076 2688 0 S+ 08:49 0:00.00 grep minicronThe "/etc/rc.expireaccounts" is an hourly process, and afaik it doesn't communicate, and takes a split second to execute.
Normally, with a vanilla pfSense (no addons, no pfSense packages) there is no 'download every hours xx Mbytes' process.
pfSense will update some small files ones a month, will check up with the Netgate update servers to see if there are pfSense or package updates avaible, but this will not create big loads of traffic, and last probably for a second or two.
