Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with pfsense taking a nose dive until reboot

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RigidConduit
      last edited by RigidConduit

      So I have setup a few of these pfsense routers with no issue.
      I set one up at my house some time ago to vpn into my office and use snort to scan packets going in and out.

      I have never fixed this problem but its annoying me enough to at least finally ask.
      I assume this is a hardware issue somehow, because I have never encountered it and do not have this issue on any other pfsense system I setup. I could be wrong though.

      TLDR:
      It seems this is problem is about total bandwidth going through the pfsense router, and not individual devices.

      If I download more than 100mbps or so at a sustained speed for more than 5 minutes or so, my pfsense takes a nose dive and becomes nearly unresponsive until restart, in which this whole situation is resolved. This situation will not resolve itself over time, if i wait an hour it will still be broken until I reboot.

      What I know is that the 100mbps or less territory allows sustained speeds with no issues.
      Anything above that for more than a hand full of minutes results in a nose dive, the only solution is to hit the power button on the pfsense computer, wait for it to go down and then boot it back up.

      Currently:
      I get maximum speed of my isp from my pfsense router, my ISP provides 200mbps and that is what I receive on speed tests.
      The issue:
      I download a large file, say 50 GB.
      The router will handle this at max speed for a while, say 10~30 GB of the download at full on 200mbps.

      after some time of this extended speed, the router takes a nose dive.
      Speeds reduce dramatically to almost 0 if not 0.
      The entire network in my house is in disarray, Chromecast even die out, it seems routing fails. Wifi ethernet, all of it is basically dead or running very slow. Generally wifi devices are basically not running at all, and ethernet devices might somewhat run they probably will not go on a website, but might be able to load the configuration menu for pfsense, but very slow, switching between pages is painful if it works at all.
      The network stays this way until I reboot pfsense in which case everything is now back to normal as if nothing happened at all.

      My temporary solution:
      I have limited all my download speeds on things like steam to less then 10MBps or roughly 100mbps , I can download at this speed indefinitely as long as nothing else is doing something similar, this means if I have two computers downloading at 100mbps, I can expect this nose dive to take place.

      It seems this is about total bandwidth going through the pfsense router, and not individual devices.
      It doesn't matter if I am going through WIFI (Ubiquiti Unifi AP's) or ethernet, this will happen either way if my sustained total bandwidth goes too high.
      I am not totally sure about the ceiling of this bandwidth, if its 100mbps sustained, or 120mbps etc.
      What I know is that the 100mbps or less territory allows sustained speeds with no issues.
      And if the nose dive takes place, the only solution is to hit the power button on the pfsense computer, wait for it to go down and then boot it back up. This situation will not resolve itself over time, if I wait an hour it will still be broken until I reboot.

      Any thoughts?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @RigidConduit
        last edited by

        @rigidconduit said in Issue with pfsense taking a nose dive until reboot:

        Any thoughts?

        Yeah.

        A simple question first : what do you think what snort 'sees' ?
        If your traffic is like the average 'Internet' traffic, then you have no
        plain emails
        http
        etc.
        Its all TLS these days.
        snort can't do nothing with TLS, as it is just seen as 'pure random bianry'. All it knows, is source address and port, and destination address and port.

        edit : maybe some DNS packets with rather harmful info can be 'analysed' by snort ^^

        Next : do this test : http://www.dslreports.com/speedtest

        Depending on the type of connection used, a big download can block upload 'control' packets.

        Just to motivate you : never saw what you described.

        Also, go console, option 8 (and pkg install htop)
        Use top or htop during the download.
        What process is taking the most resources ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        R 1 Reply Last reply Reply Quote 0
        • R
          RigidConduit @Gertjan
          last edited by RigidConduit

          Snort probably doesn't do a whole lot, I really do not see much activity other than dshield blocks and the occasional sipvicous scan etc (not that I am running a phone server), at the office it could be a bit more useful. Here at the house its enabled because buttons existed :D lol probably not the best answer but I did it for the sake of adding it (which is not always best practice).

          My main purpose is to link my house to the office to make things easy for me at home when it comes to working.
          Anyhow I dont think overall it has an effect on the current issue tbh??(could be wrong)
          But I dont remember if I have ever tried crashing the pfsense router with it off, if so that would of been the first few months I was using it to try and troubleshoot what the cause is.

          But that aside
          I can tell you that with the system at full chat (200mbps) and snort on I see maybe 10% cpu usage and 13% ram usage (8GB) and the cpu temps never go over 50c.

          Here is the report output
          http://www.dslreports.com/speedtest/67867354

          I will give htop a whirl next post

          S GertjanG 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @RigidConduit
            last edited by

            What network cards are in it?
            You can pretty quickly stop Snort and see if that has any effect but I would expect not.

            @rigidconduit said in Issue with pfsense taking a nose dive until reboot:

            dshield blocks

            FYI pfBlockerNG's ISC_Block list is DShield, or the ET_Block list includes DShield, if you want to disable those rules in Snort and put them into a firewall rule.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            R 2 Replies Last reply Reply Quote 1
            • R
              RigidConduit @SteveITS
              last edited by RigidConduit

              Snort Tops the leader board followed shortly by kernel when running htop
              With snort disabled its just kernel followed by php-fpm

              I am trying to crash it now with snort off to see what happens, I am also going to try and disable a few other services that might not be crucial to see the effect.

              1 Reply Last reply Reply Quote 0
              • R
                RigidConduit @SteveITS
                last edited by RigidConduit

                @steveits said in Issue with pfsense taking a nose dive until reboot:

                What network cards are in it?
                I am not sure if there is a way to identify the cards through pfsense, I have never tried. I am sort of guessing at the integrated..

                There are 3 network cards in it, the integrated, and 2 third party cards
                The two third party cards are these
                Rosewill RNG-407-Dualv2
                https://www.newegg.com/rosewill-rng-407-dualv2/p/N82E16833166096
                The integrated is:
                Realtek RTL8111GN - I believe if i pulled the right spec sheet I will need to confirm this though.

                The third party nics are not totally in use, only one is used and with a single port to run the lan and wifi.
                I had a much more complicated setup to dedicate a network to my wife's work computer but have since torn this down for the sake of simplicity.

                The integrated nic has the wan attached to it.

                The computer is either an m90p m92p or e73 thinkcentre, my money is on it being an m92p.

                I should add, this has been the issue since day one of using this computer as a pfsense router. It has been like 2 years of this :(

                S 1 Reply Last reply Reply Quote 0
                • S
                  SteveITS Galactic Empire @RigidConduit
                  last edited by

                  The Interfaces/Assignments page will show the interface names, which is based off the driver being used (re0 etc.). I have seen many people complain in this forum about Realtek drivers in FreeBSD, though in the one non-Netgate hardware device I've managed it's not been a problem. Since the WAN interface is using Realtek then you could try moving WAN to the unused interface and see if the problem continues.

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote ๐Ÿ‘ helpful posts!

                  R 1 Reply Last reply Reply Quote 0
                  • R
                    RigidConduit @SteveITS
                    last edited by RigidConduit

                    @steveits
                    4598c33d-9360-4214-a942-7f566a85b261-image.png
                    If that is the case, what is em ? o.0

                    I must be wrong about the spec sheet I pulled then which I guess is a little expected, I use 3 different computers at work and they all look almost completely identical, but hardware is different, I must of got the model wrong. This particular machine is just a spare machine off the floor that I grabbed.

                    It looks like the 4 nics provided by the third party cards are realtek then.

                    I am not sure the effects of these having issues but IF its only the card having trouble and nothing else, it will explain why I lose the lan as well then.
                    In which case if I swap the two cables I (in thoery?) lose the internet but not the lan.

                    In the case of the picture, the 'WIFI' interface is the LAN just relabeled

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      SteveITS Galactic Empire @RigidConduit
                      last edited by

                      @rigidconduit said in Issue with pfsense taking a nose dive until reboot:

                      what is em

                      Intel so that's very likely not the problem.

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote ๐Ÿ‘ helpful posts!

                      R 1 Reply Last reply Reply Quote 0
                      • R
                        RigidConduit @SteveITS
                        last edited by

                        @steveits
                        Going to attempt replacing the nic when i have some time, I will update here with results.

                        I am concluding its most likely an issue with the nic. as far as I have seen it seems to match up with symptoms.

                        I will leave this post open till I do so and post the results for future reference of anyone that may have this same problem.

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @RigidConduit
                          last edited by Gertjan

                          @rigidconduit said in Issue with pfsense taking a nose dive until reboot:

                          http://www.dslreports.com/speedtest/67867354

                          To get full A's, see this forum biggest thread here Home pfSenseยฎ Software Traffic Shaping

                          Stay away from 're' NIC drivers ๐Ÿ˜Š

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.