Update from console: incomplete => unresponsive unit

rcfa

Here the relevant parts from my terminal session:

Enter an option: 13

>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Unlocking package pfSense-kernel-pfSense... done.
The following 8 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
	pfSense-rc: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense-pkg-squidGuard: 1.14_2 -> 1.14_3 [pfSense]
	pfSense-pkg-pfBlockerNG: 2.0.12 -> 2.0.14 [pfSense]
	pfSense-kernel-pfSense: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense-default-config: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense-base: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense: 2.3.1.a.20160504.1125 -> 2.3.1.a.20160509.1541 [pfSense]
	filterlog: 0.1_1 -> 0.1_2 [pfSense]

40 MiB to be downloaded.

**** WARNING ****
Reboot will be required!!
Proceed with upgrade? (y/N) y
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (8 candidates): ........ done
Processing candidates (8 candidates): ........ done
The following 8 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
	pfSense-rc: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense-pkg-squidGuard: 1.14_2 -> 1.14_3 [pfSense]
	pfSense-pkg-pfBlockerNG: 2.0.12 -> 2.0.14 [pfSense]
	pfSense-kernel-pfSense: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense-default-config: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense-base: 2.3.1.a.20160504.1942 -> 2.3.1.a.20160509.2203 [pfSense-core]
	pfSense: 2.3.1.a.20160504.1125 -> 2.3.1.a.20160509.1541 [pfSense]
	filterlog: 0.1_1 -> 0.1_2 [pfSense]

40 MiB to be downloaded.
Fetching pfSense-kernel-pfSense-2.3.1.a.20160509.2203.txz: . done
pkg: https://beta.pfsense.org/packages/pfSense_v2_3_amd64-core/All/pfSense-kernel-pfSense-2.3.1.a.20160509.2203.txz: Operation timed out
>>> Locking package pfSense-kernel-pfSense... done.
*** Welcome to pfSense 2.3.1-DEVELOPMENT (amd64 full-install) on ww.xx.yy.zz ***

 WAN4 (wan)      -> lagg0      -> v4/DHCP4: 
 LAN (lan)       -> lagg1      -> v4: 
                                  v6: 
 DMZ (opt1)      -> lagg2      -> v4: 
                                  v6: 
 WAN6 (opt2)     -> gif0       -> v6: 

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) pfSense Developer Shell
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 0

Connection to ww.xx.yy.zz closed.
augustin:~ rcfa$ ssh root@ww.xx.yy.zz
Warning: Permanently added the RSA host key for IP address 'ww.xx.yy.zz' to the list of known hosts.
Password for root@ww.xx.yy.zz:
*** Welcome to pfSense 2.3.1-DEVELOPMENT (amd64 full-install) on kanga ***

 WAN4 (wan)      -> lagg0      -> v4/DHCP4: 
 LAN (lan)       -> lagg1      -> v4: 
                                  v6: 
 DMZ (opt1)      -> lagg2      -> v4: 
                                  v6: 
 WAN6 (opt2)     -> gif0       -> v6: 

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) pfSense Developer Shell
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 16

>>> Killing php-fpm
>>> Starting php-fpm
*** Welcome to pfSense 2.3.1-DEVELOPMENT (amd64 full-install) on ww.xx.yy.zz ***

 WAN4 (wan)      -> lagg0      -> v4/DHCP4: 
 LAN (lan)       -> lagg1      -> v4: 
                                  v6: 
 DMZ (opt1)      -> lagg2      -> v4: 
                                  v6: 
 WAN6 (opt2)     -> gif0       -> v6: 

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) pfSense Developer Shell
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 
Message from syslogd@ww.xx.yy.zz at May 10 09:59:59 ...
ww.xx.yy.zz php-fpm[44748]: /index.php: Successful login for user 'admin' from: 
packet_write_wait: Connection to : Broken pipe
augustin:~ rcfa$ ssh root@ww.xx.yy.zz
Password for root@ww.xx.yy.zz:
ssh_dispatch_run_fatal: Connection to : Operation timed out
augustin:~ rcfa$ ssh root@ww.xx.yy.zz
Password for root@ww.xx.yy.zz:
*** Welcome to pfSense 2.3.1-DEVELOPMENT (amd64 full-install) on kanga ***

 WAN4 (wan)      -> lagg0      -> v4/DHCP4: 
 LAN (lan)       -> lagg1      -> v4: 
                                  v6: 
 DMZ (opt1)      -> lagg2      -> v4: 
                                  v6: 
 WAN6 (opt2)     -> gif0       -> v6: 

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) pfSense Developer Shell
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: packet_write_wait: Connection to ww.xx.yy.zz: Broken pipe
augustin:~ rcfa$ ssh root@ww.xx.yy.zz
ssh: connect to host ww.xx.yy.zz port 22: Operation timed out
augustin:~ rcfa$ ssh root@ww.xx.yy.zz
ssh: connect to host ww.xx.yy.zz port 22: Operation timed out
augustin:~ rcfa$ ssh root@ww.xx.yy.zz
ssh: connect to host ww.xx.yy.zz port 22: Operation timed out
augustin:~ rcfa$ ping ww.xx.yy.zz
PING ww.xx.yy.zz (123.45.67.89): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
^C
--- ww.xx.yy.zz ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
augustin:~ rcfa$ 

At some point the web interface crapped out with the nginx “bad-gateway” error, hence I chose option 16 to restart the back-end. Eventually the unit simply became unreachable.
I can only hope that a hard reboot (later today when someone is on site), will bring it back to a point where at least I can log into the console.

But THE BIG QUESTION here is this:

Why make available an incomplete update? It downloads everything, and then the last file times out, repeatedly; and it seems to leave the unit in an undefined state. Not very cool…