browser gui misery

lyle817

Hi, there. I see that I'm currently on 2.4, so will consider upgrading in hopes it will solve the problem. A little nervous about upgrading since everything else is working perfectly.

I only have two default widgets on the Dashboard:

I have been ignoring a notice on my dashboard that reads:

pfSense has detected a crash report or programming bug. Click here for more information.

I had assumed that this was an old alert and not relevant. Following the link led me to a "PHP error log". The last two lines of that log here:

[01-Jan-2022 16:43:11 Etc/UTC] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 71050266 bytes) in /usr/local/www/csrf/csrf-magic.php on line 161

[01-Jan-2022 16:43:15 Etc/UTC] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 142096808 bytes) in /usr/local/www/csrf/csrf-magic.php on line 159

bPsdTZpW

[01-Jan-2022 16:43:15 Etc/UTC] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 142096808 bytes) in /usr/local/www/csrf/csrf-magic.php on line 159

The CSRF code shouldn't be allocating that much memory. It simply generates and checks a session token that's used to prevent certain attacks on pfSense sessions. What's the content of your /usr/local/www/csrf/csrf-magic.php ?

lyle817

Hmmm....not sure how to access that file. Can I do it from the webgui?

bPsdTZpW

@lyle817 In diagnostics/command prompt/execute shell command enter

cat /usr/local/www/csrf/csrf-magic.php

Then post the resulting output here.

lyle817

thanks! it's a long output. does this link work for you?

https://pastebin.com/wvKa9cEP

stephenw10

@lyle817 said in browser gui misery:

I see that I'm currently on 2.4

Like actually 2.4.0-release ? That's really old! You are probably hitting some php bug that was fixed years ago.

If you're concerned about getting back to a functioning firewall the safest thing to do is install 2.5.2 clean to a new drive and import the existing config. Keep your existing 2.4 install on the existing drive so you can boot from that again if you have to.
Unless you're doing something 'custom' or unusual I wouldn't expect an issue. It looks like you only have two interfaces which is a relatively simple setup.

Steve

lyle817

It's 2.4.4, so "only" a couple years old, but still good advice. A perfect New Years day project!

Found these instructions online, look OK?

https://withblue.ink/2019/09/14/reinstalling-pfsense-and-restoring-from-backup.html

Now just need to check the drawers for a spare drive now...

bPsdTZpW

@lyle817 said in browser gui misery:

https://pastebin.com/wvKa9cEP

It looks like something has created a gigantic page, which it then attempts to protect using csrf_ob_handler(), which then fails because the lines cited in your crash report attempt to replace strings in it with something potentially larger. Looks like a bug or possibly a penetration attempt.

lyle817

<<deep sigh>>

I guess a re-install was in my future anyway, so here I go....

stephenw10

I would use the instructions here:
https://docs.netgate.com/pfsense/en/latest/install/index.html

And I'd probably do this to save time:
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-usb-during-install

Steve

lyle817

Woohoo, back in business and my white screen of death is a distant memory!!

Thank you, thank you @stephenw10 & @bPsdTZpW and Happy New Year!!

bPsdTZpW

@lyle817 And a happy New Year to you as well!

lyle817

Pfsense is working great, but for some reason the upgrade caused my Freenas to get dropped from the network. Now I can't access the Freenas webgui and pings are unsuccessful. It does not appear in the DHCP listing or on the ARP table.

I hooked up a monitor to the Freenas and everything looks fine. Rebooted both Freenas and pfsense a couple times, no joy. On the Freenas console it says, "The web interface is at: 192.168.1.175", but this is a lie.

Not necessarily Freenas experts here, but any ideas why the pfsense upgrade might cause this behavior?

stephenw10

Can you ping out from FreeNAS?

Is it showing a link on the NIC?

Traffic between a client on the LAN and the FreeNAS box would go directly, it wouldn't pass through pfSense at all.

Steve

lyle817

I tried pinging the router (192.168.1.1) and also my desktop PC (.135) from the Freenas shell, but in both cases got "Host is down"

"Is it showing a link on the NIC?". Not sure how to check that...

"... it wouldn't pass through pfSense at all". But the Freenas should show up on my pfsense DHCP Leases page.

lyle817

"Is it showing a link on the NIC?"

A-ha, no link lights! WTF? Now I'm really mystified!

Gertjan

@lyle817 said in browser gui misery:

A-ha, no link lights!

Well, change the cable, the port and/or switch it is connected to, or the NIC used by your FreeNAS.
If there is no "link", DHCP won't work. It's like there is no cable at all.

lyle817

Makes sense, thanks! I was thinking somehow the operating system was shutting down the NIC, but I see now this is likely a hardware problem just coincidental with my pfsense upgrade. Will attend to it tonight when I get back, thanks again guys!!!