Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense 2.6.0 sshguard @ web gui bug/crash

    Scheduled Pinned Locked Moved General pfSense Questions
    108 Posts 4 Posters 25.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by stephenw10

      Hmm, well the only log it could have been us the filter log. That is now overwritten so we can't see for sure it was rotating every minute during the issue.
      So potentially you were under some sort of attack? The monitoring graphs should show a massively increased rate of blocks on WAN at that time if it was.

      Nothing outstanding in the ntp logs other than a failure to resole the pool IPs for 10mins yesterday. That would not be causing an issue now.
      Do you see anything from : ntpq -pn

      VioletDragonV 1 Reply Last reply Reply Quote 0
      • VioletDragonV
        VioletDragon @stephenw10
        last edited by VioletDragon

        @stephenw10 So it looks like to be working, i am guessing it is something to do with the Gui that could be broken,

             remote           refid      st t when poll reach   delay   offset  jitter
        ==============================================================================
         0.pfsense.pool. .POOL.          16 p    -   64    0    0.000   +0.000   0.000
         0.uk.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
         1.uk.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
         2.uk.pool.ntp.o .POOL.          16 p    -   64    0    0.000   +0.000   0.000
        #185.132.43.60   85.199.214.98    2 u   24   64  377   21.345   +0.133   0.158
        +81.128.218.110  .GPS.            1 u    9   64  377   22.794   +0.182   0.233
        *85.199.214.101  .GPS.            1 u   15   64  377   18.637   -0.185   0.253
        -195.171.43.12   .PPS.            1 u   18   64  377   23.762   +0.416   0.458
        -185.83.169.27   .GPS.            1 u   17   64  377   25.767   +0.702   0.461
        +85.199.214.222  85.199.214.99    2 u   19   64  377   18.945   -0.178   0.356
        #162.159.200.1   10.20.14.167     3 u   84   64    7   22.647   +0.184   0.149
        
        

        I don't believe the UK NTP Servers are working

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          I would think they are. You always see an entry for each pool you have configured like that.

          185.83.169.27 is in 2.uk.pool.ntp.org

          [22.05-DEVELOPMENT][admin@plusdev-2.stevew.lan]/root: host 2.uk.pool.ntp.org
          2.uk.pool.ntp.org has address 185.103.117.60
          2.uk.pool.ntp.org has address 185.83.169.27
          2.uk.pool.ntp.org has address 85.199.214.101
          2.uk.pool.ntp.org has address 103.214.44.30
          2.uk.pool.ntp.org has IPv6 address 2001:8b0:df52:914d::123
          2.uk.pool.ntp.org has IPv6 address 2a00:da00:1800:7f::1
          2.uk.pool.ntp.org has IPv6 address 2a00:2381:19c6::100
          2.uk.pool.ntp.org has IPv6 address 2a0b:9b00:463::123
          

          Steve

          VioletDragonV 1 Reply Last reply Reply Quote 0
          • VioletDragonV
            VioletDragon @stephenw10
            last edited by

            @stephenw10 urmm interesting. when i do host host 2.uk.pool.ntp.org it shows different here,

            2.uk.pool.ntp.org has address 103.214.44.30
            2.uk.pool.ntp.org has address 45.63.100.187
            2.uk.pool.ntp.org has address 139.143.5.30
            2.uk.pool.ntp.org has address 134.0.16.1
            2.uk.pool.ntp.org has IPv6 address 2606:4700:f1::1
            2.uk.pool.ntp.org has IPv6 address 2a0b:9b00:463::123
            2.uk.pool.ntp.org has IPv6 address 2a03:b980:123:2::a
            2.uk.pool.ntp.org has IPv6 address 2a01:7e00::f03c:91ff:fe73:fd27
            
            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Probably more things in the pool. I've never really looked into it that deeply. Local caching involved in the resolving.

              Steve

              VioletDragonV 1 Reply Last reply Reply Quote 0
              • VioletDragonV
                VioletDragon @stephenw10
                last edited by VioletDragon

                @stephenw10 Hi i'm back, the problem has started again Web Gui is not working and comes up with ERR_CONNECTION_CLOSED, top is not showing much any ideas? I believe either php or nginx is crashing and not restarting.

                Screenshot from 2022-04-17 00-48-36.png

                VioletDragonV 1 Reply Last reply Reply Quote 0
                • VioletDragonV
                  VioletDragon @VioletDragon
                  last edited by

                  @violetdragon I have noticed that PHP is using some RAM and some CPU when the Gui works.

                  23165 www           1  20    0    27M    16M kqread   1   0:59   0.11% haproxy
                  71979 root          1  20    0    13M  3644K CPU1     1   0:00   0.10% top
                  85706 root          1  27    0    60M    43M nanslp   1   0:31   0.09% php
                  23709 root          1  20    0    30M  9612K kqread   0   0:00   0.06% nginx
                  62037 root          3  41   20   538M   471M bpf      2   0:07   0.03% snort
                  68274 root          1  20    0    20M  9396K select   3   0:00   0.02% sshd
                  54051 dhcpd         1  20    0    25M    13M select   1   0:29   0.02% dhcpd
                  39229 root          5  52    0    11M  2644K uwait    0   0:36   0.01% dpinger
                  29141 root          1  20    0    21M  8408K select   1   0:04   0.01% mpd5
                  65272 root          1  20    0    11M  2200K select   3   0:53   0.01% powerd
                  95019 avahi         1  20    0    12M  3568K select   1   0:34   0.01% avahi-daemon
                  38649 root          5  52    0    11M  2644K uwait    1   0:42   0.01% dpinger
                   2502 root          1  20    0    11M  2700K select   2   0:29   0.01% syslogd
                  31450 root          1  20    0    19M  7216K select   1   0:14   0.01% ntpd
                  77306 root          1  20    0    11M  2212K kqread   0   0:13   0.01% tail_pfb
                  85029 root          1  20    0    17M  7900K kqread   2   1:35   0.00% lighttpd_pfb
                    372 root          1  20    0   101M    27M kqread   1   0:07   0.00% php-fpm
                  60982 root          1  20    0    12M  3024K bpf      3   0:48   0.00% filterlog
                  77510 root          1  21    0    77M    59M piperd   0   4:36   0.00% php_pfb
                   5480 root          2  20    0    19M  7788K select   2   1:54   0.00% openvpn
                  12965 uucp          1  20    0    12M  2864K select   1   0:37   0.00% usbhid-ups
                  57324 root          1  52    0   134M    52M accept   3   0:19   0.00% php-fpm
                  58571 root          1  52    0   134M    52M accept   1   0:19   0.00% php-fpm
                  47138 root          1  20    0   132M    50M piperd   2   0:17   0.00% php-fpm
                  85596 root          1  52    0   132M    50M accept   0   0:16   0.00% php-fpm
                   8628 root          1  52    0   134M    51M accept   0   0:15   0.00% php-fpm
                  
                  VioletDragonV 1 Reply Last reply Reply Quote 0
                  • VioletDragonV
                    VioletDragon @VioletDragon
                    last edited by VioletDragon

                    @violetdragon Just thought i'd mention this, after having another look it's something on the home page that is causing the issue, when the home page does not load if i go to any of the tab it loads them but not the home page.

                    (Edit)

                    The problem is the Disks Widget, when the Disk widget is on the home page the problem appears home page does not load when removed off the home page problem disappears

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Huh, that's interesting. The disks widget is there by default on on 2.6 installs so I would have expected many more reports of similar behaviour.
                      Do you have an unusual disk setup?
                      Is there anything logged in the nginx or system logs when this happens?

                      Steve

                      VioletDragonV 1 Reply Last reply Reply Quote 0
                      • VioletDragonV
                        VioletDragon @stephenw10
                        last edited by

                        @stephenw10 Hi, only disk setup I have are 2x 60GB Solid State Drives in a mirror, nope nothing in the logs, would it be possible to post a video so you can see it? It's strange ain't it.

                        jimpJ 1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Sure post a video, or link to it. I'd like to see it.

                          I have systems with dual ZFS disks in a mirror but they are smaller.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate @VioletDragon
                            last edited by

                            @violetdragon said in pfsense 2.6.0 sshgaurd @ web gui bug/crash:

                            @stephenw10 Hi, only disk setup I have are 2x 60GB Solid State Drives in a mirror, nope nothing in the logs, would it be possible to post a video so you can see it? It's strange ain't it.

                            Is this a gmirror setup that's been upgraded over time or a ZFS mirror?

                            I have several ZFS mirrors and the disk widget works fine there but I don't think I have any gmirror setups on 2.6 currently.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            VioletDragonV 1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              No problems on the test box I use for this:
                              Screenshot from 2022-04-18 14-41-35.png

                              1 Reply Last reply Reply Quote 0
                              • GertjanG
                                Gertjan @VioletDragon
                                last edited by

                                Probably not related, but :
                                @violetdragon said in pfsense 2.6.0 sshguard @ web gui bug/crash:

                                2020/09/08 04:19:59 [error] 4127#100429: *20842 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.9, server: , request: "POST /acme/acme_certificates.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "violetdragon.ddns.net:10443", referrer: "https://violetdragon.ddns.net:10443/acme/acme_certificates.php"

                                Who is accessing what from where ?
                                Why is a LAN based client using "violetdragon.ddns.net" (the WAN IP ?? )- why not using the LAN IP of pfSense host name, which is 192.168.1.1 ?
                                Or is your pfsense really called "violetdragon" and your domain set to "ddns.net" ? So "violetdragon.ddns.net" is 192.168.1.1 (looks very wrong to me).

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                VioletDragonV 1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  It's unusual but it should work fine that way. The disks widget shouldn't care.

                                  GertjanG 1 Reply Last reply Reply Quote 0
                                  • GertjanG
                                    Gertjan @stephenw10
                                    last edited by

                                    @stephenw10

                                    Sure thing.
                                    It looked to me as if the request came from the 'outside' which means he opened up the GUI to the outside world. And that opens up a can of worms.

                                    No "help me" PM's please. Use the forum, the community will thank you.
                                    Edit : and where are the logs ??

                                    1 Reply Last reply Reply Quote 0
                                    • VioletDragonV
                                      VioletDragon @Gertjan
                                      last edited by

                                      @gertjan If you look at the logs carefully, you will see that the 1.9 IP is my workstation, violetdragon.ddns.net was the DDNS Hostname of the firewall and I was internally wrapping it inside meaning, I was using the DDNS Hostname with DNS Resolver it is not unusual to do, I moved to two Static IPs for Ha on my WAN so now i am using a proper FQDN with DNS Resolver & Haproxy with SSL Offloading for Lets Encrypts for both Internal Services and External Services, I guess your not familiar with this kind of setup, and yes I have moved the IP of the Firewall from 1.1 this is what you do in the CCNA world. Web Gui is not publicly exposed I am not that dumb to publicly expose the Web Gui same with SSH on everything, for External use I use my FQDN and OpenVPN/IPsec for offsite Servers.

                                      1 Reply Last reply Reply Quote 0
                                      • VioletDragonV
                                        VioletDragon @jimp
                                        last edited by

                                        @jimp Hi, it is a ZFS Mirror.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Mmm, not seeing any issues on systems with ZFS mirrors here.
                                          Hopefully the video should clarify things.

                                          Steve

                                          VioletDragonV 1 Reply Last reply Reply Quote 0
                                          • VioletDragonV
                                            VioletDragon @stephenw10
                                            last edited by

                                            @stephenw10 I will get the video to you in a few hours, I have had a busy weekend with it being bank holiday. Sorry for the delays.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.