Possible PfSense Bug
-
Greetings,
So it's not just a CSRF error, I literally cannot login at all, it throws a "Username or Password incorrect" for a few minutes and then starts working again.
I am using KeePass most of the time, but this is actually the one case where I am manually typing it in. I am actually now not able to login at all after a few minutes, I have to reboot the system and i can get in. I tried resetting web-configurator and php-fpm. A reboot fixes the traffic problem too. NTOP shows about 60 percent connection drop. Filter logs show no increase in blocks. CLI is fully functional. No log entries. -
so your running ntop on the vm as well? What other packages?
ntop and ntopng were packages that were removed from 2.3
https://doc.pfsense.org/index.php/2.3_Removed_Packages -
Sorry, PfTop (option 9).
Weirdly enough, when I reboot the system, it allows me to auto-login based off the session sometimes too, if I hit refresh.I double checked to confirm, only default packages installed, no extras.
-
FYI, I am starting to see these in the log now that I upgraded to 2.3.1p1 when the weirdness happens:
May 31 15:51:54 kernel arp: 00:0c:29:59:6b:bb is using my IP address 10.99.170.70 on em0!
I did a fresh install this time too, to make sure it wasnt the old cruft giving me grief. However, not seeing this problem on any of my dedicated hardware pfsense devices.
-
To provide more info / context… that is my firewalls mac which the firewall is complaining about having an apparent IP conflict with...
-
More information:
I cannot access any port forwards at all, and they do not show up on netstat as even being active.
the external interface is still seeing the traffic come in (checked with TCPDUMP).
Restart of webconfigurator and php-fpm does not remedy the issue.
The host's passwd function does not work to correct the "incorrect password" from shell.
I am unable to ping my external gateway, but I can ping all of my internal "LAN" hosts.
Switching between e1000 and vmxnet3 interfaces makes no difference. -
New update: dmesg is showing it tried to access promiscuous mode, which I had disabled. trying to enable that.
-
To provide more info / context… that is my firewalls mac which the firewall is complaining about having an apparent IP conflict with...
That's at least part of your problem. It's not complaining about a conflict with its own MAC unless you managed to get the same IP on multiple NICs on the same system. Regardless of the reason, that's broken and needs to be fixed before proceeding with anything else.
New update: dmesg is showing it tried to access promiscuous mode, which I had disabled. trying to enable that.
That has nothing to do with promiscuous at the ESX level, guessing you were probably packet capturing, or are looking at pflog0.
-
I am confused exactly what you mean by 'That is not it's own mac' … that was a statement not a question on my side.
TO prove it, here is a screenshot.
-
That has nothing to do with promiscuous at the ESX level, guessing you were probably packet capturing, or are looking at pflog0.
Probably something to do with the status of traffic show on the rules page, I havent done pftop myself directly on this device.
-
I am confused exactly what you mean by 'That is not it's own mac' … that was a statement not a question on my side.
TO prove it, here is a screenshot.Yes, you are confused.
The screenshot shows 00-0c-29-74-3b-e0 on a vmx0 interface. Here is the error you posted-
May 31 15:51:54 kernel arp: 00:0c:29:59:6b:bb is using my IP address 10.99.170.70 on em0!
As was stated, you need to fix this. -
You are correct, weird it would crash like that though.
Fixed now.Much thanks!
-
It wasn't crashing anything, you were communicating with two diff devices and switching back and forth between them, which obviously isn't going to work right.
