pkg-static update still using 100% cpu! Unacceptable!
-
@jimp I haven't tried that yet. I just did a factory reset and pfblocker is still installed. What the hell? This thing is screwed up beyond belief and I have no idea how it got like this. How do I get that image to do a REAL factory restore?
-
Sounds like all the symptoms point to either the package database being corrupt, or something in the filesystem being corrupted. A reinstall is the next best thing to try.
If you go to https://go.netgate.com and open a request, the support crew will send you a link to the image.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp I opened a ticket. Hope they're quick about it.
I thought a factory reset would restore it to a fresh pfsense install. Apparently not. This thing is totally screwed. Upon factory reset, it walks me through the initial setup wizard. I input all my info and hit save. It doesn't save it. The thing reboots and everything I entered is gone.
-
@jimp I'm totally lost! I downloaded the image, but how the heck am I supposed to get it loaded on the box? I have a little USB cable in the box. What am I supposed to do with that? Do I just write the image to a usb stick and reboot it or what?
-
You'll use a USB stick. Did they not give you a pointer to the instructions? They are on the documentation site:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp yes they sent the link, but all i have is the usb cable. I don't have a serial cable
-
@jimp Now apparently i need a driver for my com port in order to use putty? This is a disaster.
-
@jimp I can't get the com port driver installed on my windows server 2008 box. Tried to open a putty session and get only a blank screen. I need help!
-
The USB cable is (effectively) a serial console cable for these devices. Directions for the driver are all on the doc site if you need them. If you get hung up, send a message back to the support crew, they'll help you through the process.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp I know that, i can't get the appropriate driver installed for my com port so i can putty into the pfsense box. I need help! The support guys haven't offered me any more help beyond sending me the image link.
-
@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:
@jimp I know that, i can't get the appropriate driver installed for my com port so i can putty into the pfsense box. I need help! The support guys haven't offered me any more help beyond sending me the image link.
The USB-to-serial driver should install and work on any current Windows desktop client. Do you not have a Windows PC or laptop you could use?
Never tried to use the USB-to-serial driver on Windows Server, especially something a bit older such as 2008.
-
@bmeeks Hi Bill. I gave up and tried it on a windows 7 pc and that worked. I've managed to reflash pfsense onto my SG-3100 and restore my config. Looks to still have the same problem. 1 cpu core stuck perpetually at 100%, and has not reinstalled the packages as it said it was doing at boot up.
-
@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:
I don't know how to restore without restoring the package data
Open up your config.xml backup in a text editor. Look for the section titled <installedpackages> and delete that entire section then save the file under a different name. Restore from that new file.
-
@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:
@bmeeks Hi Bill. I gave up and tried it on a windows 7 pc and that worked. I've managed to reflash pfsense onto my SG-3100 and restore my config. Looks to still have the same problem. 1 cpu core stuck perpetually at 100%, and has not reinstalled the packages as it said it was doing at boot up.
One thing that can cause this is for the box to not have Internet access during the package installation stage. It will try forever to contact the pkg repository. Are you sure the box has a good Internet connection and that DNS is working?
Can you log in to the web GUI and then go to DIAGNOSTICS > DNS LOOKUP and try to look up a common web site by name such as google.com or cnn.com. See if you get back valid IP addresses.
@KOM has given you a method to manually edit your
config.xmlfile to have the firewall skip attempting to auto-reinstall packages. You can try that as well, but make that change on a copy of your backup file and not to the original! -
@bmeeks Yes I've got internet access. DNS test is working fine. I can get on all my normal sites. And I'm responding to you.
So it seems that even a fresh, factory install cannot/will not install suricata. It just sits hung at 100% cpu.
What in the world is happening here? I'm ready to stomp on this thing.
-
@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:
@bmeeks Yes I've got internet access. DNS test is working fine. I can get on all my normal sites. And I'm responding to you.
So it seems that even a fresh, factory install cannot/will not install suricata. It just sits hung at 100% cpu.
What in the world is happening here? I'm ready to stomp on this thing.
Look in the system log and see where it is stalling with the installation. I would check if pfBlocker is perhaps blocking an IP address that Suricata wants to access. That has happened before since some pfBlocker lists target sections of AWS, and the Snort rules (if you are using them in Suricata) are hosted on AWS infrastructure.
The
pkgutility will install the binary and GUI package code and then call a post-install PHP script within the Suricata package. That script detects your previous installation's configuration inconfig.xmland starts restoring it. One step in that process is downloading the configured rules. -
@bmeeks pfblocker is not yet installed. And again, even a fresh factory image cannot install suricata. I will check the logs.
-
@bmeeks I've tried everything multiple times. I don't know what else to do. This box has turned itself into a doorstop. I give up.
-
@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:
@bmeeks I've tried everything multiple times. I don't know what else to do. This box has turned itself into a doorstop. I give up.
You can easily remove the Suricata package configuration section. Just make a copy of the
config.xmlfile and then open the copy in a text editor. Find the section that says <installedpackages> and remove all the suricata from that section. You will find several XML elements with Suricata info. There will be a <menu></menu> entry, a <service></service> entry, and then finally a <suricata></suricata> entry. Remove all of those tags and Suricata-related info enclosed by them. Save the newly modified file on the firewall and try rebooting again. -
@bmeeks I've tried all that, Bill. It still won't work. I've tried installing the packages I need on a fresh image just after I entered all of my IP, DNS, and WAN data to get the Internet working. I would think that if it doesn't work then, it surely isn't gonna work at any other step either.
