DHCP lease screen not loading
-
Hello,
Long time listener, first time caller. The main reason being I run a pretty simple network and pfsense has always been great.
I did the 2.5 update a few days ago and now the status > DHCP lease screen won't pull up. It gives me a 504 gateway NGINX error after a few minutes. Scrolled through the logs and found the below error:
Feb 25 11:53:40 nginx 2021/02/25 11:53:40 [error] 35428#100132: *2 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.41, server: , request: "GET /status_dhcp_leases.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.1.1", referrer: "https://192.168.1.1/services_dhcp.php"
I was able to replicate this error every time I had the issue. I'm a networking guy by trade, but admittedly am not great at figuring this stuff out when it comes to the background programs. Any help would be great, thanks in advance.
-
Similar issue. I just updated to 2.5.0 and the login screen appears but once authenticated, it just hangs and I see these in the logs:
SYSTEM.LOG:
Feb 25 23:42:57 gw nginx: 2021/02/25 23:42:57 [error] 51612#100143: *8 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.100, server: , request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.1.254", referrer: "https://192.168.1.254/"NGINX.LOG
Feb 25 23:49:20 gw nginx: 2021/02/25 23:49:20 [error] 51612#100143: *13 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.100, server: , request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.1.254", referrer: "https://192.168.1.254/"Tried restarting PHP-FPM and the web configurator already with no luck.
-
Something like https://forum.netgate.com/topic/160956/sg-1100-dhcp-lease-status-page-load-time?_=1614319231879 ?
@VA3DPrinter : loading the "DHCP lease screen not loading ", right ?
-
So based on another post that discussed your DHCP issue and the volume of data required to process/display the page, and another post talking about the widgets on the front page I found my issue was a combination of the two. I had enable displaying of the Firewall logs and had a refresh of 5 seconds. If you have a large firewall log file, it is processing that file every five seconds. This of course kills your performance and the server's ability to render the page, so nginx gets a timeout. I removed the widget and the system is performing much better now. Will have to look into off-boxing logs and a more appropriate place to process/display that info. Thanks for the pieces that solved the puzzle...
-
@gertjan said in DHCP lease screen not loading:
Something like https://forum.netgate.com/topic/160956/sg-1100-dhcp-lease-status-page-load-time?_=1614319231879 ?
@VA3DPrinter : loading the "DHCP lease screen not loading ", right ?
Nope, it's not similar to that really. The page doesn't load at all. It throws those errors and gives a "504 Gateway Timeout nginx" error. No matter how long I wait. It's not that big of a deal, I can just move the DHCP off of pfsense. I flushed all of the logs just in case, but it didn't make a difference. I can't find any storage or log size issues. It looks like this only started due to something on 2.5. It's not that big of a deal though, I can either move my DHCP over to a server or revert to 2.4.5.
-
So, as asked in the other - mentioned -thread : what is the file size /var/dhcpd/var/db/dhcpd.leases ?
@plague311 said in DHCP lease screen not loading:
gives a "504 Gateway Timeout nginx" erro
That's an error that gets shown if the info to prepare (PHP makes html for nginx so it gets send to your browser) is to big.
Like a huge leases file.Maybe you're right, but I cant' exclude that the file size issue as the origin of your problem.
Is your /var/dhcpd/var/db/dhcpd.leases like :
-rw-r--r-- 1 dhcpd _dhcp 22321 Mar 4 13:38 /var/dhcpd/var/db/dhcpd.leases
close to 23k bits.
My leases show up in the GUI right away.
-
@gertjan said in DHCP lease screen not loading:
So, as asked in the other - mentioned -thread : what is the file size /var/dhcpd/var/db/dhcpd.leases ?
@plague311 said in DHCP lease screen not loading:
gives a "504 Gateway Timeout nginx" erro
That's an error that gets shown if the info to prepare (PHP makes html for nginx so it gets send to your browser) is to big.
Like a huge leases file.Maybe you're right, but I cant' exclude that the file size issue as the origin of your problem.
Is your /var/dhcpd/var/db/dhcpd.leases like :
-rw-r--r-- 1 dhcpd _dhcp 22321 Mar 4 13:38 /var/dhcpd/var/db/dhcpd.leases
close to 23k bits.
My leases show up in the GUI right away.
Here is a screenshot of what you requested. It looks like there are a few outdated files in there. Perhaps those could be causing an issue. The files size for the current file is close to what you're showing though.
-
I just updated and got the same problem. Did you fix this somehow?
-
@pette_rsson Nope, not as of yet. I'll probably just end up moving my DHCP to another server until netgate figures out a fix for it. I'm not seeing much online for a resolution so it must not be overly common.
-
@plague311 hmm, ok.
I don't want to move it, so I need to fix it... :(
-
@pette_rsson said in DHCP lease screen not loading:
@plague311 hmm, ok.
I don't want to move it, so I need to fix it... :(
I hear ya, I don't want to move it either. I tried everything I could think of and got no where really.
-
@plague311 Then it should be reported as a bug. Is there no possibility to raise a bug ?
-
@pette_rsson said in DHCP lease screen not loading:
@plague311 Then it should be reported as a bug. Is there no possibility to raise a bug ?
I don't know that I've ever reported one. In all honesty this is the first issue I've ever had with pfsense. I have some time later today though, and I can dig around to submit a report.
-
Running into a similar issue on my system -- pfSense on bare metal (i5-4570, 8GB RAM).
I absolutely cannot get the Status: DHCP Leases page to load. Most pages in the GUI load normally; however other pages seem to load slower than they should and have historically (the Dashboard and the Update page, for example), others will time out occasionally and load normally at other times.
There is a similar Reddit thread about this issue at: https://old.reddit.com/r/PFSENSE/comments/lzt9qu/504_gateway_timeout_when_opening_status_dhcp/
-
@anrt Then tell us why the GUI => NGINX => PHP has so much trouble shwoing that file.
A 30 kbytes files takes some miliseconds to show.
How big is your lease files ?I never saw these dhcpd.leases.xxxxxxxx files.
I guess these files are made when dhcpd re creates the leases files, and is faulting during so.
dhpcd is made by https://www.isc.org/dhcp/ and very solid. Still, it only works when you throw real RFC [DHCP] defied traffic on it. Other traffic, generated by the device that cost less then 1 $, could break everything. Even dhcpd. The golden law always applies : BS in = BS out.So, what about : when are these dhcpd.leases.xxxxxxxx files created ? What happend on that moment with the system ? A dhcpd segfault ? Some one was ripping the power ones again ? Something else ?
What was logged at that moment ?
A host name with binary chars ?
Etc.I'll agree with you both : some exceptional is happening. So, go hunt for it.
A sledge hammer solution : remove every device from the LANs. There will be no more issues.
Right ?
No, add one device at the time. And wait. No issues ? Add another device, etc.
When the issue pops up, you know what device to check.Can you read that file yourself (use Notepad++ and open it) ?
Are there strange, binary ? characters ?And what about your network ?
Is there a device that want a new lease every xx seconds ?
Is there a device that changes it 'name' on every lease ?
Etc.There is a device that makes your live so much easier : an UPS.
Btw : Widget and massive firewall log rules.
The widget is there exist if there are really a few log lines to show. Just for the kicks. As you said yourself, the thing updates itself every 5 seconds, using world's most ineffective language on the planet : PHP (just a bit faster as Basic).What is dropped on the WAN : you don't care / you don't log. "Many have tried, all have died".
LAN : same thing : no need to see the kids running in the wall every 5 seconds.Huge logs files are ok of course. You should deal with them using the ancient tools like vi, nano, Notepad++, tail, logwatch (used on a remote syslog server) etc.
Firewall wall rules are there to be tested, and ones proven ok, make them silent. This way, only the exceptions will pop up, and draw your attention.
Remember this : to much info kills the info.
-
@gertjan No idea why you're so aggressively going after people just asking questions, but it appears that this is something to do with 2.5, not with any of our configurations themselves.
I run <30 devices on my network, 15 of which are statically addressed. I have no firewall rules because I don't need them. My DHCP scope allows about 40 dhcp addresses, and I'm sure I've restarted it a few times, which has created those numbered files. That being said, I can't imagine any of those causing an issue because they're extremely small, and it doesn't appear they're used for anything. Also, the DHCP scope itself is working absolutely fine. The router is handing out addresses properly. The only issue is loading that screen. Also, those numbered files are from months ago and have caused no issues in the time frame.
We hunted, we brought error messages, and we asked on the forum, in the subsection designed for such questions. Do I know how to resolve this? No, it doesn't make any sense because NOTHING on my network has changed, sans the update to 2.5.
Seriously though, if you're that frustrated by us asking questions, just don't answer. I'd rather work with someone from netgate than be quasi scolded by someone for using a forum for its designated purpose. Thank you for your help to this point but it's not the dhcp file size.
-
- The network settings are unchanged for months.
- The hardware connected to the network has not changed for a similar period of time.
- There are approximately 15-30 devices connected to the network at any given time, this is not a different number that was the case some months ago.
- This system was updated to 2.5.0-RELEASE approximately two week ago. This issue began appearing over the weekend or possibly Monday.
- The DHCP log does not show a significant number of requests in a short period (the 50 most recent entries in the log took place over the course of slightly more than an hour).
- The issue persists with the primary switch disconnected and only a single system connected to the network (aside from the pfSense box)
-
The page worked perfectly just before the update, and right after the update it was broken. I didn’t change a thing, did not even leave my chair....
-
@pette_rsson said in DHCP lease screen not loading:
The page worked perfectly just before the update
When the dust settled, did you executed a clean GUI reboot ?
Time to inspect the dhcp leases files ?
Like :[2.5.0-RELEASE][admin@pfsense.local.net]/root: ls -al /var/dhcpd/var/ db total 88 drwxr-xr-x 2 dhcpd _dhcp 512 Mar 10 07:52 . drwxr-xr-x 4 dhcpd _dhcp 512 Jan 29 2015 .. -rw-r--r-- 1 dhcpd _dhcp 33690 Mar 10 08:04 dhcpd.leases -rw-r--r-- 1 dhcpd _dhcp 34410 Mar 10 07:52 dhcpd.leases~ -rw-r--r-- 1 dhcpd _dhcp 527 Mar 10 06:03 dhcpd6.leases -rw-r--r-- 1 dhcpd _dhcp 772 Mar 10 06:03 dhcpd6.leases~
The last two files are for the IPv6 DHCP leases and not concerned here.
What did you find in the file "dhcpd.leases" ? (the dhcpd.leases~ is just an unused copy).
Are there any "dhcpd.leases.xxxxxxx" where xxxxx is a number ?You can stop the DHCP server(s), wipe the dhcpd.leases and dhcpd.leases~ files, and restart the DHCP server(s). That helps ?
Check the Status > System Logs > DHCP page.
Refresh a page a couple of times. is there a lot of activity ? Any 'strange' messages ?@pette_rsson said in DHCP lease screen not loading:
did not even leave my chair....
Don't worry. It isn't about what you've done. It's more about what you (and we) don't know yet.
Plan Z : (something I would do ) :
Take a look at the /usr/local/www/status_dhcp_leases.php
It's setting up some stuff, reads the leases file, and loops over it.I would place log lines so it drops an 'I'm here' every xx lines. They way, you'll see, when you look at the DHCP Lease files with the GUI, when it stops logging thus when it reached the point where it block. At that point, start logging the variables (their values) used just above, and you'll find out why an where it blocks.
-
@gertjan Thank you for this. After I stopped the server, deleted all of the files, and restarted the server the dhcp leases screen is now pulling up without an issue.
Genuinely confusing but as long as it works I'm happy.
Thank you again for your help, it's very appreciated.
-
Deleting the files and restart the DHCP server worked for me as well.
-
Deleting the files provides a temporary fix. However, the issue returns after several hours.
After a fresh install of pfSense the issue is not present, then returns some hours later. System has been tested for memory, hard disk, and network communication issues -- none are present.
Upon a fresh install of pfSense pages load normally in the GUI. However, after several hours the pages for DHCP Leases, Update, Package Manager, and Dashboard will take up to a minute to load and occasionally fail to load with the 504 error.
-
Deleting the files is a plan Z solution.
The real problem is that there is a device in your network that totally breaks the DHCP RFC.
That device renews it's IP after a while, spits out the same nonsense, with ongoing consequences.The real mission is - Plan A - / was / says : find that device.
And repair it (change the host name, give it a static IP, whatever) - or throw it out of the window.
Issue solved. Definitely.Programs can be fool proof, but code can be bad, and still break everything.
No one can program for every exception, or possible situation. -
@gertjan said in DHCP lease screen not loading:
The real problem is that there is a device in your network that totally breaks the DHCP RFC.
That device renews it's IP after a while, spits out the same nonsense, with ongoing consequences.I just don't see how this is possible. There aren't any new devices on the network for months and this problem didn't appear until after upgrading/clean installing to 2.5.
And, even if that is the problem it doesn't explain why other GUI pages are failing to load or loading exceptionally slowly.
Like, how is this the result of some funky client on the DCHP table? Especially when the DHCP log doesn't appear to have abnormal activity.
-
@anrt
Unable to check for upgrades
is new in this thread.The updates : Enter the console, and use option 13.
Does that work ?If many pages become slow, then I tend to say that the entire PHP-FPM or even nginx (the webserver) has some issues.
Console option 8.
Usetop
and see what is on top when you open some GUI pages.
-
Option 13 (Update from console): Another instance is already running. . . Aborting!
Shell "top":
-
@anrt said in DHCP lease screen not loading:
Update from console): Another instance is already running. . . Aborting!
I've seen that before : a blocked 'pkg' process.
The forum has words about that. -
I've got the same DHCP page won't load issue. I just recently did the upgrade to 2.5.0(yesterday), and the problem appeared today. Did anyone ever figure out what was causing the issue?
-
@chance I just checked mine again and it's back to having the same problem. I don't have much more to offer, I'm just going to move DHCP off of pfsense.
I don't buy that there's some random device on my network that's having DHCP issues that somehow popped up with pfsense 2.5, given I had no issues at all previously (for years). If there's a problem, the problem is with whatever change they made in pfsense 2.5, not with one of my devices. If you check the forums the 2.5 update has been painful for a lot of people. Tons of stuff broke like VPN's, and the issues referred to in this thread. I'd just revert back if you still have that option. Wait for netgate to figure out what they did.
As you can see, my leases files aren't even to 10k. There's no way my DHCP scope or my leases are the issue.
-
@chance I got mine working for a while by completely reinstalling pfSense and not using that system for anything but DHCP and the basic firewall (no packages, no certificate creation, no DNS, no port forwarding).
That ended up not working after around five days and the page was timing out again. So, I moved to Opnsense and haven't had any issues.
I'll probably be back to pfSense a few months after the next update comes out, but this has been a terrible experience.
-
@anrt said in DHCP lease screen not loading:
@chance I got mine working for a while by completely reinstalling pfSense and not using that system for anything but DHCP and the basic firewall (no packages, no certificate creation, no DNS, no port forwarding).
That ended up not working after around five days and the page was timing out again. So, I moved to Opnsense and haven't had any issues.
I'll probably be back to pfSense a few months after the next update comes out, but this has been a terrible experience.
I spun up a VM using OPNSense as well, and it was a decent piece of software. Like you, whatever the problematic device on my network was didn't seem to effect OPNSense. If the screen was more of an issue I'd probably switch over as well.
-
Unfortunately I'm in "production" so I can't switch out to Opnsense without a huge change control and testing. My installation is also fairly complicated as it is a private ISP for a neighborhood. I guess that will teach me to upgrade... ever... even with the large amount of testing I did there are still minor things like this that will come up no matter what.
-
@chance said in DHCP lease screen not loading:
Unfortunately I'm in "production" so I can't switch out to Opnsense without a huge change control and testing. My installation is also fairly complicated as it is a private ISP for a neighborhood. I guess that will teach me to upgrade... ever... even with the large amount of testing I did there are still minor things like this that will come up no matter what.
If you look up at my post, I found that deleting the leases files got it working for a few days. I can test it on my home environment by deleting those files again and see if the screen will load. It might not be a perfect resolution but it might be a bit of a work around until netgate gets it figured out.
-
@chance Can you manage a rollback? It's a bit nuclear, but if everything was working on 2.45 then maybe sitting on that until the current development version is stable would be the best option.
-
I probably can, but it's been a little while since the upgrade, and I "think" I can live with this for the time being... Here's hoping it makes 2.5.1...
-
@chance I deleted the files again, restarted the DHCP service through the DHCP leases screen and it is backup and running. So I can confirm that deleting those files and restarting the service will bring up that page again.
That being said, after restarting the service the only leases that showed up in that screen were the static IPs. I didn't get time to test if I had to renew each dynamic device to see if it would show up, but when I loaded up my test VM it grabbed a DHCP address and then showed up in the list.
I hope this helps a bit.
-
I'll explain what I did in case someone stumbles across this thread looking for a work around.
I run pfsense as a VM on my home server (just an old dell R810, nothing special), running ESXi. I opened up the console through the ESXi webGUi (SSH'ing in would do the same thing), pressed 8 (for shell) on the machine, typed
cd /var/dhcpd/var/db
Just to make sure I was in the right location I performed the
ls -lh
It's all lowercase but for clarification I typed LS -LH just so there's no confusion. After I confirmed that the files were in that directory I typed:
rm dhcpd.leases dhcpd.leases~
The one with the ~ is the active leases file. I deleted both just to be safe. I then opened up the webGUI for pfsense. I navigated to status > dhcp leases and restarted the service. Those showed all of my static IPs, and then the dynamics started filling in as my leases expired.
I hope this helps someone.
-
@plague311 said in DHCP lease screen not loading:
The one with the ~ is the active leases file.
The one with the ~ is always older, this the backup.
Instead of deleting file, you might try this :
Go here :
/usr/local/www/Make a backup of this file :
/usr/local/www/status_dhcp_leases.phpEdit the file - using a text edit like Notepad++ - or use nano on pfSense itself :
/usr/local/www/status_dhcp_leases.phpExample :
Yo see the
echo "1 ";
echo "2 ";
etc.
I inserted ?here they are :
add some of these "echo" lines, and look at the DHCP status page in the GUI.
If your browser reaches (shows) echo "1" but not echo "2", you know thing start to go wrong here :
-
If the page doesn't load the echo's will never display.
I think you would have to wrap each relevant block in try/catch to see if you could get it to skip the part that errors and print the debug statement (echo "block A skipped").
I don't really know how php behaves though, so take that FWIW.
-
@gertjan When those lease files get deleted the screen works, but as chance mentioned when it's not loading, it's not loading anything. It just gives that nginx error and there's nothing. I don't know that this really helps track down an issue.