Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.5 stacks at boot with dots

    General pfSense Questions
    9
    60
    9.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @Dilligaf
      last edited by

      I tend to think the issue is related to 'power'.
      That's a hard one to debug, as, for myself, I never reboot my pfSense. It neither powers down without me knowing about it.
      And the day I happened because I've been ripping out the wrong cables, I will reboot with the console activated, me watching the boot process, looking for 'unusual' messages.

      Also, I'm still not using SSD for pfSense, but old fashioned hard disks. These have stickers with the install date, and after 3 à 5 years will get changed. I'm now on my fourth disk change iteration.

      @dilligaf said in Pfsense 2.5 stacks at boot with dots:

      I can see the scenario coming eventually when I'm not near the office

      That one is valid for everybody I guess. The presence of an UPS will lower the risks, though.
      I'm lucky, as the company where I works is a 24/24 - 365/365 and there there is always someone that could "push a button". Because of this, the inverted Murphy's law implies : it won't happen.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      N 1 Reply Last reply Reply Quote 0
      • N
        netblues @Gertjan
        last edited by

        @gertjan How on earth this can be related to power when it is happenig on a vm, and the host is there, with no downtime/disk events.

        D 1 Reply Last reply Reply Quote 0
        • D
          Dilligaf @netblues
          last edited by

          @netblues I've not generated a zero bytes config file since I disabled ClamAV over 3 weeks ago. Pfsense rock solid on a 2.5.2 snapshot every since.
          Now I've said that it'll probably happen this morning.

          N 1 Reply Last reply Reply Quote 0
          • N
            netblues @Dilligaf
            last edited by

            @dilligaf So you had clamav running on freepbsd pfsense?

            WHY?

            D 1 Reply Last reply Reply Quote 0
            • D
              Dilligaf @netblues
              last edited by

              @netblues Running antivirus never seems like a bad idea to me.

              I noticed that it triggers a config file write immediately after boot at about the same time I was getting crashes and zero bytes config. May be unrelated, who knows.

              I decided to disable as much as possible as the frequency of these zero bytes config was becoming a nuisance. Hey, the router's stable at the mo so I'm happy.

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @Dilligaf
                last edited by

                @dilligaf said in Pfsense 2.5 stacks at boot with dots:

                Running antivirus never seems like a bad idea to me.

                Ask yourself : what does the "antivirus " see ?

                Packets that come into an interface, like, for example WAN, are about 1k5 bytes in size, they are ALL heavily TLS 'encoded' (so not visible at all for whatever process running on 'pfSense'), and transmitted on a LAN interface.

                Or do you think that tools like (example) pfBlockerNGdevel starts to download executables instead of DNSBLfeeds ? And executes them ?
                If you even think this is possible, do the right thing : remove pfBlocker from your router.

                Or some one takes over your pfSense at root level (and kills the anti vir first as he could) and starts installing nasty spy wares ?

                Maybe, if the antvirus is proxying all mail traffic
                AND
                this traffic is send received in 'clear', then an antivir could actually be useful.

                But let me check my mail server, if there are still mails today that are send 'clear' :

                TLS error :
 scanner-21.ch1.censys-scanner.com[162.142.125.128]
 92.118.160.41.netsystemsresearch.com[92.118.160.41]
---------
    456 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    245 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
     17 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)
      9 TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
      9 TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
      6 TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
      5 TLSv1.2 with cipher AES256-SHA (256/256 bits)
      4 TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)
      3 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
      2 TLSv1.2 with cipher RC4-SHA (128/128 bits)
      1 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)

                Humm : mails are all hidden behind at least a "TLSv1" layer which means you can't see a thing on a router. If you could, turn around NOW. The guys in your back are from the NSA, or Mossad, or worse. Two things can happen in the next minute : you'll be extreme rich (and you killed the entire Internet), or you're dead.

                Care about the planet, stop burning these billions of CPU cycles for nothing, and remove 'antivir' software. If you want one, use it on the 'end device' like your PC.

                And no, a (router || firrewall) != ( NAS || mail server || anything else)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                D 1 Reply Last reply Reply Quote 0
                • D
                  Dilligaf @Gertjan
                  last edited by

                  @gertjan Thanks for that. I also fully understand already that ClamAV isn't going to see encrypted traffic. This is way off topic and I haven't come here for this.

                  Guys... What I'd really wanted to understand how these zero bytes config files happen and how to stop them. Its a PITA. Has anybody got ideas with that?

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • N
                    nasos.liagos @chamilton_ccn
                    last edited by

                    @chamilton_ccn You are my hero. I was ready to jump off the balcony, until I saw your post and it solved my problem.

                    Thank you!

                    chamilton_ccnC 1 Reply Last reply Reply Quote 1
                    • chamilton_ccnC
                      chamilton_ccn @nasos.liagos
                      last edited by

                      @nasos-liagos Happy to help 😄

                      1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @Dilligaf
                        last edited by

                        @dilligaf said in Pfsense 2.5 stacks at boot with dots:

                        I also fully understand already that ClamAV isn't going to see encrypted traffic.

                        What I've should have mention where I wanted to go : ClamAV will see the traffic that all the process read and write to disk.
                        What if : some key word(s) in this traffic (the config file to be written) doesn't please ClamAV ?
                        Is there a way, as any (many) anti virus can do : exclude this file from being scanned ?
                        Does the issue exists with ClaAV running and not with ClamAV stopped ?

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post