After upgrade from 2.4.5-p1 to 2.5.1 web UI often hangs

mfld

Happens on any page.

I might be trying to go diagnostics -> ping, modify an interface, check OpenVPN status. Doesn't matter what I do. It happens everywhere, no specific .php is involved.

I have it on several but not all devices that were upgraded from 2.4.5-p1 to 2.5.1. Only clue I can come up with is this:

May 6 16:25:23 	nginx 		2021/05/06 16:25:23 [crit] 12545#100474: *180 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.54, server: 0.0.0.0:443
May 6 16:24:41 	nginx 		2021/05/06 16:24:41 [crit] 12698#100480: *170 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.54, server: 0.0.0.0:443
May 6 16:24:05 	nginx 		2021/05/06 16:24:05 [crit] 12698#100480: *171 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.54, server: 0.0.0.0:443
May 6 16:23:29 	nginx 		2021/05/06 16:23:29 [crit] 12545#100474: *163 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.54, server: 0.0.0.0:443
May 6 16:22:31 	nginx 		2021/05/06 16:22:31 [crit] 12545#100474: *155 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.54, server: 0.0.0.0:443

If you wait a while and reload the page or submit your edit, it will sometimes work but fall over again shortly thereafter.

I tried different browsers in case this is a Firefox / plugin compatibility issue. I also tried replacing the pfSense' SSL cert which was ec384 with an RSA4096 just in case that's somehow an issue. Nothing seems to matter. fsck done, RAM and disk space are not exhausted. System load is low. Not sure what's up. Nothing on redmine is a match.

xanthoss

@mfld I have exactly the same issue. If I go in via the WAN by allowing my home IP it does not happen. It only happens on the LAN side. I am connected to this pfsensebox using a VPN connection.

Did you every found out what the problem was?

mfld

@xanthoss No idea. It's still unresolved. I didn't file a bug report on it because I can't tell how to reproduce it. It only happens on some installs, not all.

Let's see what 2.5.2 brings.

xanthoss

@mfld Interesting. Do you have that problem with openVPN perhaps?

It occurs when two PFsense boxes are connected with openVPN. When I use the LAN IP of the box it will give me those errors. I had the same issue on another box and replaced the VPN with IPsec and that seems to fix the issue. I have to check if this is somehow MTU related

mfld

@xanthoss No OpenVPN site-site on these instances and I connect to them over the WAN address which has the port open to a bunch of static IPs. It's gotta be something else.

I am moving all to 2.5.2 beta now to see if it goes away.

Gertjan

Something to try :
Assign WAN and LAN the other way around.
The error is now on the other interface ? You know its most probably a NIC issue.

Btw : If one of the interfaces is a 'Realtek', your search just ended. Stop using it and you'll be fine.

mfld

@gertjan Not in my case. Only one interface exists. WAN. And it's virtio.

I will see how 2.5.2 goes. Any day now. :)