Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SG-3100 Crash on Upgrade/Restore when using URL Tables and OpenVPN

    Official Netgate® Hardware
    3
    8
    271
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • artooro
      artooro last edited by

      I have been able to reliably reproduce a crash on the SG-3100 running both pfSense 21.02.2 and on the latest 21.05-RC by importing a specific type of config from a pfSense 2.4.5-p1 box.
      This also affects upgrades from 2.4.5 to 21.+

      The config needs to have the two following configurations.

      1. A URL table (IPs) alias
      2. An OpenVPN server configured

      If both of those are configured (if just one or the other the issue will not occur) then on boot-up you will get a Segmentation fault (core dumped) error and in system.log you will see a line saying something like pfSense kernel: pid 283 (php-cgi), jid 0, uid 0: exited on signal 11 (core dumped)

      A couple symptoms will be that the WAN never comes up if it's a static IP and the webGUI never starts so you can't login to webConfigurator.

      I'm attaching a demo config here if anyone else wants to try it. This only appears to happen on the SG-3100 from my testing.

      Our team has been spending a lot of time fixing failed upgrades to 21.02.2 and I've narrowed down the problems to when the config has both of these items.
      And the problems still occur in the 21.05-RC branch.

      Example config
      pfsense_bug_example.xml

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS @artooro last edited by

        You're probably finding another trigger for PHP exit with sig 11 on SG-3100, can you post this there?

        We've held off upgrading any SG-3100 since we have most of them running IDS and/or pfBlockerNG.

        Steve

        Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
        When upgrading, let it finish. Allow 10 minutes, or more depending on packages and device speed.

        artooro 1 Reply Last reply Reply Quote 0
        • artooro
          artooro @SteveITS last edited by artooro

          @steveits done
          We also have held off all upgrades but in some cases the end customer has admin access and decides to upgrade against our direction. And when you maintain hundreds of SG-3100s it happens a few times.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Can you try the patch to disable PHP PCRE JIT on #11466 Note 32 ?

            You can install the System Patches package and then create an entry for the patch URL https://redmine.pfsense.org/attachments/download/3707/patch-disable-pcrejit-arm.diff to apply the fix.

            Then run console menu options 16 and 11 to restart PHP and the GUI, or reboot.

            Both URL tables and OpenVPN use PCRE matching so both may be fixed by that patch.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            artooro 1 Reply Last reply Reply Quote 0
            • artooro
              artooro @jimp last edited by

              Yep we've been using that patch for several weeks now.

              jimp 1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate @artooro last edited by

                @artooro said in SG-3100 Crash on Upgrade/Restore when using URL Tables and OpenVPN:

                Yep we've been using that patch for several weeks now.

                Is everything working OK for you now?

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                artooro 1 Reply Last reply Reply Quote 0
                • artooro
                  artooro @jimp last edited by

                  Yes, we just make sure anything that could cause a problem is disabled before upgrading, and then apply the patch before re-enabling and haven't had the issue recur yet.

                  1 Reply Last reply Reply Quote 1
                  • jimp
                    jimp Rebel Alliance Developer Netgate last edited by

                    Great!

                    If you do happen to encounter more PHP crashes, please follow up.

                    Thanks!

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post