pfsense 2.6.0 sshguard @ web gui bug/crash
-
@violetdragon said in pfsense 2.6.0 sshguard @ web gui bug/crash:
after a fresh install?
??
You put gasoline in your car : it won't start.
You put better gasoline in your car : it still doesn't start.
You develop "just made for you" gasoline in your car : still a no go.
Because the motor is/was dead.Look for the common factors.
Use a bare metal system, any ancient desktop device with a double NIC will do.
VM's are great, but add another boatload of possible issues. -
@gertjan That is what I have done, I have tested on a Xen Hypervisor and a Dell T3600 and the problem is still there. I am going to revert back to 2.5.2 because 2.6.0 seems to be unreliable with the Gui Crashing left right and center!
-
@violetdragon said in pfsense 2.6.0 sshguard @ web gui bug/crash:
The logs are fulled up with,
Apr 27 10:36:27 check_reload_status 435 Syncing firewall Apr 27 10:36:23 check_reload_status 435 Syncing firewall Apr 27 10:36:22 check_reload_status 435 Syncing firewall Apr 27 10:36:20 check_reload_status 435 Syncing firewallOk, this is good. That's the first evidence we've seen of some process misbehaving. Something is continually reloading the firewall. Did you apply the keep-counters patch?
It's one of the recommended patches in the System Patches package. If your system is reloading that frequently it will be affected by that.
It's fixed in 2.7 if you're able to test a snapshot.
Now that may be a symptom and not the cause of course.Any config that works in 2.5.2 should work in 2.6 but clearly there are edge cases and you seem to have found one. Since most users are not hitting it though we have no way to replicate it to try to fix it without your input. Something in your config is unique.
Steve
-
@stephenw10 hi, what is the patched? Do you have any documentation of it? I have removed all widgets leaving system information and it is behaving itself. It's a strange one but I think it's one of the widgets.
-
Sure it's this: https://redmine.pfsense.org/issues/12827
I suspect the problem showing the dashboard is showing up because one of the widgets id trying to access some data that isn't available during a filter reload and it's apparently reloading all the time. That bug might mean that there is no access when that happens but it should not cause it. Unless it's stuck in a race condition for some reason.
Steve
-
@stephenw10 Hi sorry for such a slow reply been a bit busy. However it seems that the problem has gone away by removing the widget then putting them back again however my suspicion is it's either that NTP Widget which is broken or its pfblockerng widget. I have all the other widgets and it seems fine.
Thanks.
Jack.
-
Of the two I would suspect the ntp widget more since it pulls in real-time data whereas the pfBlocker widget shows only counts which I believe is cached. Though I've never really dug into it that deep!
I assume it was not immediately obvious which it is from enabling them? -
@stephenw10 I have not determined which it is but I have removed both widget and seems to be behaving itself right now, I need NTP to be functional because I use Time Based security for the Yubikey's i have.
-
Well you obvuoiusly don't actually need the widget for NTP to work but it's nice to check it that way. I have the NTP widget up here, complete with GPS info, and it's never given trouble.
Try querying ntp at the command line, is there a delay?
[2.6.0-RELEASE][admin@pfsensemirror.stevew.lan]/root: ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 2.pfsense.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000 +time.cloudflare 10.20.14.167 3 u 142 512 377 12.333 -0.083 0.149 -ns1.do.steersne 114.199.6.79 2 u 72 512 377 7.008 -0.542 0.375 *103.219.22.112 193.67.79.202 2 u 193 512 377 6.833 +0.117 1.862 +1fv-x-e0001-e7a 193.150.34.2 3 u 175 512 377 8.463 +0.730 2.103It tries to use reverse dns on those which can take a second or two.
Steve
-
@stephenw10 Yeah that is why I use the Widget can just log into the home page and it's there but it is no biggie, I can always check it via CLI. I have actually been looking at GPS modules that plug into the Serial on the Firewall but not sure what is recommended and what isn't.
Only 3 Widgets that are not on the home page now is Services, pfBlockerng & NTP it is behaving itself as we speak.
-
@stephenw10 Hi Stephenw, I have some more information on the problem, I have found exactly what widget is causing the problem, I have a package called NUT for my UPS I just enabled the widget and the Web Gui is no longer working again it has been fine since disabling the widget.
This can be marked as solved.
Thanks.
Jack.
-
Ah, nice work.
However that shouldn't cause a problem. How is it configured?
Steve
-
@stephenw10 It is configured over USB.
-
Anything special there? Any errors it shows?
Does the NUT status page ever show problems maybe?
Steve
-
@stephenw10 Actually when going to NUT itself it does not load it causes the gui to crash again.
-
Hmm, what pkg version is it?
Can you show us the NUT config?
-
@stephenw10 It is version 2.7.4_10. When I go to Services -> UPS the Gui then acts up and does not load. I cannot access it all.
-
Something bad in the config file?
The NUT package config is stored there. Hard to see how it could be bad though, I assume iot was working previously? In an older version?
Steve
-
@stephenw10 Has been working fine since updating to 2.6.0. I might just uninstall the package and reinstall it and see if that helps.
-
@stephenw10 Weird the UPS Section is now working.
