{SEVERE} Group Wheel deleted on Upgrades and unsafe shutdowns



  • Hi Guys

    Sorry if this is the incorrect place to post bug reports like this, but we've been experiencing a very severe issue with pfsense lately.
    Everytime an upgrade or unsafe shutdown is made to the pfsense machine, the group wheel appears to get deleted.

    As a result, services such as webgui, DHCP, SSH and OpenVPN etc stop working. Any web login results in a 503 Service is not available.
    The issue cannot be resolved until a technician goes in and corrects the fault by recreating the group wheel again as root directly on the device and then invoking a restart.

    pw groupadd wheel
    

    Resolution of this fault cannot be done remotely unfortunately.
    This issue has only started occurring since 2.2.0.
    If there is any fix to prevent this issue from reoccurring every restart, please let me know. I have tried backing up the config and doing a reinstall a couple of times, I've recreated a new configuration on a clean install, yet the issue still occurs everytime an upgrade is released.

    Let me know if I need to attach any logs or if you need more details, I will be going into the office tomorrow to resolve the matter again the workaround above and would be happy to attach any logs I gather then and thereafter. At the moment it isn't possible to do remotely as the services are all offline.
    Please note that basic functionality such as NAT and networking still works. However we have offsite users that need to remotely access our network via a VPN and this issue prevents access.

    Regards,


  • Banned

    @Malveas:

    Everytime an upgrade or unsafe shutdown is made to the pfsense machine, the group wheel appears to get deleted.

    Nothing new here. FreeBSD's fsck is über-retarded. https://redmine.pfsense.org/issues/4523



  • Would changing to a different filesystem resolve the issue? Not entirely sure but I think we're using ZFS.


  • Banned

    Not easily doable ATM. You can try the vfs.forcesync=1 mitigation.


  • Rebel Alliance Developer Netgate

    @doktornotor:

    Not easily doable ATM. You can try the vfs.forcesync=1 mitigation.

    In my testing, that was no better. It's worth trying, but I wouldn't expect miracles from it. I haven't yet found any workaround that helped.


Log in to reply