Bug #6802
closedGUI does not respond and vpn stops working
0%
Description
Since I update the firewall to 2.3.x (actualy 2.3.2) Some times GUI does't respond and VPN client are disconnected until I connect by SSH and restart php-fpm.
Please, I need help.
No relevant information on error logs for me:
Sep 21 16:42:08 openvpn user 'XXXXXXXX' authenticated
Sep 21 16:40:52 openvpn 67156 XXXXXX/IP.IP.IP.IP:59617 [XXXXXXXX] Inactivity timeout (--ping-restart), restarting
Sep 21 16:43:53 check_reload_status Reloading filter
Sep 21 16:40:29 php-fpm /index.php: Successful login for user 'admin' from: 192.168.10.78
Sep 21 16:38:10 rc.php-fpm_restart 18017 >>> Restarting php-fpm
Sep 21 16:38:04 sshd 91454 Accepted password for admin from 192.168.10.78 port 63482 ssh2
Sep 21 16:38:52 openvpn 67156 IP.IP.IP.IP:49027 TLS Error: TLS handshake failed
Sep 21 16:38:52 openvpn 67156 IP.IP.IP.IP:49027 TLS Error: TLS object - > incoming plaintext read error
Sep 21 16:38:52 openvpn 67156 IP.IP.IP.IP:49027 TLS_ERROR: BIO read tls_read_plaintext error
Sep 21 16:38:52 openvpn 67156 IP.IP.IP.IP:49027 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Sep 21 16:38:52 openvpn 67156 IP.IP.IP.IP:49027 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1
Sep 21 16:35:53 openvpn 15658 IP.IP.IP.IP:47295 TLS Error: incoming packet authentication failed from [AF_INET]IP.IP.IP.IP:47295
Sep 21 16:35:53 openvpn 15658 IP.IP.IP.IP:47295 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1474468503) Wed Sep 21 16:35:03 2016 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Sep 21 16:35:53 openvpn 15658 IP.IP.IP.IP:59869 TLS Error: TLS handshake failed
Sep 21 16:35:53 openvpn 15658 IP.IP.IP.IP:59869 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2 OpenVPN server for user Ldap authentication
1 OpenVPN for TSL/SSL certificates
IP Carp for wans and lan, but only 1 node pfsense
Multiple WAN, Loadbalancing or failover GWs
Multiple LAN
NATs from WAN to LAN for some app
Site to site IPsec tunel (not stable tunnel I don't know reason, I think to buy a propietary firewall to manage Ipsec)
no more services
Thanks,
Updated by Adam Saint about 8 years ago
I too have seen this issue.
I bought a new newgate sg2440 running 2.3.2_1 and 1 week ago I used it to replace my old customer PFsense machine running much older 2.0 rc3. when I did so I carried the config forward and all was fine but in the last 3 days I have added for the first time an IPSEC tunnel and although the other end is not connected or setup just yet, my end is settup and ready to go. three times however I have experienced just what you described, close to. I connect and see that the gui is sluggish, when after 30-45econd it doesnt respond I SSH in and hit option 16 to restart PHP-FPM. the gui comes back and users that were using remote OpenVPN connections drop, (I beleive they dropped before I reset PHP-FPM. after resetting it, they all reconnect OK. it seems that the behavior is that the GUI is locking up and another symptom of that is VPN users drop and cannot reconnect. resetting PHP-FPM works to restore things.
what information can I provide that could be helpful to you here?
Updated by Jim Pingle about 8 years ago
- Status changed from New to Rejected
- Assignee deleted (
Jim Pingle)
Duplicate of #6406 and others that are all the same base issue: PHP gets wedged and don't respond.