Bug #6812
closed
IPsec filterdns crash
0%
Description
This appears intermittently in the system logs:
Sep 24 00:27:13 php-fpm 73703 /rc.newipsecdns: The command '/usr/local/sbin/filterdns -p /var/run/filterdns-ipsec.pid -i 60 -c /var/etc/ipsec/filterdns-ipsec.hosts -d 1' returned exit code '71', the output was '/var/etc/ipsec/filterdns-ipsec.hosts:1: Command is mandatory on CMD type directive'
Sep 24 00:27:13 php-fpm 73703 /rc.newipsecdns: No phase2 specifications for tunnel with REQID =
Sep 24 00:27:08 check_reload_status Reloading filter
Sep 24 00:27:08 php-fpm 37979 /rc.newipsecdns: The command '/usr/local/sbin/filterdns -p /var/run/filterdns-ipsec.pid -i 60 -c /var/etc/ipsec/filterdns-ipsec.hosts -d 1' returned exit code '71', the output was '/var/etc/ipsec/filterdns-ipsec.hosts:1: Command is mandatory on CMD type directive'
Sep 24 00:27:08 php-fpm 37979 /rc.newipsecdns: No phase2 specifications for tunnel with REQID =
Sep 24 00:27:07 php-fpm 73703 /rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Also there are literally hundreds of entries in system logs > DNS resolver like these (note the hosts are not always "adblockplus.org"...:
Sep 24 09:34:58 filterdns failed to resolve host server19.adblockplus.org will retry later again.
Sep 24 09:34:58 filterdns failed to resolve host server5.adblockplus.org will retry later again.
Sep 24 09:34:57 filterdns failed to resolve host server19.adblockplus.org will retry later again.
Are these two events related at all or are they independent? Is the second one merely related to hosts being blocked by pfblockerNG or Snort?
pfSense version:
2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p5
Installed packages:
Cron
freeradius2
ntopng
pfBlockerNG
RRD_Summary
Service_Watchdog
snort
squid
squidGuard
Updated by Jim Thompson over 7 years ago
- Assignee set to Jim Pingle
Assigned to Pingle for analysis.
Updated by Jim Pingle over 7 years ago
- Subject changed from filterdns crash to IPsec filterdns crash
- Category set to IPsec
- Status changed from New to Feedback
- Assignee changed from Jim Pingle to Louis-Philippe Allard
The two events are not related.
The first is an issue with an IPsec tunnel peer address that was entered as a fully qualified domain name and not an IP address. It is complaining about the contents of /var/etc/ipsec/filterdns-ipsec.hosts -- if you still see this error, post the contents of that file so we can see what is inside, and let us know what peer address you have used for your IPsec tunnel(s) which have been entered as hostnames.
The other errors are failures to resolve, and are most likely related to pfBlocker. They could be normal depending on the circumstances. It means there was an entry in an alias for that hostname and for whatever reason, a result could not be obtained from DNS servers for that hostname. Either the hostname is invalid, upstream DNS servers were not responding, or something along those lines.
Updated by Louis-Philippe Allard over 7 years ago
OK these issues have surfaces again this morning. Truth be told, I have no idea what's Ipsec and as far as I know, Im not using this feature at all....... So this is mostly not a configuration issue...
The content of "/var/etc/ipsec/filterdns-ipsec.hosts" is:
cmd '/usr/local/sbin/pfSctl -c "service reload ipsecdns"'
This morning some websites did not resolve (may be unrelated?)
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Not a Bug
No other reports and it's working fine for others. Either was a temporary glitch or something on that system at the time.
Updated by Louis-Philippe Allard over 6 years ago
This issue has not surfaced again. I agree with Jim Pingle.