502 Bad Gateway and unresponsive OS with 2.4
Multiple users complaining that following the infamous 502 Bad Gateway, they eventually are unable to do anything with the OS, not just GUI, but also SSH and even via serial console.
#2 Updated by Chad Brandenburg 2 months ago
Jim Pingle wrote:
At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
And since we already know that IPsec status is part of the existing 502 issues, it tracks that it is likely related.
Its also present in 2.4.0 it showed up around the 10/3 update. it was on 2.4.1 before then.
#4 Updated by Chad Brandenburg 2 months ago
Jim Pingle wrote:
The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC snapshots and the actual -RELEASE should be unaffected.
Issue is still present in 2.4.0.r.20171009.1758. Tested last night. Not using IPSEC, or IPSEC widget. The common issue seems to be having PFBlockerNG installed as well.
#5 Updated by Jim Pingle 2 months ago
- Category changed from IPsec to pfBlockerNG
- Assignee deleted (
- Priority changed from Very High to Normal
- Affected Version changed from 2.4.1 to 2.4.x
If it's happening on 2.4.0 and started around that time, it's likely related to the FreeBSD 11.1 change and not the IPsec status issue I originally mentioned given the original details of the report.
Please post any error messages you have in the logs when this happens, and list any features you have enabled in pfBlocker. If pfBlocker is the common thread, then there must be some component of it that is triggering it (e.g. DNSBL). Also, if it only affects pfBlocker then it doesn't affect the majority of users so it's not quite so critical. A potential workaround could be placed in the package, for example, rather than requiring alterations to the base system.
#6 Updated by Jim Pingle 2 months ago
- Project changed from pfSense to pfSense Packages
- Category changed from pfBlockerNG to pfBlockerNG
This is definitely due to a locking issue with file access in the index.php file for pfBlocker DNSBL. Not sure why it changed behavior on FreeBSD 11.1, but that's where it's getting hung up. Eventually enough requests get stuck waiting on a lock the request queue fills up and then nothing can run PHP code.
More details on the forum thread: https://forum.pfsense.org/index.php?topic=137103.msg754234#msg754234