Bug #7923
closed
502 Bad Gateway and unresponsive OS with 2.4
0%
Description
Multiple users complaining that following the infamous 502 Bad Gateway, they eventually are unable to do anything with the OS, not just GUI, but also SSH and even via serial console.
https://forum.pfsense.org/index.php?topic=137103.msg753678#msg753678
https://forum.pfsense.org/index.php?topic=137103.msg753782#msg753782
https://forum.pfsense.org/index.php?topic=86212.msg753480#msg753480
Updated by Jim Pingle over 6 years ago
- Category set to IPsec
- Assignee set to Anonymous
At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
And since we already know that IPsec status is part of the existing 502 issues, it tracks that it is likely related.
Updated by Chad Brandenburg over 6 years ago
Jim Pingle wrote:
At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
And since we already know that IPsec status is part of the existing 502 issues, it tracks that it is likely related.
Its also present in 2.4.0 it showed up around the 10/3 update. it was on 2.4.1 before then.
Updated by Jim Pingle over 6 years ago
The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC snapshots and the actual -RELEASE should be unaffected.
Updated by Chad Brandenburg over 6 years ago
Jim Pingle wrote:
The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC snapshots and the actual -RELEASE should be unaffected.
Issue is still present in 2.4.0.r.20171009.1758. Tested last night. Not using IPSEC, or IPSEC widget. The common issue seems to be having PFBlockerNG installed as well.
Updated by Jim Pingle over 6 years ago
- Category changed from IPsec to 119
- Assignee deleted (
Anonymous) - Priority changed from Very High to Normal
- Affected Version changed from 2.4.1 to 2.4.x
If it's happening on 2.4.0 and started around that time, it's likely related to the FreeBSD 11.1 change and not the IPsec status issue I originally mentioned given the original details of the report.
Please post any error messages you have in the logs when this happens, and list any features you have enabled in pfBlocker. If pfBlocker is the common thread, then there must be some component of it that is triggering it (e.g. DNSBL). Also, if it only affects pfBlocker then it doesn't affect the majority of users so it's not quite so critical. A potential workaround could be placed in the package, for example, rather than requiring alterations to the base system.
Updated by Jim Pingle over 6 years ago
- Project changed from pfSense to pfSense Packages
- Category changed from 119 to pfBlockerNG
This is definitely due to a locking issue with file access in the index.php file for pfBlocker DNSBL. Not sure why it changed behavior on FreeBSD 11.1, but that's where it's getting hung up. Eventually enough requests get stuck waiting on a lock the request queue fills up and then nothing can run PHP code.
More details on the forum thread: https://forum.pfsense.org/index.php?topic=137103.msg754234#msg754234
Updated by Jim Pingle over 6 years ago
- Subject changed from 502 Bad Gateway and unresponsive OS with 2.4.1 to 502 Bad Gateway and unresponsive OS with 2.4
- Description updated (diff)
Updated by Jim Pingle over 6 years ago
- Status changed from New to Resolved
- Target version deleted (
2.4.1)
A new version of pfBlockerNG has been released containing a fix for this problem.