Bug #7923
closed
502 Bad Gateway and unresponsive OS with 2.4
Added by Kill Bill about 7 years ago.
Updated about 7 years ago.
Affected Architecture:
All
- Category set to IPsec
- Assignee set to Anonymous
At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
And since we already know that IPsec status is part of the existing 502 issues, it tracks that it is likely related.
Jim Pingle wrote:
At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
And since we already know that IPsec status is part of the existing 502 issues, it tracks that it is likely related.
Its also present in 2.4.0 it showed up around the 10/3 update. it was on 2.4.1 before then.
The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC snapshots and the actual -RELEASE should be unaffected.
Jim Pingle wrote:
The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC snapshots and the actual -RELEASE should be unaffected.
Issue is still present in 2.4.0.r.20171009.1758. Tested last night. Not using IPSEC, or IPSEC widget. The common issue seems to be having PFBlockerNG installed as well.
- Category changed from IPsec to 119
- Assignee deleted (
Anonymous)
- Priority changed from Very High to Normal
- Affected Version changed from 2.4.1 to 2.4.x
If it's happening on 2.4.0 and started around that time, it's likely related to the FreeBSD 11.1 change and not the IPsec status issue I originally mentioned given the original details of the report.
Please post any error messages you have in the logs when this happens, and list any features you have enabled in pfBlocker. If pfBlocker is the common thread, then there must be some component of it that is triggering it (e.g. DNSBL). Also, if it only affects pfBlocker then it doesn't affect the majority of users so it's not quite so critical. A potential workaround could be placed in the package, for example, rather than requiring alterations to the base system.
- Project changed from pfSense to pfSense Packages
- Category changed from 119 to pfBlockerNG
This is definitely due to a locking issue with file access in the index.php file for pfBlocker DNSBL. Not sure why it changed behavior on FreeBSD 11.1, but that's where it's getting hung up. Eventually enough requests get stuck waiting on a lock the request queue fills up and then nothing can run PHP code.
More details on the forum thread: https://forum.pfsense.org/index.php?topic=137103.msg754234#msg754234
- Subject changed from 502 Bad Gateway and unresponsive OS with 2.4.1 to 502 Bad Gateway and unresponsive OS with 2.4
- Description updated (diff)
- Status changed from New to Resolved
- Target version deleted (
2.4.1)
A new version of pfBlockerNG has been released containing a fix for this problem.
Also available in: Atom
PDF
Updated by 
Updated by