Project

General

Profile

Bug #8856

IPsec not starting and getting PHP error

Added by Vladimir Lind 10 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
VPN
Target version:
Start date:
08/31/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.4
Affected Architecture:

Description

on SG3100 Thu Aug 30 00:38:38 EDT 2018

Crash report begins. Anonymous machine information:

arm
11.2-RELEASE-p2
FreeBSD 11.2-RELEASE-p2 #80 ef03b27b545(factory-RELENG_2_4_4): Thu Aug 30 00:55:02 EDT 2018 root@buildbot3:/builder/crossbuild-master/obj/armv6/C5dYt69Q/arm.armv6/builder/crossbuild-master/pfSense/tmp/FreeBSD-src/sys/pfSense-SG-3100

Crash report details:

PHP Errors:
[31-Aug-2018 09:17:05 Europe/Moscow] PHP Warning: mkdir(): File exists in /etc/inc/vpn.inc on line 174
[31-Aug-2018 09:18:49 Europe/Moscow] PHP Warning: mkdir(): File exists in /etc/inc/vpn.inc on line 174
[31-Aug-2018 09:19:58 Europe/Moscow] PHP Warning: mkdir(): File exists in /etc/inc/vpn.inc on line 174

In IPsec log:

Aug 31 09:20:05 charon 09[IKE] <con1000|4> no private key found for '<ddns local peer ID>'

Associated revisions

Revision b5a4633f (diff)
Added by Jim Pingle 10 months ago

Use safe_mkdir() for IPsec dirs. Fixes #8856

Simplifies the process of making IPsec dirs, though it may not correct
the original reported issue since that appears to be a disk problem,
it's still better/safer than what was done here before.

History

#1 Updated by Jim Pingle 10 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle

I see some room for improvement in that area of the code, but that error appears to come from a disk issue.

Speaking with @vlind on Slack he attempted to look at the directory and received this:

ls -la /var/etc/ipsec/ipsec.d
ls: /var/etc/ipsec/ipsec.d: Bad file descriptor

And the ipsec.d directory does not exist under /var/etc/ipsec/. With a working filesystem that should say "No such file or directory".

I'll commit the fix I have worked up here but the original issue will most likely be corrected by a fsck of the drive.

#2 Updated by Jim Pingle 10 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#3 Updated by Vladimir Lind 10 months ago

Yes, fsck fixed IPsec issue, now it works, thank you.

  • Last Mounted on /
  • Root file system
  • Phase 1 - Check Blocks and Sizes
  • Phase 2 - Check Pathnames
    UNALLOCATED I=323499 OWNER=root MODE=0
    SIZE=0 MTIME=Jan 1 03:00 1970
    NAME=/var/etc/ipsec/ipsec.d

UNEXPECTED SOFT UPDATE INCONSISTENCY

REMOVE? yes

#4 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF