Hello,
This morning,
I log in to my OPNsense GUI as usual, but got this instead:
CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
Config is the same as it was yesterday
What did I do wrong this time ?
While searching the forum, I found an old post mentioning this problem, but it'S only a question, no answer, no workaround ...
Sounds like a stale cookie is making OPNsense think you're not legit. This is a client (browser) side issue.
Try from an icognito/private windows or use a different browser. Dropping cache may help but it is a hassle.
Bart...
Indeedledy. Just to add:
Usually a close tab, then open solves.
Sometimes it needs a new broser session, but rarely.
As Bart says, stale bowser session cookie.
Same result in private window
Same result in different browser
From Laptop1 on LAN1 =
Access to Interface GUI )192.168.101.101) ok, I have the log-in page, I enter my login and password, and *then*
on Brave: move to HTTP:// (instead of HTTPS:) with CSFR error msg
On FF: Stays on HTTPS:// with CSRF error msg
Same test, same results from Tablet on LAN2 (accessing 192.168.102.101) ...
Same test, same results from Laptop2 on LAN2 (accessing 192.168.102.101) ...
Same test, same results from Laptop4 on LAN3 (accessing 192.168.103.101) ...
SSH from Laptop1 => root access OK
just refreshing the page the problem not going away?
Some browser extension blocky thingie?
Quote from: cookiemonster on October 11, 2024, 04:30:09 PM
just refreshing the page the problem not going away?
Some browser extension blocky thingie?
No browser extension, same browser as yesterday, no change
Tried different browser, from 4 devices (on all 3 LAN)
Seems to be centralised to OPNsense, not client specific
Devices on LAN2 have access to the WiFi router AP GUI, connect + login, no problem
So it seems it's only OPNsense
Since I have access to the SSH, I'm wondering if I should restart with a previous BU, but ... IDK what change I did that triggered this BU, therefore if I revert, I will lose the last changes which I don't remember about :(
Potentially, the system time is off on either OpnSense or your clients?
And, still same issue right:? CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
No, don't restore a Boot Environment. This is just client side message saying the session cookie has expired, nothing else.
Ctl+Shift+I on windows machine brings the dev tools console. Refresh the page and see on the network "tab" of this tool what shows. From there you can also remove the cookie stored. Storage "tab".
Quote from: meyergru on October 11, 2024, 05:35:53 PM
Potentially, the system time is off on either OpnSense or your clients?
SSH - 8 shell the time is the same as for the clients
Quote from: cookiemonster on October 11, 2024, 05:47:40 PM
And, still same issue right:? CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
No, don't restore a Boot Environment. This is just client side message saying the session cookie has expired, nothing else.
Ctl+Shift+I on windows machine brings the dev tools console. Refresh the page and see on the network "tab" of this tool what shows. From there you can also remove the cookie stored. Storage "tab".
On all 5 clients all at the same time ?
All cookies and cash cleared on Laptop1 (192.168.101.102) to 192.168.101.101 => no change
Ctrl-shft-I on Laptop4 (192.168.103.102) => 192.168.103.101 - 403 Forbidden
Can you try browsing to the IP address (ignore the cert warning, of course) and/or add an entry for the firewall name in your hosts file?
Quote from: bartjsmit on October 11, 2024, 06:25:21 PM
Can you try browsing to the IP address (ignore the cert warning, of course) and/or add an entry for the firewall name in your hosts file?
I can browse to the IP, since it's giving me the login page, but it's when I enter my credential and hit send that I got the CSRF error message
Adding an entry for the FW name in my host ? I have no idea what that is
I went ahead and reverted to last BU in my list
SSH => 8 shell => 13 revert => 1 last change
Error, No space left !
what ? how did it fill-up 90Gb of disk in one night ??
I guess I left some tracking on overnight ...
So no trying option 5, turn off
Otherwise, hard kill.
Quote from: MarieSophieSG on October 11, 2024, 10:18:43 PM
Error, No space left !
what ? how did it fill-up 90Gb of disk in one night ??
Quotedf -h
?
Let's check the disk usage:
SSH to the machine, change directory to the root, then df -h
$ cd /
$ df -h
Then let's have a little look at the partitions:
$ gpart show
Previous:
> On all 5 clients all at the same time ?
No, this web dev tools is useful to delete specific cookies and to analyse the browser-server conversation. Just the one machine being used to diagnose is sufficient.
For seeing if you can trace the login error on the server side you could try (with root permissions):
# cat /var/log/audit/latest.log | grep 'WebGui'
after the attempt to login. Should leave a trace. 403 Forbidden is good in a way.
Are you logging in as a user you created previously that is not "root"?
If as root and perhaps the password is wrong, you can reset it from the console main menu, option 3
And just so we know the right port and interface where lighttpd is listening can you post also the result of (in code quotes here):
# sockstat | grep light
Finally, it would be good also to see the ifconfig result:
#ifconfig
you can redact your public ip if you wish for privacy. We just need the rest.
Quote from: cookiemonster on October 12, 2024, 12:07:28 AM
Previous:
> On all 5 clients all at the same time ?
No, this web dev tools is useful to delete specific cookies and to analyse the browser-server conversation. Just the one machine being used to diagnose is sufficient.
Sorry, my meaning was about the suggestion that it could be a client-side problem rather than central OPNsense, my reaction was: On all five client at the same time ? (if it was a coockie or browser problem)
Anyway, as I SSH'd reboot, which was refused, and even opt. 5 OFF, so I hard switched it off and I just took the box out of its shelf, went back to the wokbench, screen+keyboard => reinstall
I saw many weird messages at first, and a long time hanging, clamAV was still installed and running (despite being removed from the GUI), etc .. so that convinced me to do a fresh reinstall
Much quicker than the first, on the user side :-p
Now all access back up and running ... will do a backup right away in this "stock running" state, and then I will resume my tentative to have all laptops accessing both NAS as by default, LANs don't communicate with each others
While going through all set-up, I saw:
Enable HTTP Strict Transport Security
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking.
And
Disable HTTP_REFERER enforcement check
When this is unchecked, access to the web GUI is protected against HTTP_REFERER redirection attempts. Check this box to disable this protection if you find that it interferes with web GUI access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from Wikipedia.
Which I may have triggered in the previous config, not sure but it rings me some bell, I think I did the first HSTS ...
Could that be the reason ?
yes, I was going to suggest to change as a test that but it was a chicken and egg situation.
Glad you're fine again.
I have the same problem. Latest opnsense on hyper-v installation and it crash all. When try log in to admin panel get:
CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
I have old version opnsense on second VM and never getting this error...
Any idea?
Your browser opens a cached page with the wrong CSRF token. Just flush your cache.
Cheers,
Franco
Just had same problem, this message appeared on any browser. Turned to be lack of free space, result of extreme filter.log sizes last few days due to overly active ssh bruteforcing. Found this post while attempting to get in line to ssh. As i understand in this case Opnsense was reinstalled without free space check, so it is quite possible it had same problem,