OPNsense Forum
English Forums => General Discussion => Topic started by: hammer on February 24, 2019, 05:45:39 pm
-
Hi Guys;
I have installed a few new instances in the past few weeks, but this error is driving me nuts. When installing an instance all goes, well, I set it up, and it works for like half an hour, and then everything stops working.
I get the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" when trying to login to UI.
I can not SSH, as the SSH client says the fingerprint is changed.
But when I force-reboot, it starts working again, till it brakes in a few minutes once again. I understand this is probably an issue with SSL, and i tried to search the net and read about this with no luck.
This is driving me crazy. Help!
Thanks. :)
-
Are you sure you're going through the install, and not running the live version?
Can you restore a known working config file from a successful deployment?
Bart...
-
I get the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" when trying to login to UI.
Very likely that you try to load the web interface over HTTPS while it is on HTTP.
I can not SSH, as the SSH client says the fingerprint is changed.
If there is a reason for that, remove it from ~/.ssh/known_keys and it should work again.
But when I force-reboot, it starts working again, till it brakes in a few minutes once again. I understand this is probably an issue with SSL, and i tried to search the net and read about this with no luck.
Try to log in using SSH and restart the web interface. If it still has this issue, then it is very likely that there is something broken on the file system (very likely caused by a hard reboot btw.). In that case the question is which component is defect and then it need to be reinstalled.
-
HI There;
Are you sure you're going through the install, and not running the live version?
Can you restore a known working config file from a successful deployment?
Bart...
yes I am sure, it's installed. in fact I installed iut several times, thought maybe somewhere I am making a mistake, but no. It still behaves exactly the same.
Look, the problem is somehow a SSL / Cipher issue. The thing that I don't underrated, is why it works for a while, and then brakes. I tried installing fresh installation, tried restoring successful config, etc. The same behavior all the time.
-
Can you replicate the issue in multiple browsers ? If so, which ones ?
Does it happen on the default config after going through the setup process or only after you import the old configuration ?
Also, please post screenshots of the SSL error, the more details the better.
-
Can you replicate the issue in multiple browsers ? If so, which ones ?
Does it happen on the default config after going through the setup process or only after you import the old configuration ?
Also, please post screenshots of the SSL error, the more details the better.
Yes, on all browsers, no matter the platform or type of browser.
here is the screenshots:
Chrome / Brave:
(http://i67.tinypic.com/24cb05i.png)
Firrefox:
(http://i64.tinypic.com/30jiplk.png)
Please remember that when this happens, it is fixed (temporarily) by a restart. It's not a hard restart as I installed VMware plugin, and it handles a soft-restart by issuing the restart command in the hypervisor.
Whatever it is, it's a ssl / cipher issue. And, it happens with clean install as well, not only when I import. I did clean install and boom, here we go again.
-
Looks like an SSL issue for sure, but it appears to be anything but OPNsense related, for the following reasons:
1. Default OPNsense installation does zero proxying - and a proxy issue might be at play there.
2. You only show a random dyndns.org failed connection - which may very well be SSL miscofigured on the target server.
3. While we don't see any other examples like Google.com in any browser, the mere fact that you're observing the issue with and without the default and desired configuration is a clear indication the problem lies somewhere else, and expecting different results while repeating the same installation steps is a definition for something else :-)
4. Out ouf curiosity, do you happen to have a lousy AV that MITMs your SSL traffic without you having a clue about the default behaviour ?
-
Looks like an SSL issue for sure, but it appears to be anything but OPNsense related, for the following reasons:
1. Default OPNsense installation does zero proxying - and a proxy issue might be at play there.
2. You only show a random dyndns.org failed connection - which may very well be SSL miscofigured on the target server.
3. While we don't see any other examples like Google.com in any browser, the mere fact that you're observing the issue with and without the default and desired configuration is a clear indication the problem lies somewhere else, and expecting different results while repeating the same installation steps is a definition for something else :-)
4. Out ouf curiosity, do you happen to have a lousy AV that MITMs your SSL traffic without you having a clue about the default behaviour ?
HI there;
A) I use linux desktop, and no AV. so no. Also checked with a windows machine. the same result.
B) all other services stop working, like SSH, VPN, etc on the OPNsense instance.
C) I even this time did set the UI to work only on http, so see if I bump into the problem again, and sure enough after a few minutes, it is switched to https again! and the same error.
D) It is not related to dyndns as I have the same problem when I use the IP to work with the server.
this is really making me angry now...
-
Ok, problem found! 8)
There is an IP conflict. On the same IP, there is another VM running, and for some reason it doesn't show there is an IP conflict. After like 5 minutes, it started.
So that's why everything went bananas. During the troubleshooting, I changed the IP. and saw something is still responding on the old IP! so there we go.
Thanks guys for the brainstorming. It was a idiotic problem but then the symptoms were very very strange. ;D