"
Hello? is anyone maintaining this package?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
19.1 Legacy Series / Re: mysterious os-haproxy critical error
February 16, 2019, 07:06:35 AM
no idea why my question posted twice. But i looked into it due to the severity of the issue, and noticed something odd... opnsense has mangled the haproxy.conf file. It does this on save/test.
For example, this is what opnsense writes to haproxy.conf for the frontend:
frontend cloud
bind {DOMAIN_REDACTED_1}:443 name {DOMAIN_REDACTED_1}:443 ssl rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
bind {DOMAIN_REDACTED_2}:443 name {DOMAIN_REDACTED_2}:443 ssl rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
But that does not appear to be valid haproxy config. It's jamming the rspadd in the middle of the ssl directive. When I hand edited haproxy.conf to this, everything worked again:
frontend cloud
bind {DOMAIN_REDACTED_1}:443 name {DOMAIN_REDACTED_1}:443 ssl crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
bind {DOMAIN_REDACTED_2}:443 name {DOMAIN_REDACTED_2}:443 ssl crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
For example, this is what opnsense writes to haproxy.conf for the frontend:
frontend cloud
bind {DOMAIN_REDACTED_1}:443 name {DOMAIN_REDACTED_1}:443 ssl rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
bind {DOMAIN_REDACTED_2}:443 name {DOMAIN_REDACTED_2}:443 ssl rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
But that does not appear to be valid haproxy config. It's jamming the rspadd in the middle of the ssl directive. When I hand edited haproxy.conf to this, everything worked again:
frontend cloud
bind {DOMAIN_REDACTED_1}:443 name {DOMAIN_REDACTED_1}:443 ssl crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
bind {DOMAIN_REDACTED_2}:443 name {DOMAIN_REDACTED_2}:443 ssl crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
#3
19.1 Legacy Series / mysterious os-haproxy critical error
February 16, 2019, 06:40:15 AM
Without changing anything, and only after restarting haproxy, I'm not seeing the following error (it has been running fine for a week or two):
[ALERT] 045/233516 (61176) : parsing [/usr/local/etc/haproxy.conf:40] : 'bind {REDACTED_DOMAIN_NAME}:443' unknown keyword 'rspadd'. Registered keywords :
...
I am now unable to start haproxy, which is causing me some major grief. any idea what this means? google brings up nothing
[ALERT] 045/233516 (61176) : parsing [/usr/local/etc/haproxy.conf:40] : 'bind {REDACTED_DOMAIN_NAME}:443' unknown keyword 'rspadd'. Registered keywords :
...
I am now unable to start haproxy, which is causing me some major grief. any idea what this means? google brings up nothing
#4
19.1 Legacy Series / Enabling IDS with or without any rule sets causes router to become unresponsive
February 06, 2019, 04:19:36 AM
I'm running the latest opnsense along with the latest suricata. When I enable IDS with or without enabled rule sets, the available RAM quickly decreases. Once it reaches about 81% used, the web ui and the router become completely unresponsive. I am only able to recover with a hard reboot. Processor is a J1800 w/ 2GB RAM. Intel 1 gig nics.
Any thoughts on what might be causing this? I started out with 18.7, and then quickly upgraded to 19.1. 18.7 was only running for a few hours, with both IDS and IPS enabled (no freeze/RAM issues).
Any thoughts on what might be causing this? I started out with 18.7, and then quickly upgraded to 19.1. 18.7 was only running for a few hours, with both IDS and IPS enabled (no freeze/RAM issues).
Pages1
