Messages

Can you try this simple patch? https://github.com/opnsense/plugins/commit/bd96fcfe

From the root shell it installs via:

# opnsense-patch -c plugins bd96fcfe

After that, apply the configuration again.

If it doesn't work, run the patch command again to remove the patch.


Cheers,
Franco

Thanks but it killed it  ;D

reverted back...

I have some ssl enforced settings on the global config... not sure if i should take it back and then apply the patch again

Hi Franco,

Any other work around worth trying ?

Cheers

Can you try this simple patch? https://github.com/opnsense/plugins/commit/bd96fcfe

From the root shell it installs via:

# opnsense-patch -c plugins bd96fcfe

After that, apply the configuration again.

If it doesn't work, run the patch command again to remove the patch.


Cheers,
Franco

Thanks but it killed it  ;D

reverted back...

I have some ssl enforced settings on the global config... not sure if i should take it back and then apply the patch again

There are two paths in your screenshot, one for a .conf file and one for a .pem file.

Yes right  :)

so in the line 62 i have:

bind PUBLIC IP:443 name PUBLIC IP:443 ssl crt /var/etc/haproxy/ssl/4435345346dcdd7a.pem crt /var/etc/haproxy/ssl/345353453534.pem crt /var/etc/haproxy/ssl/59294353454353572.pem crt /var/etc/haproxy/ssl/54354353453d.pem crt /var/etc/haproxy/ssl/3452342456.pem

and goes forever on that line until the last certificate.

is there any way to split that line into 63 and 64 so HAproxy can read it correctly ?

But the same holds true for 31 certs or 32... Could you check the actual config file to see why the line is overly long? It's what the error says, not that it's more than 29 certs. :)


Thanks,
Franco

Where is the config file location ?

The error would suggest one or all certificates are put on a single line, which causes the line read to fail at some point because the line buffer is too small.

It would be in the config file, you can see the line is too long, but I have no idea why.


Cheers,
Franco

Humm I see, this only happens when I reach the 30 ssl mark, 29 ssls are fine, 30 gives the error. I can alternate the SSLs as long as i dont go over 30 everything works perfectly.

it would be a shame if there is no fix, this is such a great box OPNsense..

Cheers

Hi akron,

Notified maintainer.


Cheers,
Franco

Thanks

any idea why is this happening? I'm open to speculation dont mind to try work around it...

Cheers

Hi guys,

I am hoping someone could help me.

I have HA proxy configured and integrated with Lets Encrypt, 1 Front-end on port 443 and several back-ends, ACLs etc

However I just hit the mark of 30 SSLs added to the same front-end and once I try to add more I receive a error in config

any idea why there is a limit ?

Please see the picture attached.

Thanks

Since 4 or 5 minor release, we have a 100% CPU on HAProxy after some time (1-2 months).
Only a reboot solve the problem.
Anybody with this problem too?

When HAProxy will be updated to 1.7.x? or at minima to last 1.6 (1.6.12)?

I have an HA setup with HA Proxy and runs pretty sweet, consumes a little CPU on heavy load but then comes back to idle...

so far HA Proxy 1.6 seems rock solid

The only problem I have is when Failing over to backup firewall, master firewall stays on as cant kill HAproxy process, so the work around for me to failover is to cut the network first and then is fails over normally.

Dear everyone,

i am working to add some sites to HAProxy, but i am getting following error with test syntax as showing in attachment.
Please show me how to fix it.

Thank you.

I have the same, not really sure but its working, is just a warning...

Going by my reply in another thread, yes haproxy was the culprit:

I upgraded from 17.1.6-amd64 to 17.1.7 via the console option the following happened:


1. The upgrade could not reboot as it was waiting for a process, which when I killed simply killed my external connection. The process was "haproxy". When I arrived home I was unable to ssh to the box, my password was refused, used the console directly, root/no password and issued  a "reboot".

Ok cool, did you found any work around for this?

Because HA works well if I cut the network immediately fails-over to the backup firewall, but if I restart the main Firewall hangs over and does not failover causing interruption of service.

Cheers

Ok, would that also explain why earlier I tried twice to reboot from the console menu, and only when I went to the shell and typed "reboot" did it actually reboot?

I'm was not able to see the main screen at the time to see if it showed anything, but the SSH session did not show any PIDs it was waiting for.

Did you discover the PID causing this issue?

I am still facing the problem I suspect HAproxy is the one, in theory should fail-over without problem to the Backup FW

Cheers

Hi,

I am experiencing something similar, have an HA Setup with HA proxy and the master Firewall does not reboot or power off without going to the console and entering reboot or poweroff.

Backup Firewall reboots without problems when is not being used but If I failover the master one to the backup firewall, backup firewall does not reboot with the same behaviour.

Could this be a bug in HA config or similar?

Cheers