CrowdSec not starting in 25.1.8_1

irrenarzt · June 12, 2025, 03:56:07 PM

I can't get CrowdSec services to run after the update, and I see someone else reported the same issue on Reddit.

Error configd.py Timeout (120) executing : crowdsec decisions-list
Error configd.py Timeout (120) executing : crowdsec alerts-list

I'm also seeing other report no issues. Any ideas?

irrenarzt · June 12, 2025, 04:27:08 PM

For the others that were impacted, I identified the problem:

It's because of GEOIP block lists. I disabled my firewall block lists, and the service started running again.

I didn't realize this until after I reverted to 25.1.7_4, and the service still wouldn't start. Re-ran the update, and still wouldn't work. Turns out it was just firewall rules all along.

What country is CrowdSec running in? It's odd that this wasn't a problem up until today.

superduke1010 · June 12, 2025, 04:54:22 PM

Hello...I had the same issue. When you say you disabled your firewall blocklists, do you mean your L3 floating rules NAT ones? If so, which do you have?

I agree, it's odd that for whatever reason the crowdsec files aren't reachable because of GEOIP blocking...I personally don't have geo block setup, just some L3 and DNSBLs via Unbound.

irrenarzt · June 12, 2025, 05:09:21 PM

Yes, I disabled the floating rules associated with IP block lists to get it working.

Besides GEOIP, then only other list I use is FIREHOL3... which I guess could also be the problem if it's running a false positive. I'm just used to GEOIP being the underlying problem behind something not working right.

mmetc · June 12, 2025, 05:11:47 PM

Quote from: irrenarzt on June 12, 2025, 03:56:07 PMI can't get CrowdSec services to run after the update, and I see someone else reported the same issue on Reddit.

Error configd.py Timeout (120) executing : crowdsec decisions-list
Error configd.py Timeout (120) executing : crowdsec alerts-list

I'm also seeing other report no issues. Any ideas?

Hi, I am the maintainer of the plugin and can't replicate the issue.

Could you please run

# cscli support dump

and send us the resulting file at support@crowdsec.net? It will send part of the configuration and some logs, nothing sensitive.

Also let me know if "cscli hub update" and "cscli hub upgrade" work without errors.

Thanks!

irrenarzt · June 12, 2025, 05:23:23 PM

Quote from: mmetc on June 12, 2025, 05:11:47 PM
Quote from: irrenarzt on June 12, 2025, 03:56:07 PMI can't get CrowdSec services to run after the update, and I see someone else reported the same issue on Reddit.

Error configd.py Timeout (120) executing : crowdsec decisions-list
Error configd.py Timeout (120) executing : crowdsec alerts-list

I'm also seeing other report no issues. Any ideas?

Hi, I am the maintainer of the plugin and can't replicate the issue.

Could you please run

# cscli support dump

and send us the resulting file at support@crowdsec.net? It will send part of the configuration and some logs, nothing sensitive.

Also let me know if "cscli hub update" and "cscli hub upgrade" work without errors.

Thanks!

It's definitely GEOIP blocking that was the problem, and not a problem with CrowdSec or OPNsense. The service isn't starting if it can't connect to api.crowdsec.net, which appears to be running an IP in Ireland. If I reboot and leave the firewall rules in place, the service won't start. I have to modify or disable the rule to get it to start. It's a "me" problem.

mmetc · June 12, 2025, 05:32:11 PM

Quote from: irrenarzt on June 12, 2025, 04:27:08 PMWhat country is CrowdSec running in? It's odd that this wasn't a problem up until today.

As far as the open source engine is concerned, Ireland.

superduke1010 · June 12, 2025, 05:33:51 PM

Not sure it's a you problem myself....I don't have geo blocking and I also don't have the FIREHOL list (granted I have a bunch of others that likely replicate it)

I agree that it looked as if my crowdsec was having issues 'getting out' but I can't be sure it's geo blocking that's the issue because I just don't have that.

julsssark · June 12, 2025, 06:02:59 PM

As another data point, I upgraded to 25.1.8_1 without incident. I am running CrowdSec and using a GeoIP blocklist. I am in the U.S.

irrenarzt · June 12, 2025, 08:56:37 PM

Quote from: julsssark on June 12, 2025, 06:02:59 PMAs another data point, I upgraded to 25.1.8_1 without incident. I am running CrowdSec and using a GeoIP blocklist. I am in the U.S.

Are you blocking IP's in Ireland, and have rules set up to block both inbound and outbound?

julsssark · June 13, 2025, 12:04:40 AM

I am not sure if it matters, but my GeoBlock for inbound connections is setup as an allow list. Ireland is not one of the countries I allow. I am not doing any GeoIP blocking for outbound.

CrowdSec not starting in 25.1.8_1

irrenarzt

June 12, 2025, 03:56:07 PM

irrenarzt

June 12, 2025, 04:27:08 PM #1 Last Edit: June 12, 2025, 04:28:50 PM by irrenarzt

superduke1010

June 12, 2025, 04:54:22 PM #2

irrenarzt

June 12, 2025, 05:09:21 PM #3

mmetc

June 12, 2025, 05:11:47 PM #4

irrenarzt

June 12, 2025, 05:23:23 PM #5

mmetc

June 12, 2025, 05:32:11 PM #6

superduke1010

June 12, 2025, 05:33:51 PM #7

julsssark

June 12, 2025, 06:02:59 PM #8

irrenarzt

June 12, 2025, 08:56:37 PM #9

julsssark

June 13, 2025, 12:04:40 AM #10 Last Edit: June 13, 2025, 12:16:39 AM by julsssark