Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Can't access / reboot opnsense remotely
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: Can't access / reboot opnsense remotely (Read 1403 times)
Olli
Newbie
Posts: 12
Karma: 0
Can't access / reboot opnsense remotely
«
on:
July 23, 2024, 10:10:16 pm »
Hi there,
i've an opnsense at home but it seems, that it hung up. It's the first time this happend and i cant access via gui (503 Service Unavailable) and ssh (connection reset by peer).
I have access to the lokal network with a site2site vpn config, but i cannot connect to all devices in the network. It seems that routing / dns / network management in the opnsense hung up and its not possible for me to reboot the device until next week physically. Also no internet services got resolved by trying to ping it out of that network.
But i need to get the location working.
Has someone an idea to get access or reboot that opnsense remotely, like a tool, an inproper action to get that device make a reboot? The firmware Version was updated at 10th of july.
Zenarmor is not responding via zenconsole.
For the system check and the "why" of that behavior i have to analyse the logfiles, but now i want only that reboot. yesterday all was workin fine.
Thanks, Olli
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Can't access / reboot opnsense remotely
«
Reply #1 on:
July 23, 2024, 10:50:27 pm »
Remote access must be setup in advance for what I hope are obvious security reasons. So no, if a firewall is doing its job properly, nobody should be able to administer it remotely without a previous secure setup.
Logged
Olli
Newbie
Posts: 12
Karma: 0
Re: Can't access / reboot opnsense remotely
«
Reply #2 on:
July 23, 2024, 11:03:01 pm »
True, but I had a setup including vpn and remote access from the two separate vpn. And I have access to some network devices. But now something happend to the opnsense, so that I cannot connect to GUI and ssh since today and the opnvpn did not work, only my site2site vpn is still connected.
So, how I can restart the machine without physical access
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Can't access / reboot opnsense remotely
«
Reply #3 on:
July 23, 2024, 11:06:53 pm »
Even the VPN needs to be setup in advance to be able to reach the firewall itself, otherwise only the tunnel.
So if that's failed, you will need another failsafe.
Logged
Olli
Newbie
Posts: 12
Karma: 0
Re: Can't access / reboot opnsense remotely
«
Reply #4 on:
July 23, 2024, 11:18:12 pm »
But it was setup that I can reach the firewall via vpn, via site2site and locally.
And something must hang up or going wrong that today nothing work correctly anymore. And I'm looking for a solution, hoping the insect tunnel stay active. So how I access ssh when everything worked before today and nobody changed anything because I'm on vacation...
I did not understand that behavior, since three years I had not such problems.
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Can't access / reboot opnsense remotely
«
Reply #5 on:
July 23, 2024, 11:26:48 pm »
Sorry, I have no suggestions especially if no ssh access.
Logged
Patrick M. Hausen
Hero Member
Posts: 6813
Karma: 572
Re: Can't access / reboot opnsense remotely
«
Reply #6 on:
July 23, 2024, 11:42:59 pm »
Have someone power cycle it. Only option I can think of. In a multi-tennant rental house, someone could pull the fuse to your entire appartment if absolutely necessary.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Olli
Newbie
Posts: 12
Karma: 0
Re: Can't access / reboot opnsense remotely
«
Reply #7 on:
July 24, 2024, 07:56:26 am »
@cookiemonster thanks for the try.
@patrick Thought of this, but the fuses are in the appartment and the usv will cover minimum half an hour. so the whole building without power is not an option for resetore my access
There seems to be no possibility, so I have to wait and see until i'm back at this location
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Can't access / reboot opnsense remotely
«
Reply #8 on:
July 24, 2024, 12:44:37 pm »
For something like this I've thought many times of getting one of those tinypilot units but they are so expensive (for me). I always end up leaving it in the cart. Maybe do a pikvm as a little project when I can spare the time.
Edit: it wouldn't help from outside but I have another WAN I'd be looking a making a separate vpn with.
«
Last Edit: July 24, 2024, 12:47:09 pm by cookiemonster
»
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: Can't access / reboot opnsense remotely
«
Reply #9 on:
July 24, 2024, 01:43:26 pm »
I've literally just received the TinyPilot Voyager 2a.
I agree, it is expensive, but I honestly dont know how I've gone without it.
I do a lot of headless systems and it is a breeze.
Ordered it from punkt.de
Logged
Patrick M. Hausen
Hero Member
Posts: 6813
Karma: 572
Re: Can't access / reboot opnsense remotely
«
Reply #10 on:
July 24, 2024, 08:39:33 pm »
Most firewall appliances have serial consoles and many server systems still have a serial port. If you have a two node HA cluster or two different uplinks with two different firewalls, cross-connect these. All you need to initiate a serial terminal session is in FreeBSD base and so on OPNsense:
Code:
[Select]
cu -s 115200 -l /dev/<port device>
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Can't access / reboot opnsense remotely
«
Reply #11 on:
July 24, 2024, 11:21:49 pm »
thanks Patrick. My previous appliance did have a serial port. The new one doesn't.
Logged
Olli
Newbie
Posts: 12
Karma: 0
Re: Searching fpr the problem...
«
Reply #12 on:
July 30, 2024, 11:12:09 pm »
So, i'm back with local access to the opnsense.
Thanks Patrick, i will think about it.
Elasticsearch had 270% CPU Usage
After reboot:
98301 root 1 103 0 58M 35M CPU3 3 7:06 99.59% python3.11
Java with 23 %
still running to hot.
In the system log on the crash day:
A lot of:
<13>1 2024-07-18T15:36:46+02:00 Sense.home kernel - - [meta sequenceId="35"] kern.maxfiles limit exceeded by uid 965, (java) please see tuning(7).
<13>1 2024-07-18T15:39:43+02:00 Sense.home kernel - - [meta sequenceId="214"] <7>sonewconn: pcb 0xfffff801d4c8f000 ([::7f00:1]:9200 (proto 6)): Listen
queue overflow: 193 already in queue awaiting acceptance (81 occurrences
Logged
Patrick M. Hausen
Hero Member
Posts: 6813
Karma: 572
Re: Can't access / reboot opnsense remotely
«
Reply #13 on:
July 30, 2024, 11:30:19 pm »
Elasticsearch is an absolute ressource hog. Don't run on the firewall if not absolutely necessary. Use a separate host or VM.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Olli
Newbie
Posts: 12
Karma: 0
Re: Can't access / reboot opnsense remotely
«
Reply #14 on:
July 30, 2024, 11:40:20 pm »
but i had two years no problems with it and opnsense should have enough capacity on the system, i thought.
16GB Ram, Intel i5-7200U
Is there an better alternative to elastic? ho can i prevent such issues? I plan to reinstall the sense, becaue i think the system had the issue with the last 24.1 release.
Another error i found was in unbound logfiles:
[41432:1] error: can't create socket: Too many open files in system
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Can't access / reboot opnsense remotely