Starting web GUI...failed.

[Newbiewifi]

Starting web GUI...failed.


Do I need to restart the computer?

[franco]

You're using strict interface binding for the web GUI?


Cheers,
Franco

[Newbiewifi]

no strict binding.

I can only access via ssh

[franco]

Okay, from the console:

# /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf


Cheers,
Franco

[Newbiewifi]

Thank you for the quick reply.
but it fails


:~ # /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
2018-07-11 18:29:05: (mod_openssl.c.618) ssl.pemfile has to be set when ssl.engine = "enable"
2018-07-11 18:29:05: (server.c.1148) Initialization of plugins failed. Going down.

[franco]

# grep ssl.pemfile /var/etc/lighty-webConfigurator.conf

Looks like it's not set or not on the disk for whatever reason? oO


Cheers,
Franco

[Newbiewifi]

Thank you for the help.

I've restarted and used an old backup.

:)

[franco]

I'm curious... what happened?


Thanks,
Franco

[racef@ce]

Firmware: OPNsense 18.1.11-amd64
Previous firmware: OPNsense 18.1.10-amd64

@Franco I experience the same problem.
When the interface re0 (lan side) loses the connection then the lighttpd (webgui) also crashes view the logs below.

Then after crashing and executing the command directly below, the webui is working properly.

/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf

Logging:

Code Select Expand


system.log output
Jul 11 21:06:16 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 11 21:06:16 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:19 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 11 21:06:19 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.X.X) (interface: LAN[lan]) (real interface: re0).
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'lan'
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt1
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv4 default route
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
Jul 11 21:06:20 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: Removing static route for monitor 2001:XXX:XXXX:XXXX::2 via 2001:XXX:XXXX:XXXX::1
Jul 11 21:06:23 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[49952]: Received signal 15; terminating.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: Server listening on 2001:XXX:XXXX:XXXX::1 port 22.
Jul 11 21:06:23 XXNAMEFIREWALLXX sshd[19607]: Server listening on 192.168.X.X port 22.
Jul 11 21:06:24 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2018-07-11 21:06:24: (network.c.313) can't bind to socket: [2001:XXX:XXXX:XXXX::1]:443 Can't assign requested address'
Jul 11 21:06:26 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 11 21:06:26 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:26 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 11 21:06:27 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'

configd.log output:
Jul 11 21:06:16 XXNAMEFIREWALLXX configd.py: [fba537dd-5bbe-4537-b07c-11c9910783a7] Linkup stopping re0
Jul 11 21:06:19 XXNAMEFIREWALLXX configd.py: [7bc8e865-b5a2-47d3-8ef3-a2b8626ced4c] Linkup starting re0
Jul 11 21:06:20 XXNAMEFIREWALLXX configd.py: [4d28dac1-015e-4358-b0d3-d3c39506a972] New IPv4 on re0
Jul 11 21:06:22 XXNAMEFIREWALLXX configd.py: [2b4c1629-5694-470d-865e-f852460f74d4] generate template OPNsense/Filter
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/Filter
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py:  OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: [d2c16a2f-4237-4d92-8f84-32b5d3893c40] refresh url table aliases
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: [3cfaa67b-1075-4a1a-92c0-01f1b5615c89] generate template OPNsense/WebGui
Jul 11 21:06:23 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/WebGui
Jul 11 21:06:24 XXNAMEFIREWALLXX configd.py:  OPNsense/WebGui generated //usr/local/lib/php.ini
Jul 11 21:06:24 XXNAMEFIREWALLXX configd.py:  OPNsense/WebGui generated //usr/local/etc/php.ini
Jul 11 21:06:24 XXNAMEFIREWALLXX configd.py: message d2c16a2f-4237-4d92-8f84-32b5d3893c40 [filter.refresh_aliases] returned OK 
Jul 11 21:06:26 XXNAMEFIREWALLXX configd.py: [03ad5e4e-86df-45fe-8ba6-958318c4f22d] Linkup stopping re0
Jul 11 21:06:26 XXNAMEFIREWALLXX configd.py: [38bc3a52-3a9e-4961-9596-f1e04289e089] Linkup starting re0
Jul 11 21:06:26 XXNAMEFIREWALLXX configd.py: [ca4c2dab-abe8-46ee-861d-72fc3199c94a] New IPv4 on re0


[Newbiewifi]

Sorry,
:'(
It's a live system and I didn't have much time to look into.

[franco]

Hi racef@ce,

Yes, you're using strict binding on SSH and the GUI... I was never completely fond of the request, but we slapped a big warning dialog on the GUI to make sure its implications:

https://github.com/opnsense/core/issues/1347#issuecomment-347696172

Mostly:

There will not be a lot of sanity checking. To stress this point, if all manually configured interfaces do not have a single IP listening address, the service will refuse to start as opposed to falling back to listen on all interfaces...
Use at your own risk. It's hard to recover without other precautions like console access, auto-console login, etc.

Maybe legacy_getall_interface_addresses() is a better pick. Unbound and Dnsmasq gained similar but lsightly more robust solutions in 18.7 vs. the initial approach in 18.1 for SSH and the GUI. I can take a look post 18.7 if you want?  :)


Cheers,
Franco

[franco]

Hey  Newbiewifi,

No worries. Let me know if it happens again.


Cheers,
Franco

[racef@ce]

@Franco
Thanks for the quick response, I have also tested this on the OPNsense 18.7.r_10-amd64 build and can confirm the problem still presents.

How can I prevent this in the configuration, not using strict binding on SSH and the GUI?

Logging:

Code Select Expand


system.log
Jul 12 22:50:44 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 12 22:50:44 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:47 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 12 22:50:47 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:47 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.X.X) (interface: LAN[lan]) (real interface: re0).
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'lan'
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt1
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv4 default route
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
Jul 12 22:50:48 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: Removing static route for monitor 2001:XXX:XXXX:XXXX::2 via 2001:XXX:XXXX:XXXX::1
Jul 12 22:50:50 XXNAMEFIREWALLXX kernel: re0: link state changed to DOWN
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[56059]: Received signal 15; terminating.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on fe80::201:2eff:fe78:617c failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on 2001:XXX:XXXX:XXXX::1 failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: error: Bind to port 22 on 2001:XXX:XXXX:XXXX::1 failed: Can't assign requested address.
Jul 12 22:50:51 XXNAMEFIREWALLXX sshd[31796]: Server listening on 192.168.X.X port 22.
Jul 12 22:50:52 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2018-07-12 22:50:52: (network.c.313) can't bind to socket: [2001:XXX:XXXX:XXXX::1]:443 Can't assign requested address'
Jul 12 22:50:53 XXNAMEFIREWALLXX kernel: re0: link state changed to UP
Jul 12 22:50:54 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:54 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.linkup: Hotplug event detected for LAN(lan) but ignoring since interface is configured with static IP (192.168.X.X 2001:XXX:XXXX:XXXX::1)
Jul 12 22:50:55 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 're0'
Jul 12 22:50:55 XXNAMEFIREWALLXX opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.X.X) (interface: LAN[lan]) (real interface: re0).
Jul 12 22:51:27 XXNAMEFIREWALLXX opnsense: user 'root' authenticated successfully
Jul 12 22:51:28 XXNAMEFIREWALLXX sshd[66021]: Accepted keyboard-interactive/pam for root from 192.168.X.X0 port 1640 ssh2

configf.log
Jul 12 22:50:50 XXNAMEFIREWALLXX configd.py: [1f8a57c4-7e2c-4dea-87e3-1ad46a48abde] generate template OPNsense/Filter
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/Filter
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py:  OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: [6f92cc52-0838-41c3-ad8f-4857c0e54c40] refresh url table aliases
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: [16ba78c9-7d1b-495f-8dd7-7eb8666e7ab6] generate template OPNsense/WebGui
Jul 12 22:50:51 XXNAMEFIREWALLXX configd.py: generate template container OPNsense/WebGui
Jul 12 22:50:52 XXNAMEFIREWALLXX configd.py:  OPNsense/WebGui generated //usr/local/lib/php.ini
Jul 12 22:50:52 XXNAMEFIREWALLXX configd.py:  OPNsense/WebGui generated //usr/local/etc/php.ini
Jul 12 22:50:52 XXNAMEFIREWALLXX configd.py: message 6f92cc52-0838-41c3-ad8f-4857c0e54c40 [filter.refresh_aliases] returned OK 
Jul 12 22:50:54 XXNAMEFIREWALLXX configd.py: [0df2844f-cf9a-4617-8389-47aaf7939f0f] Linkup stopping re0
Jul 12 22:50:54 XXNAMEFIREWALLXX configd.py: [0aba07a6-8440-4a96-bc83-bc80dfabdf60] Linkup starting re0
Jul 12 22:50:54 XXNAMEFIREWALLXX configd.py: [653d0612-9460-4bd0-87e6-966fcec8059c] New IPv4 on re0


[franco]

Yes.


Cheers,
Franco

[racef@ce]

@Franco
Nice can you tell me how you can set this up?