pfSense-pkg-crowdsec icon indicating copy to clipboard operation
pfSense-pkg-crowdsec copied to clipboard

Published 20 hours ago verified publisher icon crowdsecurity

Suddenly the LAPI is down

Open europacafe opened this issue 1 year ago • 3 comments

Crowdsec 1.6.3

I've upgraded from 1.6.2 for a few days ago and suddenly this morning I can't query all the LAPI metrics image image crowdsec log on pfSense image

The crowdsec pfsense GUIs are still there, but it can't list pfsense machine. I also tried cscli capi register again with success (it generated new CAPI credentials). I also tried re-installing the crowdsec module. No help.

I've never encountered this problem since the pre-1.0 version. Every time there were new versions, I upgraded them every time. Need help....thanks.

europacafe avatar Oct 11 '24 05:10 europacafe

Hi, can you please run "cscli support dump" (with or without an instance running, doesn't matter) and send the output to [email protected]?

Don't bother with registering to capi, this is a local issue.

I should upload a new version today, and let you know.

Thanks

mmetc avatar Oct 11 '24 08:10 mmetc

Thanks. Will do. I'm not sure this is relevant. Pfsense DNS Resolver or unbound module also crashed after it has started for a short time.

europacafe avatar Oct 11 '24 10:10 europacafe

Thanks. No I don't think it's relevant.

We released a new version here, you can try it (best after sending us the crowdsec-support.zip)

https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/tag/v0.1.4-1.6.3_2

I recommend you to use the script to upgrade.

mmetc avatar Oct 11 '24 12:10 mmetc

I've upgraded crowdsec from the very early version for every new version until 1.6.2 without any problem. It worked great. However, 1.6.3-1 really ruined my pfSense to the point I had to fresh install my pfSense, and re-installed 1.63-1 again and it also corrupted my pfSense till it no longer works. I've now fresh installed my pfSense 2.7.2 again and I'm really afraid to install crowdsec again.

Sorry I did not keep the error log, but it reported something about python error things.

Is it safe to install the latest version?

europacafe avatar Oct 15 '24 03:10 europacafe

Hi,

there is no python in the crowdsec packages, plugins or anything related. Crowdsec is written in go and the pfsense plugin is php, javascript and bash.

What do you mean by "ruined" and "no longer works"? Where did you see these errors?

mmetc avatar Oct 15 '24 06:10 mmetc

The errors were reported on pfSense gui and I have to click the link to see a bunch of errors. Sorry I didn't capture the error reports.

The main break was that the dns resolver or unbound function on pfSense can't be started.

Could you tell how the new installation script is different from the manual package removal and adding?

europacafe avatar Oct 15 '24 07:10 europacafe

I don't think the errors are releated to crowdsec, the only configuration it changes is the firewall tables (IP addresses, so no need to involve dns)

The install script detects the OS version and CPU architecture, connects to github to download the release marked as "latest" - or the one chosen by the user, it then extracts the packages, removes the old ones and installs the new ones after making sure all crowdsec processes were terminated correctly.

mmetc avatar Oct 15 '24 07:10 mmetc

Thanks. I may try the script and 1.6.3-2 later.

europacafe avatar Oct 15 '24 08:10 europacafe

Just to update.

From the fresh installation of my pfSense, I used the installation script to install crowdsec 1.6.3-2 without problem.

Thank you very much for the great script.

europacafe avatar Oct 16 '24 04:10 europacafe