Unable to apply configuration / reload filter

[fraenki]

Just updated from 15.7.16-amd64 to 15.7.19-amd64.

While on VPN -> IPsec and clicking on Apply changes the following error occurs:

Fatal error: Uncaught exception 'Exception' with message 'Timeout (120) executing :filter reload' in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:100 Stack trace: #0 /usr/local/etc/inc/legacy_bindings.inc(38): OPNsense\Core\Backend->configdRun('filter reload', false) #1 /usr/local/etc/inc/filter.inc(119): configd_run('filter reload') #2 /usr/local/www/vpn_ipsec.php(52): filter_configure() #3 {main} thrown in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 100

(Actually this wasn't a "real" change to the configuration, I just opened an existing IPsec configuration and clicked on Save.)

Besides that I can tell that the service ipsec is restartet, but the Apply changes button does not disappear.

[fraenki]

Update: This seems to affect all configuration changes where a filter reload is executed. I just hit this error again while trying to apply changes to my firewall rules.

[AdSchellevis]

Hi Frank,

Can you try to execute the reload script manually and check if it produces any other errors in either the syslog or a crashreport?
It seems to be waiting for something, but after 2 minutes configd stops trying.

Exec:
/usr/local/etc/rc.filter_configure_sync

Thanks in advance,

Regards,

Ad

[fraenki]

Hi Ad,

thanks for stepping in. @fichtner already discussed this issue on IRC. A manual reload did not lead to a different error, we're still receiving only the fatal error (due to the timeout was reached).

@fichtner made some changes to get more verbose log output. I'm going to apply his patch later today and add the output to this issue.

Regards
Frank

[fichtner]

This is what a normal run looks like with 877ad26:

1448383400.3061: Initializing
1448383400.4023: Creating aliases
1448383400.5047: Creating gateway group item...
1448383400.5461: Generating Limiter rules
1448383400.5461: Generating NAT rules
1448383400.6474: Creating 1:1 rules...
1448383400.6475: Creating outbound NAT rules
1448383400.7435: Creating automatic outbound rules
1448383401.1204: Creating NAT rule redirect traffic to proxy
1448383401.1345: Generating filter rules
1448383401.2345: Creating default rules
1448383401.2587: Pre-caching Default allow LAN IPv6 to any rule...
1448383401.2588: Creating filter rule Default allow LAN IPv6 to any rule ...
1448383401.3574: Creating filter rules Default allow LAN IPv6 to any rule ...
1448383401.3576: Setting up pass/block rules
1448383401.3576: Setting up pass/block rules Default allow LAN IPv6 to any rule
1448383401.3577: Creating rule Default allow LAN IPv6 to any rule
1448383401.4532: Pre-caching Default allow LAN to any rule...
1448383401.4533: Creating filter rule Default allow LAN to any rule ...
1448383401.5521: Creating filter rules Default allow LAN to any rule ...
1448383401.5522: Setting up pass/block rules
1448383401.5523: Setting up pass/block rules Default allow LAN to any rule
1448383401.5524: Creating rule Default allow LAN to any rule
1448383401.8457: Pre-caching NAT redirect traffic to proxy...
1448383401.8458: Creating filter rule NAT redirect traffic to proxy ...
1448383401.9473: Creating filter rules NAT redirect traffic to proxy ...
1448383401.9474: Setting up pass/block rules
1448383401.9475: Setting up pass/block rules NAT redirect traffic to proxy
1448383401.9476: Creating rule NAT redirect traffic to proxy
1448383402.2439: Creating IPsec rules...
1448383402.3476: Creating uPNP rules...
1448383402.3477: Loading filter rules
1448383402.356: Setting up logging information
1448383402.4519: Setting up SCRUB information
1448383402.5918: Processing down interface states
1448383402.5919: Done

[fraenki]

Upgrading to 15.7.20 solved this issue for me.

[fichtner]

Yay :)