Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 2548 views
  • Users 0 members are here
Options
Suggested

[9.092][BUG] RED 50 don't connect - Missing keepalive from reds1:0

Alex76
Hello,

i configured a new RED50 to the UTM and after the firmware upgrade and configre get the configuration, on the display is standing only:

,,Starting RED
> UTM firewall.***x

The Firewall Log writes: 


Live Log: RED	

Filter:			Autoscroll	

Reload

2013:04:22-14:25:37 firewall-1 red_server[29476]: A34007EF7******: No ping for 30 seconds, exiting.

2013:04:22-14:25:37 firewall-1 red_server[29476]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF7******" forced="0"

2013:04:22-14:25:40 firewall-1 red_server[22414]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF7******" forced="1"

2013:04:22-14:25:40 firewall-1 red_server[22414]: A34007EF7****** is disconnected.

2013:04:22-14:26:15 firewall-1 red_server[29755]: SELF: New connection from 93.111.127.100 with ID A34007EF7****** (cipher RC4-SHA), rev1

2013:04:22-14:26:16 firewall-1 red_server[29755]: SELF: Starting REDv2 protocol

2013:04:22-14:26:16 firewall-1 red_server[29755]: A34007EF7******: connected OK, pushing config

2013:04:22-14:26:16 firewall-1 red_server[29755]: A34007EF7******: Sending PEERS+IP1+IP2

2013:04:22-14:26:23 firewall-1 red2ctl[22167]: Overflow happened on reds1:0

2013:04:22-14:26:23 firewall-1 red2ctl[22167]: Missing keepalive from reds1:0, disabling peer 93.111.127.100

2013:04:22-14:26:43 firewall-1 red2ctl[22167]: Received keepalive from reds1:0, enabling peer 93.111.127.100

2013:04:22-14:26:47 firewall-1 red_server[29755]: A34007EF7******: No ping for 30 seconds, exiting.

2013:04:22-14:26:47 firewall-1 red_server[29755]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF7******" forced="0"

2013:04:22-14:26:49 firewall-1 red_server[22414]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF7******" forced="1"

2013:04:22-14:26:49 firewall-1 red_server[22414]: A34007EF7****** is disconnected.

2013:04:22-14:27:23 firewall-1 red_server[30052]: SELF: New connection from 93.111.127.100 with ID A34007EF7****** (cipher RC4-SHA), rev1

2013:04:22-14:27:23 firewall-1 red_server[30052]: SELF: Starting REDv2 protocol

2013:04:22-14:27:24 firewall-1 red_server[30052]: A34007EF7******: connected OK, pushing config

2013:04:22-14:27:24 firewall-1 red_server[30052]: A34007EF7******: Sending PEERS+IP1+IP2

2013:04:22-14:27:33 firewall-1 red2ctl[22167]: Overflow happened on reds1:0

2013:04:22-14:27:33 firewall-1 red2ctl[22167]: Missing keepalive from reds1:0, disabling peer 93.111.127.100

2013:04:22-14:27:43 firewall-1 red2ctl[22167]: Received keepalive from reds1:0, enabling peer 93.111.127.100

2013:04:22-14:27:54 firewall-1 red_server[30052]: A34007EF7******: No ping for 30 seconds, exiting.

2013:04:22-14:27:54 firewall-1 red_server[30052]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF7******" forced="0"

2013:04:22-14:27:58 firewall-1 red_server[22414]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF7******" forced="1"

2013:04:22-14:27:58 firewall-1 red_server[22414]: A34007EF7****** is disconnected.

2013:04:22-14:28:27 firewall-1 red_server[22394]: SELF: (Re-)loading device configurations

2013:04:22-14:28:31 firewall-1 red_server[30346]: SELF: New connection from 93.111.127.100 with ID A34007EF7****** (cipher RC4-SHA), rev1

2013:04:22-14:28:31 firewall-1 red_server[30346]: SELF: Starting REDv2 protocol

2013:04:22-14:28:32 firewall-1 red_server[30346]: A34007EF7******: connected OK, pushing config

2013:04:22-14:28:32 firewall-1 red_server[30346]: A34007EF7******: Sending PEERS+IP1+IP2


The RED Configurations has 2 DNS Entries on 2 different networks. 


kind regards

Alex
Parents
  • 0
    After a while playing, i got the error, that the configuration cannot uploaded to registry service.

    This was after i configure a static IP for the WAN2 on RED 50.

    2013:04:22-14:59:29 firewall-1 red_server[8904]: A34007EF77***xx: Staging config for upload
    2013:04:22-14:59:31 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-14:59:42 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-14:59:53 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:05 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:16 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:27 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:28 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:30 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:39 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:44 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:44 firewall-1 red_server[8904]: A34007EF77***xx: Device config changed
    2013:04:22-15:00:44 firewall-1 red_server[8904]: A34007EF77***xx: Staging config for upload
    2013:04:22-15:00:44 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:50 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:01:01 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:01:13 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: shutdown requested, killing clients
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: killing client A34007EF77***xx
    2013:04:22-15:01:19 firewall-1 red_server[8904]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF77***xx" forced="1"
    2013:04:22-15:01:19 firewall-1 red_server[8904]: A34007EF77***xx is disconnected.
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: exiting
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED10rev1 version set to 14
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED10rev2 version set to 2005R2
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED10rev2 local version set to 2016R2
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED50 fw version set to 2005
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED50 local fw version set to 2016
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: IO::Socket::SSL Version: 1.81
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: Startup - waiting 15 seconds ...
    2013:04:22-15:01:56 firewall-1 red_server[10192]: UPLOAD: Uploader process starting
    2013:04:22-15:01:56 firewall-1 red_server[10174]: SELF: (Re-)loading device configurations
    2013:04:22-15:01:56 firewall-1 red_server[10174]: A34007EF77***xx: New device
    2013:04:22-15:01:56 firewall-1 red_server[10174]: A34007EF77***xx: Staging config for upload
    2013:04:22-15:01:57 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:02:08 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:02:20 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:02:31 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds


    The Problem itself is:
    No ping for 30 seconds, exiting.


    There is a bad logic in the Timeout code. For example:


    long lastLiveTime=0;

    function connect(){
       // register RED
    }

    function read(){
        lastLiveTime=System.currentTimeMillis();
        .....
    }

    function write(){
        lastLiveTime=System.currentTimeMillis();
        .....
    }

    function boolean live(){
         if(System.currentTimeMillis()>lastLiveTime+30*1000){
              log.info("No ping for 30 seconds, exiting.");
              disconnect();
              return false;
         }
         return true;
    }


    if the next live check, is before the lastLiveTime variable was set to the current time, you have exact this kind of situation. 

    Normaly this will not be a problem, because the read and write is quick and can set the lastLiveTime in time. But if this need a litte bit longer time, like a GSM/UMTS/LTE connection the RED can not connect, because it will throw away to quickly.
Reply
  • 0
    After a while playing, i got the error, that the configuration cannot uploaded to registry service.

    This was after i configure a static IP for the WAN2 on RED 50.

    2013:04:22-14:59:29 firewall-1 red_server[8904]: A34007EF77***xx: Staging config for upload
    2013:04:22-14:59:31 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-14:59:42 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-14:59:53 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:05 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:16 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:27 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:28 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:30 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:39 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:00:44 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:44 firewall-1 red_server[8904]: A34007EF77***xx: Device config changed
    2013:04:22-15:00:44 firewall-1 red_server[8904]: A34007EF77***xx: Staging config for upload
    2013:04:22-15:00:44 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:00:50 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:01:01 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:01:13 firewall-1 red_server[8996]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: (Re-)loading device configurations
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: shutdown requested, killing clients
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: killing client A34007EF77***xx
    2013:04:22-15:01:19 firewall-1 red_server[8904]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A34007EF77***xx" forced="1"
    2013:04:22-15:01:19 firewall-1 red_server[8904]: A34007EF77***xx is disconnected.
    2013:04:22-15:01:19 firewall-1 red_server[8904]: SELF: exiting
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED10rev1 version set to 14
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED10rev2 version set to 2005R2
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED10rev2 local version set to 2016R2
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED50 fw version set to 2005
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: RED50 local fw version set to 2016
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: IO::Socket::SSL Version: 1.81
    2013:04:22-15:01:41 firewall-1 red_server[10174]: SELF: Startup - waiting 15 seconds ...
    2013:04:22-15:01:56 firewall-1 red_server[10192]: UPLOAD: Uploader process starting
    2013:04:22-15:01:56 firewall-1 red_server[10174]: SELF: (Re-)loading device configurations
    2013:04:22-15:01:56 firewall-1 red_server[10174]: A34007EF77***xx: New device
    2013:04:22-15:01:56 firewall-1 red_server[10174]: A34007EF77***xx: Staging config for upload
    2013:04:22-15:01:57 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:02:08 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:02:20 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds
    2013:04:22-15:02:31 firewall-1 red_server[10192]: UPLOAD: [A34007EF77***xx] Error while uploading config to registry service, waiting 10 seconds


    The Problem itself is:
    No ping for 30 seconds, exiting.


    There is a bad logic in the Timeout code. For example:


    long lastLiveTime=0;

    function connect(){
       // register RED
    }

    function read(){
        lastLiveTime=System.currentTimeMillis();
        .....
    }

    function write(){
        lastLiveTime=System.currentTimeMillis();
        .....
    }

    function boolean live(){
         if(System.currentTimeMillis()>lastLiveTime+30*1000){
              log.info("No ping for 30 seconds, exiting.");
              disconnect();
              return false;
         }
         return true;
    }


    if the next live check, is before the lastLiveTime variable was set to the current time, you have exact this kind of situation. 

    Normaly this will not be a problem, because the read and write is quick and can set the lastLiveTime in time. But if this need a litte bit longer time, like a GSM/UMTS/LTE connection the RED can not connect, because it will throw away to quickly.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?