Menu
▾
▴
astlinux-users — AstLinux Users Mailing List
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(20) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(91) |
Feb
(111) |
Mar
(226) |
Apr
(65) |
May
(197) |
Jun
(202) |
Jul
(92) |
Aug
(87) |
Sep
(120) |
Oct
(133) |
Nov
(89) |
Dec
(155) |
| 2008 |
Jan
(251) |
Feb
(136) |
Mar
(174) |
Apr
(149) |
May
(56) |
Jun
(32) |
Jul
(36) |
Aug
(171) |
Sep
(245) |
Oct
(244) |
Nov
(218) |
Dec
(272) |
| 2009 |
Jan
(113) |
Feb
(119) |
Mar
(192) |
Apr
(117) |
May
(93) |
Jun
(46) |
Jul
(80) |
Aug
(54) |
Sep
(109) |
Oct
(70) |
Nov
(145) |
Dec
(110) |
| 2010 |
Jan
(137) |
Feb
(87) |
Mar
(45) |
Apr
(157) |
May
(58) |
Jun
(99) |
Jul
(188) |
Aug
(136) |
Sep
(101) |
Oct
(100) |
Nov
(61) |
Dec
(60) |
| 2011 |
Jan
(84) |
Feb
(43) |
Mar
(70) |
Apr
(17) |
May
(69) |
Jun
(28) |
Jul
(43) |
Aug
(21) |
Sep
(151) |
Oct
(120) |
Nov
(84) |
Dec
(101) |
| 2012 |
Jan
(119) |
Feb
(82) |
Mar
(70) |
Apr
(115) |
May
(66) |
Jun
(131) |
Jul
(70) |
Aug
(65) |
Sep
(66) |
Oct
(86) |
Nov
(197) |
Dec
(81) |
| 2013 |
Jan
(65) |
Feb
(48) |
Mar
(32) |
Apr
(68) |
May
(98) |
Jun
(59) |
Jul
(41) |
Aug
(52) |
Sep
(42) |
Oct
(37) |
Nov
(10) |
Dec
(27) |
| 2014 |
Jan
(61) |
Feb
(34) |
Mar
(30) |
Apr
(52) |
May
(45) |
Jun
(40) |
Jul
(28) |
Aug
(9) |
Sep
(39) |
Oct
(69) |
Nov
(55) |
Dec
(19) |
| 2015 |
Jan
(13) |
Feb
(21) |
Mar
(5) |
Apr
(14) |
May
(30) |
Jun
(51) |
Jul
(31) |
Aug
(12) |
Sep
(29) |
Oct
(15) |
Nov
(24) |
Dec
(16) |
| 2016 |
Jan
(62) |
Feb
(76) |
Mar
(30) |
Apr
(43) |
May
(46) |
Jun
(62) |
Jul
(21) |
Aug
(49) |
Sep
(67) |
Oct
(27) |
Nov
(26) |
Dec
(38) |
| 2017 |
Jan
(7) |
Feb
(12) |
Mar
(69) |
Apr
(59) |
May
(54) |
Jun
(40) |
Jul
(76) |
Aug
(82) |
Sep
(92) |
Oct
(51) |
Nov
(32) |
Dec
(30) |
| 2018 |
Jan
(22) |
Feb
(25) |
Mar
(34) |
Apr
(35) |
May
(37) |
Jun
(21) |
Jul
(69) |
Aug
(55) |
Sep
(17) |
Oct
(67) |
Nov
(9) |
Dec
(5) |
| 2019 |
Jan
(19) |
Feb
(12) |
Mar
(15) |
Apr
(19) |
May
|
Jun
(27) |
Jul
(27) |
Aug
(25) |
Sep
(25) |
Oct
(27) |
Nov
(10) |
Dec
(14) |
| 2020 |
Jan
(22) |
Feb
(20) |
Mar
(36) |
Apr
(40) |
May
(52) |
Jun
(35) |
Jul
(21) |
Aug
(32) |
Sep
(71) |
Oct
(27) |
Nov
(11) |
Dec
(16) |
| 2021 |
Jan
(16) |
Feb
(21) |
Mar
(21) |
Apr
(27) |
May
(17) |
Jun
|
Jul
(2) |
Aug
(22) |
Sep
(23) |
Oct
(7) |
Nov
(11) |
Dec
(28) |
| 2022 |
Jan
(23) |
Feb
(18) |
Mar
(9) |
Apr
(15) |
May
(15) |
Jun
(7) |
Jul
(8) |
Aug
(15) |
Sep
(1) |
Oct
|
Nov
(11) |
Dec
(10) |
| 2023 |
Jan
(14) |
Feb
(10) |
Mar
(11) |
Apr
(13) |
May
(2) |
Jun
(30) |
Jul
(1) |
Aug
(15) |
Sep
(13) |
Oct
(3) |
Nov
(25) |
Dec
(5) |
| 2024 |
Jan
(3) |
Feb
(10) |
Mar
(9) |
Apr
|
May
(1) |
Jun
(15) |
Jul
(7) |
Aug
(10) |
Sep
(3) |
Oct
(8) |
Nov
(6) |
Dec
(15) |
| 2025 |
Jan
(3) |
Feb
(1) |
Mar
(7) |
Apr
(5) |
May
(13) |
Jun
(16) |
Jul
(1) |
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Michael K. <li...@mk...> - 2018-08-17 08:56:29
|
> Am 17.08.2018 um 03:15 schrieb Shamus Rask <sh...@sr...>: > > This is more of an Asterisk question, but I’m hoping someone can share their experience. I’m setting up a multi-tenant system, and in doing so discovered the following. When I tried the following in voicemail.conf (note this is directly from the sample config): > > [default] > 1234 => 4242,Example Mailbox,root@localhost > > [other] > 1234 => 5678,Company2 User,root@localhost > > I see the following at the Asterisk CLI: > pbx0*CLI > > voicemail show users > Context Mbox User Zone NewMsg > default 1234 Example Mailbox 0 > 1 voicemail users configured. You could also do that (with Tab) for a special context: "voicemail show users for other" That will show you the other context. In your sip.conf you need to always add the voicemail context: "mailbox=1234@default" or "mailbox=1234@other" For me it seems to work with 2 contexts (Asterisk 13): pbx-nf9hg*CLI> voicemail show users Context Mbox User Zone NewMsg default 17 17-test germany 0 callback 17 17-test germany 0 > It looks like Asterisk cannot parse multiple mailboxes of the same number even if they’re in’ different contexts. If I changed either of the mailbox numbers and did a “voicemail reload”, they do both appear. > > Assuming the above behaviour is correct and I haven’t mis-configured some option, how do others handle multi-tenant voicemail? My initial thoughts were that I could prepend each mailbox with the tenant name, however I think this would break the VoiceMailMain() application (if not others). > > Thanks for your comments, > Shamus Michael http://www.mksolutions.info |
|
From: Michael K. <mic...@ip...> - 2018-08-17 03:44:40
|
Yes I do the same as well. Everything has a TNXXX in front of it and the DialPlan handles it. Regards Michael Knill From: AstLinux List <ast...@li...> Reply-To: AstLinux List <ast...@li...> Date: Friday, 17 August 2018 at 12:04 pm To: AstLinux List <ast...@li...> Cc: The Cadillac Kid <eld...@ya...> Subject: Re: [Astlinux-users] multi-tenant voicemail I do exactly that, i preface my tenant id to my mailbox.. 0001-1234. And 0002-1234. Since i handle vm dial in and auth in my dialplan things dont break. I do the tenant preface for all comtexts for my stations, sip ID etc. This is done with my cloud asterisk platform where many tenants are on one instance.. another option is multi instances in container like docker On Thursday, August 16, 2018, 9:45:30 PM EDT, Shamus Rask <sh...@sr...> wrote: This is more of an Asterisk question, but I’m hoping someone can share their experience. I’m setting up a multi-tenant system, and in doing so discovered the following. When I tried the following in voicemail.conf (note this is directly from the sample config): [default] 1234 => 4242,Example Mailbox,root@localhost [other] 1234 => 5678,Company2 User,root@localhost I see the following at the Asterisk CLI: pbx0*CLI > voicemail show users Context Mbox User Zone NewMsg default 1234 Example Mailbox 0 1 voicemail users configured. It looks like Asterisk cannot parse multiple mailboxes of the same number even if they’re in’ different contexts. If I changed either of the mailbox numbers and did a “voicemail reload”, they do both appear. Assuming the above behaviour is correct and I haven’t mis-configured some option, how do others handle multi-tenant voicemail? My initial thoughts were that I could prepend each mailbox with the tenant name, however I think this would break the VoiceMailMain() application (if not others). Thanks for your comments, Shamus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ Astlinux-users mailing list Ast...@li...<mailto:Ast...@li...> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....<mailto:pa...@kr....> |
|
From: The C. K. <eld...@ya...> - 2018-08-17 02:04:01
|
I do exactly that, i preface my tenant id to my mailbox.. 0001-1234. And 0002-1234. Since i handle vm dial in and auth in my dialplan things dont break.
I do the tenant preface for all comtexts for my stations, sip ID etc.
This is done with my cloud asterisk platform where many tenants are on one instance.. another option is multi instances in container like docker
On Thursday, August 16, 2018, 9:45:30 PM EDT, Shamus Rask <sh...@sr...> wrote:
This is more of an Asterisk question, but I’m hoping someone can share their experience. I’m setting up a multi-tenant system, and in doing so discovered the following. When I tried the following in voicemail.conf (note this is directly from the sample config):
[default]1234 => 4242,Example Mailbox,root@localhost
[other]1234 => 5678,Company2 User,root@localhost
I see the following at the Asterisk CLI:
pbx0*CLI> voicemail show usersContext Mbox User Zone NewMsgdefault 1234 Example Mailbox 01 voicemail users configured.
It looks like Asterisk cannot parse multiple mailboxes of the same number even if they’re in’ different contexts. If I changed either of the mailbox numbers and did a “voicemail reload”, they do both appear.
Assuming the above behaviour is correct and I haven’t mis-configured some option, how do others handle multi-tenant voicemail? My initial thoughts were that I could prepend each mailbox with the tenant name, however I think this would break the VoiceMailMain() application (if not others).
Thanks for your comments, Shamus------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Shamus R. <sh...@sr...> - 2018-08-17 01:45:04
|
This is more of an Asterisk question, but I’m hoping someone can share their experience. I’m setting up a multi-tenant system, and in doing so discovered the following. When I tried the following in voicemail.conf (note this is directly from the sample config): [default] 1234 => 4242,Example Mailbox,root@localhost [other] 1234 => 5678,Company2 User,root@localhost I see the following at the Asterisk CLI: pbx0*CLI > voicemail show users Context Mbox User Zone NewMsg default 1234 Example Mailbox 0 1 voicemail users configured. It looks like Asterisk cannot parse multiple mailboxes of the same number even if they’re in’ different contexts. If I changed either of the mailbox numbers and did a “voicemail reload”, they do both appear. Assuming the above behaviour is correct and I haven’t mis-configured some option, how do others handle multi-tenant voicemail? My initial thoughts were that I could prepend each mailbox with the tenant name, however I think this would break the VoiceMailMain() application (if not others). Thanks for your comments, Shamus |
|
From: John N. <jn...@co...> - 2018-08-16 13:26:16
|
Interesting to learn that the copper in AU is in similar shape to the copper in the U.S. !! In some of the more wealthy and densely populated urban areas, the ILEC's are forcing customers onto fiber with no choice. This has generated many problems in large old apartment houses when they choose NOT to locate an optical terminal in the basement and not use existing wiring, probably because they want to sell Internet. John Novack Michael Knill wrote: > > Sorry if I have asked this before but if my traffic shaping is set wrong, e.g. to 2M when the upstream is 1M, could I lose PPPoE packets on upstream congestion such that the far end resets the connection? > > This appeared to be happening at one of our sites and it was fine when I set the shaping correctly. > > If so, is there anything I can do to prevent it happening other than getting the shaping correct? > > Unfortunately with copper connections, and the pretty poor copper in this country, speeds do change over time. Maybe I need to set up Zabbix for some better monitoring. > > Regards > > Michael Knill > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... -- Dog is my Co-pilot |
|
From: Michael K. <mic...@ip...> - 2018-08-16 04:03:23
|
Sorry if I have asked this before but if my traffic shaping is set wrong, e.g. to 2M when the upstream is 1M, could I lose PPPoE packets on upstream congestion such that the far end resets the connection? This appeared to be happening at one of our sites and it was fine when I set the shaping correctly. If so, is there anything I can do to prevent it happening other than getting the shaping correct? Unfortunately with copper connections, and the pretty poor copper in this country, speeds do change over time. Maybe I need to set up Zabbix for some better monitoring. Regards Michael Knill |
|
From: Lonnie A. <li...@lo...> - 2018-08-15 13:33:12
|
While the AstLinux kernel includes the "bonding" module, there is no configuration for it. Linux "bonding" module, be able to 'bond' multiple Ethernet Channels together. This is called 'Etherchannel' by Cisco, 'Trunking' by Sun, 802.3ad by the IEEE, and 'Bonding' in Linux. https://en.wikipedia.org/wiki/Link_aggregation https://wiki.linuxfoundation.org/networking/bonding Lonnie > On Aug 15, 2018, at 1:32 AM, Michael Knill <mic...@ip...> wrote: > > Hi Guys > > So just starting the architecture of a new site and as its fairly large, I would like to connect the Astlinux box redundantly over two switches on the core stack. > So here are my questions: > 1) Can you do NIC Teaming on Astlinux? Is this a Bridge Group function? > 2) Can you have multiple Bridge Groups or NIC Teaming groups? > > Thanks all. > > Regards > Michael Knill > |
|
From: Michael K. <mic...@ip...> - 2018-08-15 06:32:39
|
Hi Guys So just starting the architecture of a new site and as its fairly large, I would like to connect the Astlinux box redundantly over two switches on the core stack. So here are my questions: 1) Can you do NIC Teaming on Astlinux? Is this a Bridge Group function? 2) Can you have multiple Bridge Groups or NIC Teaming groups? Thanks all. Regards Michael Knill |
|
From: Michael K. <mic...@ip...> - 2018-08-14 21:09:51
|
Awesome thanks Lonnie. I will try this when it goes down next.
If it fixes the problem, I will try to get Monit to do it automatically e.g. if pppoe is up and SIP is UNREACHABLE for a number of cycles.
Regards
Michael Knill
On 15/8/18, 6:49 am, "Lonnie Abelbeck" <li...@lo...> wrote:
> I tried a pppoe-restart on one of the sites and that did not fix the problem.
Michael, how long did you wait ? ie. PPPOE_RESTART_DELAY value
So, it seems cycling the PPPOEIF interface link in your restart-pppoe-network-cron.sh script might be worth a try
Take a look at /usr/sbin/pppoe-restart and note that two lines are commented out
#ifconfig $PPPOEIF down
and
#ifconfig $PPPOEIF up
Copy /usr/sbin/pppoe-restart to a local copy and uncomment those lines, and call your local tweaked pppoe-restart in your restart-pppoe-network-cron.sh script.
Lonnie
PS: if you prefer to use the iproute2 commands to toggle the link, you can use ...
ip link set dev $PPPOEIF down
and
ip link set dev $PPPOEIF up
> On Aug 14, 2018, at 3:32 AM, Michael Knill <mic...@ip...> wrote:
>
> Ok I have had two other sites now which have exhibited the same issue, both using the same internet provider.
> I tried a pppoe-restart on one of the sites and that did not fix the problem.
> I did a tcpdump -i ppp0 -Q in -A udp port 5060 and I received no packets e.g. should have been receiving 200 OK from SIP OPTIONS.
> When I got the customer to unplug the cable between the modem and Astlinux box for about 10 seconds this fixed the problem.
>
> Could this POSSIBLY be an Astlinux issue. It certainly seems not but I have no idea where to go now.
> I wonder if I can use Monit to disable and enable eth0 when its absolutely broken.
>
> Regards
> Michael Knill
>
> On 7/8/18, 7:26 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>
>> PS. Why do you need to stop Asterisk first?
>
> In this case you can take advantage of the delay in the pppoe-restart script.
>
> I like symmetry, stop services while the network is active ... restart the network ... start the services. You may want to restart more than just Asterisk, but that is a good start, and easy to test with it all in a custom script.
>
> Lonnie
>
>
>
>> On Aug 6, 2018, at 4:15 PM, Michael Knill <mic...@ip...> wrote:
>>
>> Thanks Lonnie. Great to know.
>>
>> PS. Why do you need to stop Asterisk first?
>>
>> Regards
>> Michael Knill
>>
>> On 6/8/18, 11:31 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
>>
>> Hi Michael,
>>
>> In case you were not aware, we have a PPPoE restart script /usr/sbin/pppoe-restart designed to be called via cron in the the early morning 0300, weekend, or such.
>>
>> The pppoe-restart script will restart with only a short delay (2 seconds) by default but that can be changed with a user.conf variable
>> --
>> PPPOE_RESTART_DELAY="180"
>> --
>> which would make the delay 180 seconds.
>>
>> So, you could call your own custom cron script
>>
>> -- restart-pppoe-network-cron.sh --
>> #!/bin/sh
>>
>> export PPPOE_RESTART_DELAY="180"
>>
>> service asterisk stop
>>
>> pppoe-restart
>>
>> service asterisk init
>> --
>> Note: if you have a user.conf PPPOE_RESTART_DELAY defined it will override the script's exported PPPOE_RESTART_DELAY value.
>>
>> And call that script via cron once a day or once a week when users won't be bothered.
>>
>> Lonnie
>>
>>
>>
>>> On Aug 5, 2018, at 6:47 PM, Michael Knill <mic...@ip...> wrote:
>>>
>>> Probably about 2 minutes.
>>> I am still thinking however that this is an upstream problem as you have mentioned and that I actually need to drop and re-establish the PPPoE connection for it to resolve. That's why a reboot fixes it.
>>>
>>> Regards
>>> Michael Knill
>>>
>>> On 6/8/18, 9:41 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>
>>> For the record, how long did you stop Asterisk ?
>>>
>>> Lonnie
>>>
>>>
>>>> On Aug 5, 2018, at 5:48 PM, Michael Knill <mic...@ip...> wrote:
>>>>
>>>> Hi All
>>>>
>>>> Thanks Lonnie for your idea however this problem occurred again and stopping Asterisk for a while did not fix it.
>>>> I had to reboot again as the only thing that fixes it ☹
>>>>
>>>> There are some network issues at the site but I cant see why it causes this!
>>>> I have changed out the DSL modem so that's not it.
>>>>
>>>> Any more ideas?
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 5/7/18, 9:44 am, "Michael Knill" <mic...@ip...> wrote:
>>>>
>>>> Thanks Lonnie. Good call. That will be my next test.
>>>> PS IP Address stays the same.
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 5/7/18, 9:14 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>>
>>>> Michael,
>>>>
>>>> My theory has always been your problem is with an upstream firewall.
>>>>
>>>> Stopping asterisk for a period of time may allow upstream firewall states to expire.
>>>>
>>>> By rebooting AstLinux you will do the same (stop/start Asterisk) and if you have PPPoE you may pull a different IP address which will bypass any upstream states.
>>>>
>>>> From all you have described, this looks to me to be an upstream issue relative to AstLinux.
>>>>
>>>> Lonnie
>>>>
>>>>
>>>>
>>>>> On Jul 4, 2018, at 4:56 PM, Michael Knill <mic...@ip...> wrote:
>>>>>
>>>>> And yes good test. Of course a firewall restart does not clear translations.
>>>>> Am I able to clear firewall translations without waiting for them to time out which is what I assume you are doing here?
>>>>> It would have to be dome from a remote session as well e.g. through the firewall.
>>>>>
>>>>> Regards
>>>>> Michael Knill
>>>>>
>>>>> On 4/7/18, 10:41 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>>>
>>>>>> So my questions are:
>>>>>> • Is tcpdump BEFORE the firewall?
>>>>>
>>>>> For incoming packets tcpdump is before the firewall, for outgoing packets tcpdump is after the firewall, ie.
>>>>> --
>>>>> wire -> NIC -> tcpdump -> netfilter/firewall
>>>>>
>>>>> netfilter/firewall -> tcpdump -> NIC -> wire
>>>>> --
>>>>> so tcpdump does not see outbound packets blocked by the firewall.
>>>>>
>>>>>
>>>>>> • What tests should I do next?
>>>>>
>>>>> Have you ever tried ...
>>>>> --
>>>>> service asterisk stop
>>>>> sleep 90
>>>>> service asterisk init
>>>>> --
>>>>>
>>>>>
>>>>> Lonnie
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On Jul 3, 2018, at 10:19 PM, Michael Knill <mic...@ip...> wrote:
>>>>>>
>>>>>> Back to the ongoing saga of SIP Options ping not working. This one is a bit different though. Here is the scenario:
>>>>>>
>>>>>> • Can SSH into box fine and network connectivity is fine
>>>>>> • Find IP Address based SIP Trunk is UNREACHABLE. Can ping provider from the box
>>>>>> • Asterisk SIP Debug shows SIP Options sent but none received. This is also the case using tcpdump on the ppp0 interface
>>>>>> • Asterisk reload and Firewall restart did not fix the problem. The system needed a full reboot for the trunk to be REACHABLE
>>>>>>
>>>>>> So my questions are:
>>>>>> • Is tcpdump BEFORE the firewall?
>>>>>> • Can you think of what the issue could be?
>>>>>> • What tests should I do next?
>>>>>>
>>>>>> Unfortunately (or fortunately) this happens very infrequently so the fix will be a long confirmation period.
>>>>>>
>>>>>> Thanks all!
>>>>>>
>>>>>> Regards
>>>>>> Michael Knill
>>>>>> ------------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Lonnie A. <li...@lo...> - 2018-08-14 20:49:08
|
> I tried a pppoe-restart on one of the sites and that did not fix the problem. Michael, how long did you wait ? ie. PPPOE_RESTART_DELAY value So, it seems cycling the PPPOEIF interface link in your restart-pppoe-network-cron.sh script might be worth a try Take a look at /usr/sbin/pppoe-restart and note that two lines are commented out #ifconfig $PPPOEIF down and #ifconfig $PPPOEIF up Copy /usr/sbin/pppoe-restart to a local copy and uncomment those lines, and call your local tweaked pppoe-restart in your restart-pppoe-network-cron.sh script. Lonnie PS: if you prefer to use the iproute2 commands to toggle the link, you can use ... ip link set dev $PPPOEIF down and ip link set dev $PPPOEIF up > On Aug 14, 2018, at 3:32 AM, Michael Knill <mic...@ip...> wrote: > > Ok I have had two other sites now which have exhibited the same issue, both using the same internet provider. > I tried a pppoe-restart on one of the sites and that did not fix the problem. > I did a tcpdump -i ppp0 -Q in -A udp port 5060 and I received no packets e.g. should have been receiving 200 OK from SIP OPTIONS. > When I got the customer to unplug the cable between the modem and Astlinux box for about 10 seconds this fixed the problem. > > Could this POSSIBLY be an Astlinux issue. It certainly seems not but I have no idea where to go now. > I wonder if I can use Monit to disable and enable eth0 when its absolutely broken. > > Regards > Michael Knill > > On 7/8/18, 7:26 am, "Lonnie Abelbeck" <li...@lo...> wrote: > >> PS. Why do you need to stop Asterisk first? > > In this case you can take advantage of the delay in the pppoe-restart script. > > I like symmetry, stop services while the network is active ... restart the network ... start the services. You may want to restart more than just Asterisk, but that is a good start, and easy to test with it all in a custom script. > > Lonnie > > > >> On Aug 6, 2018, at 4:15 PM, Michael Knill <mic...@ip...> wrote: >> >> Thanks Lonnie. Great to know. >> >> PS. Why do you need to stop Asterisk first? >> >> Regards >> Michael Knill >> >> On 6/8/18, 11:31 pm, "Lonnie Abelbeck" <li...@lo...> wrote: >> >> Hi Michael, >> >> In case you were not aware, we have a PPPoE restart script /usr/sbin/pppoe-restart designed to be called via cron in the the early morning 0300, weekend, or such. >> >> The pppoe-restart script will restart with only a short delay (2 seconds) by default but that can be changed with a user.conf variable >> -- >> PPPOE_RESTART_DELAY="180" >> -- >> which would make the delay 180 seconds. >> >> So, you could call your own custom cron script >> >> -- restart-pppoe-network-cron.sh -- >> #!/bin/sh >> >> export PPPOE_RESTART_DELAY="180" >> >> service asterisk stop >> >> pppoe-restart >> >> service asterisk init >> -- >> Note: if you have a user.conf PPPOE_RESTART_DELAY defined it will override the script's exported PPPOE_RESTART_DELAY value. >> >> And call that script via cron once a day or once a week when users won't be bothered. >> >> Lonnie >> >> >> >>> On Aug 5, 2018, at 6:47 PM, Michael Knill <mic...@ip...> wrote: >>> >>> Probably about 2 minutes. >>> I am still thinking however that this is an upstream problem as you have mentioned and that I actually need to drop and re-establish the PPPoE connection for it to resolve. That's why a reboot fixes it. >>> >>> Regards >>> Michael Knill >>> >>> On 6/8/18, 9:41 am, "Lonnie Abelbeck" <li...@lo...> wrote: >>> >>> For the record, how long did you stop Asterisk ? >>> >>> Lonnie >>> >>> >>>> On Aug 5, 2018, at 5:48 PM, Michael Knill <mic...@ip...> wrote: >>>> >>>> Hi All >>>> >>>> Thanks Lonnie for your idea however this problem occurred again and stopping Asterisk for a while did not fix it. >>>> I had to reboot again as the only thing that fixes it ☹ >>>> >>>> There are some network issues at the site but I cant see why it causes this! >>>> I have changed out the DSL modem so that's not it. >>>> >>>> Any more ideas? >>>> >>>> Regards >>>> Michael Knill >>>> >>>> On 5/7/18, 9:44 am, "Michael Knill" <mic...@ip...> wrote: >>>> >>>> Thanks Lonnie. Good call. That will be my next test. >>>> PS IP Address stays the same. >>>> >>>> Regards >>>> Michael Knill >>>> >>>> On 5/7/18, 9:14 am, "Lonnie Abelbeck" <li...@lo...> wrote: >>>> >>>> Michael, >>>> >>>> My theory has always been your problem is with an upstream firewall. >>>> >>>> Stopping asterisk for a period of time may allow upstream firewall states to expire. >>>> >>>> By rebooting AstLinux you will do the same (stop/start Asterisk) and if you have PPPoE you may pull a different IP address which will bypass any upstream states. >>>> >>>> From all you have described, this looks to me to be an upstream issue relative to AstLinux. >>>> >>>> Lonnie >>>> >>>> >>>> >>>>> On Jul 4, 2018, at 4:56 PM, Michael Knill <mic...@ip...> wrote: >>>>> >>>>> And yes good test. Of course a firewall restart does not clear translations. >>>>> Am I able to clear firewall translations without waiting for them to time out which is what I assume you are doing here? >>>>> It would have to be dome from a remote session as well e.g. through the firewall. >>>>> >>>>> Regards >>>>> Michael Knill >>>>> >>>>> On 4/7/18, 10:41 pm, "Lonnie Abelbeck" <li...@lo...> wrote: >>>>> >>>>>> So my questions are: >>>>>> • Is tcpdump BEFORE the firewall? >>>>> >>>>> For incoming packets tcpdump is before the firewall, for outgoing packets tcpdump is after the firewall, ie. >>>>> -- >>>>> wire -> NIC -> tcpdump -> netfilter/firewall >>>>> >>>>> netfilter/firewall -> tcpdump -> NIC -> wire >>>>> -- >>>>> so tcpdump does not see outbound packets blocked by the firewall. >>>>> >>>>> >>>>>> • What tests should I do next? >>>>> >>>>> Have you ever tried ... >>>>> -- >>>>> service asterisk stop >>>>> sleep 90 >>>>> service asterisk init >>>>> -- >>>>> >>>>> >>>>> Lonnie >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> On Jul 3, 2018, at 10:19 PM, Michael Knill <mic...@ip...> wrote: >>>>>> >>>>>> Back to the ongoing saga of SIP Options ping not working. This one is a bit different though. Here is the scenario: >>>>>> >>>>>> • Can SSH into box fine and network connectivity is fine >>>>>> • Find IP Address based SIP Trunk is UNREACHABLE. Can ping provider from the box >>>>>> • Asterisk SIP Debug shows SIP Options sent but none received. This is also the case using tcpdump on the ppp0 interface >>>>>> • Asterisk reload and Firewall restart did not fix the problem. The system needed a full reboot for the trunk to be REACHABLE >>>>>> >>>>>> So my questions are: >>>>>> • Is tcpdump BEFORE the firewall? >>>>>> • Can you think of what the issue could be? >>>>>> • What tests should I do next? >>>>>> >>>>>> Unfortunately (or fortunately) this happens very infrequently so the fix will be a long confirmation period. >>>>>> >>>>>> Thanks all! >>>>>> >>>>>> Regards >>>>>> Michael Knill >>>>>> ------------------------------------------------------------------------------ >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Michael K. <mic...@ip...> - 2018-08-14 08:32:57
|
Ok I have had two other sites now which have exhibited the same issue, both using the same internet provider.
I tried a pppoe-restart on one of the sites and that did not fix the problem.
I did a tcpdump -i ppp0 -Q in -A udp port 5060 and I received no packets e.g. should have been receiving 200 OK from SIP OPTIONS.
When I got the customer to unplug the cable between the modem and Astlinux box for about 10 seconds this fixed the problem.
Could this POSSIBLY be an Astlinux issue. It certainly seems not but I have no idea where to go now.
I wonder if I can use Monit to disable and enable eth0 when its absolutely broken.
Regards
Michael Knill
On 7/8/18, 7:26 am, "Lonnie Abelbeck" <li...@lo...> wrote:
> PS. Why do you need to stop Asterisk first?
In this case you can take advantage of the delay in the pppoe-restart script.
I like symmetry, stop services while the network is active ... restart the network ... start the services. You may want to restart more than just Asterisk, but that is a good start, and easy to test with it all in a custom script.
Lonnie
> On Aug 6, 2018, at 4:15 PM, Michael Knill <mic...@ip...> wrote:
>
> Thanks Lonnie. Great to know.
>
> PS. Why do you need to stop Asterisk first?
>
> Regards
> Michael Knill
>
> On 6/8/18, 11:31 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
>
> Hi Michael,
>
> In case you were not aware, we have a PPPoE restart script /usr/sbin/pppoe-restart designed to be called via cron in the the early morning 0300, weekend, or such.
>
> The pppoe-restart script will restart with only a short delay (2 seconds) by default but that can be changed with a user.conf variable
> --
> PPPOE_RESTART_DELAY="180"
> --
> which would make the delay 180 seconds.
>
> So, you could call your own custom cron script
>
> -- restart-pppoe-network-cron.sh --
> #!/bin/sh
>
> export PPPOE_RESTART_DELAY="180"
>
> service asterisk stop
>
> pppoe-restart
>
> service asterisk init
> --
> Note: if you have a user.conf PPPOE_RESTART_DELAY defined it will override the script's exported PPPOE_RESTART_DELAY value.
>
> And call that script via cron once a day or once a week when users won't be bothered.
>
> Lonnie
>
>
>
>> On Aug 5, 2018, at 6:47 PM, Michael Knill <mic...@ip...> wrote:
>>
>> Probably about 2 minutes.
>> I am still thinking however that this is an upstream problem as you have mentioned and that I actually need to drop and re-establish the PPPoE connection for it to resolve. That's why a reboot fixes it.
>>
>> Regards
>> Michael Knill
>>
>> On 6/8/18, 9:41 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>
>> For the record, how long did you stop Asterisk ?
>>
>> Lonnie
>>
>>
>>> On Aug 5, 2018, at 5:48 PM, Michael Knill <mic...@ip...> wrote:
>>>
>>> Hi All
>>>
>>> Thanks Lonnie for your idea however this problem occurred again and stopping Asterisk for a while did not fix it.
>>> I had to reboot again as the only thing that fixes it ☹
>>>
>>> There are some network issues at the site but I cant see why it causes this!
>>> I have changed out the DSL modem so that's not it.
>>>
>>> Any more ideas?
>>>
>>> Regards
>>> Michael Knill
>>>
>>> On 5/7/18, 9:44 am, "Michael Knill" <mic...@ip...> wrote:
>>>
>>> Thanks Lonnie. Good call. That will be my next test.
>>> PS IP Address stays the same.
>>>
>>> Regards
>>> Michael Knill
>>>
>>> On 5/7/18, 9:14 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>
>>> Michael,
>>>
>>> My theory has always been your problem is with an upstream firewall.
>>>
>>> Stopping asterisk for a period of time may allow upstream firewall states to expire.
>>>
>>> By rebooting AstLinux you will do the same (stop/start Asterisk) and if you have PPPoE you may pull a different IP address which will bypass any upstream states.
>>>
>>> From all you have described, this looks to me to be an upstream issue relative to AstLinux.
>>>
>>> Lonnie
>>>
>>>
>>>
>>>> On Jul 4, 2018, at 4:56 PM, Michael Knill <mic...@ip...> wrote:
>>>>
>>>> And yes good test. Of course a firewall restart does not clear translations.
>>>> Am I able to clear firewall translations without waiting for them to time out which is what I assume you are doing here?
>>>> It would have to be dome from a remote session as well e.g. through the firewall.
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 4/7/18, 10:41 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>>
>>>>> So my questions are:
>>>>> • Is tcpdump BEFORE the firewall?
>>>>
>>>> For incoming packets tcpdump is before the firewall, for outgoing packets tcpdump is after the firewall, ie.
>>>> --
>>>> wire -> NIC -> tcpdump -> netfilter/firewall
>>>>
>>>> netfilter/firewall -> tcpdump -> NIC -> wire
>>>> --
>>>> so tcpdump does not see outbound packets blocked by the firewall.
>>>>
>>>>
>>>>> • What tests should I do next?
>>>>
>>>> Have you ever tried ...
>>>> --
>>>> service asterisk stop
>>>> sleep 90
>>>> service asterisk init
>>>> --
>>>>
>>>>
>>>> Lonnie
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Jul 3, 2018, at 10:19 PM, Michael Knill <mic...@ip...> wrote:
>>>>>
>>>>> Back to the ongoing saga of SIP Options ping not working. This one is a bit different though. Here is the scenario:
>>>>>
>>>>> • Can SSH into box fine and network connectivity is fine
>>>>> • Find IP Address based SIP Trunk is UNREACHABLE. Can ping provider from the box
>>>>> • Asterisk SIP Debug shows SIP Options sent but none received. This is also the case using tcpdump on the ppp0 interface
>>>>> • Asterisk reload and Firewall restart did not fix the problem. The system needed a full reboot for the trunk to be REACHABLE
>>>>>
>>>>> So my questions are:
>>>>> • Is tcpdump BEFORE the firewall?
>>>>> • Can you think of what the issue could be?
>>>>> • What tests should I do next?
>>>>>
>>>>> Unfortunately (or fortunately) this happens very infrequently so the fix will be a long confirmation period.
>>>>>
>>>>> Thanks all!
>>>>>
>>>>> Regards
>>>>> Michael Knill
>>>>> ------------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Michael K. <li...@mk...> - 2018-08-11 20:45:17
|
> Am 11.08.2018 um 21:33 schrieb Lonnie Abelbeck <li...@lo...>: > > Cody, > > The Status tab -> Adaptive Ban Plugin Status: only shows banned hosts by the adaptive-ban plugin using the current /var/log/messages file. > > Lonnie BTW: The "messages" file gets rotated (by file size) over time, even if you set "PERSISTLOG=yes". >> On Aug 11, 2018, at 2:26 PM, Cody Alderson <ald...@gm...> wrote: >> >> Micheal Keuter, >> >> Thank you. Yes, it is the entry in user.conf that I placed. I remember that now. I checked, and it is still present. Does the status screen for banned hosts list all the banned hosts in the log or just a few of them? Just curious. Thank you for the info on permanently blocking IP addresses. >> >> Cody >> >> On Sat, Aug 11, 2018 at 12:20 PM, Michael Keuter <li...@mk...> wrote: >> >> Hi Cody, >> >> the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the entries in the "/var/log/messages" file (like Fail2Ban works too). >> Usually the log file is deleted on reboot, unless you have manually set "PERSISTLOG=yes" in your "user.conf". >> >> But depending on how your firewall is configured, you can permanently block IP-addresses either in >> "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in "/mnt/kd/blocklists/blocked-hosts.netset" >> >> https://doc.astlinux.org/userdoc:tt_firewall_external_block_list >> >> Michael Michael http://www.mksolutions.info |
|
From: Michael K. <mic...@ip...> - 2018-08-11 19:38:00
|
Actually probably if I just deleted all my certificates that would have fixed it too but oh well!
Regards
Michael Knill
On 12/8/18, 5:36 am, "Michael Knill" <mic...@ip...> wrote:
Yay did a Firefox Refresh and it fixed it.
Go to about:support and in Give Firefox a tune up, click Refresh Firefox…
It actually reimports all your personal info which is handy.
Regards
Michael Knill
On 11/8/18, 10:55 am, "Michael Knill" <mic...@ip...> wrote:
Grrr it works fine in Chrome but not with Firefox!
Why would it only be this Astlinux box that this happens?
Regards
Michael Knill
On 10/8/18, 11:02 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
> So you think I need to regenerate the self signed certificate?
If you are using a self-signed cert then your browser needs an exception for it to be trusted, I might try a different browser to help understand where the problem is.
It could be how the browser handles Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)
Ref: https://devcentral.f5.com/articles/security-sidebar-my-browser-has-no-idea-your-certificate-was-just-revoked-19963
For example, I recall some time ago, that one of the common optional blocklists (voipbl) used with AstLinux blocked a CRL server, this could explain a 20 sec. delay if the browser's network path went through such a blocklist.
But, would a CRL/OCSP be used with a self-signed cert exception ? Possibly dependent on the browser.
Please pass on any knowledge you gain on this.
Lonnie
> On Aug 9, 2018, at 11:28 PM, Michael Knill <mic...@ip...> wrote:
>
> It returned immediately.
> So you think I need to regenerate the self signed certificate?
>
> Regards
> Michael Knill
>
> On 10/8/18, 12:39 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>
> Hi Michael,
>
> If you ssh into the box, try
> --
> time curl -Lk https://127.0.0.1
> --
> If this completes in much less than the 20 seconds you are seeing in a browser, it could be related to the browser's certificate validation.
>
> If this also takes 20 seconds ... I'm stumped.
>
> Lonnie
>
>
>
>> On Aug 9, 2018, at 2:16 AM, Michael Knill <mic...@ip...> wrote:
>>
>> Hi Michael
>>
>> This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹
>>
>> Regards
>> Michael Knill
>>
>> On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote:
>>
>>
>>> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>:
>>>
>>> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up.
>>> Its certainly not a resource or network issue.
>>> Plenty of var space:
>>> Filesystem Size Used Available Use% Mounted on
>>> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom
>>> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw
>>> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd
>>>
>>> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc.
>>>
>>> Regards
>>> Michael Knill
>>
>> BTW: Have you tried it with a clean install image from our website?
>>
>>> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>
>>> Try running "htop" via the CLI while you are trying to access the web interface.
>>>
>>> If the htop usage stays reasonably low, then it most likely is a network-ish issue.
>>>
>>> If you are traffic shaping, make sure it is not a typo too low.
>>>
>>> If HTTPS logs are enabled and you are out of /var/ space that could be an issue.
>>>
>>> Lonnie
>>>
>>>
>>>
>>>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote:
>>>>
>>>> Nope it doesn't matter whether its local or remote SSH.
>>>> Im quite certain its not a network problem.
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>>
>>>> I have not seen such a thing. Does sound like a local network issue.
>>>>
>>>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's.
>>>>
>>>> Are you using a numeric IP or DNS name ? Self-signed or ACME ?
>>>>
>>>> Lonnie
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote:
>>>>>
>>>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump?
>>>>>
>>>>> Regards
>>>>> Michael Knill
>>>>>
>>>>> From: David Kerr <da...@ke...>
>>>>> Reply-To: AstLinux List <ast...@li...>
>>>>> Date: Wednesday, 8 August 2018 at 10:54 pm
>>>>> To: AstLinux List <ast...@li...>
>>>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow
>>>>>
>>>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering.
>>>>>
>>>>> David
>>>>>
>>>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote:
>>>>>> Hi Group
>>>>>>
>>>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time.
>>>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up.
>>>>>>
>>>>>> Any ideas where I should start troubleshooting?
>>>>>>
>>>>>> Regards
>>>>>> Michael Knill
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Michael K. <mic...@ip...> - 2018-08-11 19:36:26
|
Yay did a Firefox Refresh and it fixed it.
Go to about:support and in Give Firefox a tune up, click Refresh Firefox…
It actually reimports all your personal info which is handy.
Regards
Michael Knill
On 11/8/18, 10:55 am, "Michael Knill" <mic...@ip...> wrote:
Grrr it works fine in Chrome but not with Firefox!
Why would it only be this Astlinux box that this happens?
Regards
Michael Knill
On 10/8/18, 11:02 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
> So you think I need to regenerate the self signed certificate?
If you are using a self-signed cert then your browser needs an exception for it to be trusted, I might try a different browser to help understand where the problem is.
It could be how the browser handles Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)
Ref: https://devcentral.f5.com/articles/security-sidebar-my-browser-has-no-idea-your-certificate-was-just-revoked-19963
For example, I recall some time ago, that one of the common optional blocklists (voipbl) used with AstLinux blocked a CRL server, this could explain a 20 sec. delay if the browser's network path went through such a blocklist.
But, would a CRL/OCSP be used with a self-signed cert exception ? Possibly dependent on the browser.
Please pass on any knowledge you gain on this.
Lonnie
> On Aug 9, 2018, at 11:28 PM, Michael Knill <mic...@ip...> wrote:
>
> It returned immediately.
> So you think I need to regenerate the self signed certificate?
>
> Regards
> Michael Knill
>
> On 10/8/18, 12:39 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>
> Hi Michael,
>
> If you ssh into the box, try
> --
> time curl -Lk https://127.0.0.1
> --
> If this completes in much less than the 20 seconds you are seeing in a browser, it could be related to the browser's certificate validation.
>
> If this also takes 20 seconds ... I'm stumped.
>
> Lonnie
>
>
>
>> On Aug 9, 2018, at 2:16 AM, Michael Knill <mic...@ip...> wrote:
>>
>> Hi Michael
>>
>> This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹
>>
>> Regards
>> Michael Knill
>>
>> On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote:
>>
>>
>>> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>:
>>>
>>> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up.
>>> Its certainly not a resource or network issue.
>>> Plenty of var space:
>>> Filesystem Size Used Available Use% Mounted on
>>> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom
>>> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw
>>> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd
>>>
>>> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc.
>>>
>>> Regards
>>> Michael Knill
>>
>> BTW: Have you tried it with a clean install image from our website?
>>
>>> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>
>>> Try running "htop" via the CLI while you are trying to access the web interface.
>>>
>>> If the htop usage stays reasonably low, then it most likely is a network-ish issue.
>>>
>>> If you are traffic shaping, make sure it is not a typo too low.
>>>
>>> If HTTPS logs are enabled and you are out of /var/ space that could be an issue.
>>>
>>> Lonnie
>>>
>>>
>>>
>>>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote:
>>>>
>>>> Nope it doesn't matter whether its local or remote SSH.
>>>> Im quite certain its not a network problem.
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>>
>>>> I have not seen such a thing. Does sound like a local network issue.
>>>>
>>>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's.
>>>>
>>>> Are you using a numeric IP or DNS name ? Self-signed or ACME ?
>>>>
>>>> Lonnie
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote:
>>>>>
>>>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump?
>>>>>
>>>>> Regards
>>>>> Michael Knill
>>>>>
>>>>> From: David Kerr <da...@ke...>
>>>>> Reply-To: AstLinux List <ast...@li...>
>>>>> Date: Wednesday, 8 August 2018 at 10:54 pm
>>>>> To: AstLinux List <ast...@li...>
>>>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow
>>>>>
>>>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering.
>>>>>
>>>>> David
>>>>>
>>>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote:
>>>>>> Hi Group
>>>>>>
>>>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time.
>>>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up.
>>>>>>
>>>>>> Any ideas where I should start troubleshooting?
>>>>>>
>>>>>> Regards
>>>>>> Michael Knill
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Lonnie A. <li...@lo...> - 2018-08-11 19:33:31
|
Cody, The Status tab -> Adaptive Ban Plugin Status: only shows banned hosts by the adaptive-ban plugin using the current /var/log/messages file. Lonnie > On Aug 11, 2018, at 2:26 PM, Cody Alderson <ald...@gm...> wrote: > > Micheal Keuter, > > Thank you. Yes, it is the entry in user.conf that I placed. I remember that now. I checked, and it is still present. Does the status screen for banned hosts list all the banned hosts in the log or just a few of them? Just curious. Thank you for the info on permanently blocking IP addresses. > > Cody > > > > On Sat, Aug 11, 2018 at 12:20 PM, Michael Keuter <li...@mk...> wrote: > > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently block IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael > > http://www.mksolutions.info > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Cody A. <ald...@gm...> - 2018-08-11 19:26:33
|
Micheal Keuter, Thank you. Yes, it is the entry in user.conf that I placed. I remember that now. I checked, and it is still present. Does the status screen for banned hosts list all the banned hosts in the log or just a few of them? Just curious. Thank you for the info on permanently blocking IP addresses. Cody On Sat, Aug 11, 2018 at 12:20 PM, Michael Keuter <li...@mk...> wrote: > > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the > entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set > "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently > block IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in > "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael > > http://www.mksolutions.info > > > > |
|
From: Lonnie A. <li...@lo...> - 2018-08-11 19:07:51
|
> On Aug 11, 2018, at 11:20 AM, Michael Keuter <li...@mk...> wrote: > > >> Am 11.08.2018 um 18:10 schrieb Cody Alderson <ald...@gm...>: >> >> Hi, >> >> I made changes based on recommendations here to have the banned hosts persist after a reboot. On the status screen there was a long list of banned hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, and I noticed the list has far fewer IP addresses than it used to. Note that I also upgraded Astlinux to the most recent stable version. >> >> My question is, did upgrading make the change I put in place to keep the banned hosts after a reboot back to some default I do not know about? Another issue is that I did not write down the change I made to have the banned hosts persist after a reboot, so I can't even check it. >> >> So, would someone please advise me as to what I likely changed to have banned hosts persist after a reboot? Also, does upgrading Astlinux switch any user changes to default software configurations back to defaults? >> >> Thank you, >> >> Cody > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently block IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael +1 Michael Cody, if you are getting a lot of banned IP's from the adaptive-ban plugin, it may be a good time to re-think what is exposed to the public internet. 1) If you don't have SIP clients accessing remotely, then there is no need to allow UDP 5060 from the public. 2) If you must allow public SIP clients, look at the dyndns-host-open plugin to restrict access or the sip-user-agent plugin with SIP_USER_AGENT_PASS_TYPES defined. 3) Consider using a VPN for clients to access remotely. Overlapping layers of security to tighten public access is good practice. Lonnie |
|
From: Michael K. <li...@mk...> - 2018-08-11 16:20:56
|
> Am 11.08.2018 um 18:10 schrieb Cody Alderson <ald...@gm...>: > > Hi, > > I made changes based on recommendations here to have the banned hosts persist after a reboot. On the status screen there was a long list of banned hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, and I noticed the list has far fewer IP addresses than it used to. Note that I also upgraded Astlinux to the most recent stable version. > > My question is, did upgrading make the change I put in place to keep the banned hosts after a reboot back to some default I do not know about? Another issue is that I did not write down the change I made to have the banned hosts persist after a reboot, so I can't even check it. > > So, would someone please advise me as to what I likely changed to have banned hosts persist after a reboot? Also, does upgrading Astlinux switch any user changes to default software configurations back to defaults? > > Thank you, > > Cody Hi Cody, the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the entries in the "/var/log/messages" file (like Fail2Ban works too). Usually the log file is deleted on reboot, unless you have manually set "PERSISTLOG=yes" in your "user.conf". But depending on how your firewall is configured, you can permanently block IP-addresses either in "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in "/mnt/kd/blocklists/blocked-hosts.netset" https://doc.astlinux.org/userdoc:tt_firewall_external_block_list Michael http://www.mksolutions.info |
|
From: Cody A. <ald...@gm...> - 2018-08-11 16:10:53
|
Hi, I made changes based on recommendations here to have the banned hosts persist after a reboot. On the status screen there was a long list of banned hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, and I noticed the list has far fewer IP addresses than it used to. Note that I also upgraded Astlinux to the most recent stable version. My question is, did upgrading make the change I put in place to keep the banned hosts after a reboot back to some default I do not know about? Another issue is that I did not write down the change I made to have the banned hosts persist after a reboot, so I can't even check it. So, would someone please advise me as to what I likely changed to have banned hosts persist after a reboot? Also, does upgrading Astlinux switch any user changes to default software configurations back to defaults? Thank you, Cody |
|
From: Michael K. <mic...@ip...> - 2018-08-11 00:54:42
|
Grrr it works fine in Chrome but not with Firefox!
Why would it only be this Astlinux box that this happens?
Regards
Michael Knill
On 10/8/18, 11:02 pm, "Lonnie Abelbeck" <li...@lo...> wrote:
> So you think I need to regenerate the self signed certificate?
If you are using a self-signed cert then your browser needs an exception for it to be trusted, I might try a different browser to help understand where the problem is.
It could be how the browser handles Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)
Ref: https://devcentral.f5.com/articles/security-sidebar-my-browser-has-no-idea-your-certificate-was-just-revoked-19963
For example, I recall some time ago, that one of the common optional blocklists (voipbl) used with AstLinux blocked a CRL server, this could explain a 20 sec. delay if the browser's network path went through such a blocklist.
But, would a CRL/OCSP be used with a self-signed cert exception ? Possibly dependent on the browser.
Please pass on any knowledge you gain on this.
Lonnie
> On Aug 9, 2018, at 11:28 PM, Michael Knill <mic...@ip...> wrote:
>
> It returned immediately.
> So you think I need to regenerate the self signed certificate?
>
> Regards
> Michael Knill
>
> On 10/8/18, 12:39 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>
> Hi Michael,
>
> If you ssh into the box, try
> --
> time curl -Lk https://127.0.0.1
> --
> If this completes in much less than the 20 seconds you are seeing in a browser, it could be related to the browser's certificate validation.
>
> If this also takes 20 seconds ... I'm stumped.
>
> Lonnie
>
>
>
>> On Aug 9, 2018, at 2:16 AM, Michael Knill <mic...@ip...> wrote:
>>
>> Hi Michael
>>
>> This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹
>>
>> Regards
>> Michael Knill
>>
>> On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote:
>>
>>
>>> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>:
>>>
>>> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up.
>>> Its certainly not a resource or network issue.
>>> Plenty of var space:
>>> Filesystem Size Used Available Use% Mounted on
>>> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom
>>> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw
>>> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd
>>>
>>> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc.
>>>
>>> Regards
>>> Michael Knill
>>
>> BTW: Have you tried it with a clean install image from our website?
>>
>>> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>
>>> Try running "htop" via the CLI while you are trying to access the web interface.
>>>
>>> If the htop usage stays reasonably low, then it most likely is a network-ish issue.
>>>
>>> If you are traffic shaping, make sure it is not a typo too low.
>>>
>>> If HTTPS logs are enabled and you are out of /var/ space that could be an issue.
>>>
>>> Lonnie
>>>
>>>
>>>
>>>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote:
>>>>
>>>> Nope it doesn't matter whether its local or remote SSH.
>>>> Im quite certain its not a network problem.
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>>
>>>> I have not seen such a thing. Does sound like a local network issue.
>>>>
>>>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's.
>>>>
>>>> Are you using a numeric IP or DNS name ? Self-signed or ACME ?
>>>>
>>>> Lonnie
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote:
>>>>>
>>>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump?
>>>>>
>>>>> Regards
>>>>> Michael Knill
>>>>>
>>>>> From: David Kerr <da...@ke...>
>>>>> Reply-To: AstLinux List <ast...@li...>
>>>>> Date: Wednesday, 8 August 2018 at 10:54 pm
>>>>> To: AstLinux List <ast...@li...>
>>>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow
>>>>>
>>>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering.
>>>>>
>>>>> David
>>>>>
>>>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote:
>>>>>> Hi Group
>>>>>>
>>>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time.
>>>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up.
>>>>>>
>>>>>> Any ideas where I should start troubleshooting?
>>>>>>
>>>>>> Regards
>>>>>> Michael Knill
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Lonnie A. <li...@lo...> - 2018-08-10 13:02:01
|
> So you think I need to regenerate the self signed certificate? If you are using a self-signed cert then your browser needs an exception for it to be trusted, I might try a different browser to help understand where the problem is. It could be how the browser handles Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) Ref: https://devcentral.f5.com/articles/security-sidebar-my-browser-has-no-idea-your-certificate-was-just-revoked-19963 For example, I recall some time ago, that one of the common optional blocklists (voipbl) used with AstLinux blocked a CRL server, this could explain a 20 sec. delay if the browser's network path went through such a blocklist. But, would a CRL/OCSP be used with a self-signed cert exception ? Possibly dependent on the browser. Please pass on any knowledge you gain on this. Lonnie > On Aug 9, 2018, at 11:28 PM, Michael Knill <mic...@ip...> wrote: > > It returned immediately. > So you think I need to regenerate the self signed certificate? > > Regards > Michael Knill > > On 10/8/18, 12:39 am, "Lonnie Abelbeck" <li...@lo...> wrote: > > Hi Michael, > > If you ssh into the box, try > -- > time curl -Lk https://127.0.0.1 > -- > If this completes in much less than the 20 seconds you are seeing in a browser, it could be related to the browser's certificate validation. > > If this also takes 20 seconds ... I'm stumped. > > Lonnie > > > >> On Aug 9, 2018, at 2:16 AM, Michael Knill <mic...@ip...> wrote: >> >> Hi Michael >> >> This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹ >> >> Regards >> Michael Knill >> >> On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote: >> >> >>> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>: >>> >>> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up. >>> Its certainly not a resource or network issue. >>> Plenty of var space: >>> Filesystem Size Used Available Use% Mounted on >>> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom >>> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw >>> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd >>> >>> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc. >>> >>> Regards >>> Michael Knill >> >> BTW: Have you tried it with a clean install image from our website? >> >>> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote: >>> >>> Try running "htop" via the CLI while you are trying to access the web interface. >>> >>> If the htop usage stays reasonably low, then it most likely is a network-ish issue. >>> >>> If you are traffic shaping, make sure it is not a typo too low. >>> >>> If HTTPS logs are enabled and you are out of /var/ space that could be an issue. >>> >>> Lonnie >>> >>> >>> >>>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote: >>>> >>>> Nope it doesn't matter whether its local or remote SSH. >>>> Im quite certain its not a network problem. >>>> >>>> Regards >>>> Michael Knill >>>> >>>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote: >>>> >>>> I have not seen such a thing. Does sound like a local network issue. >>>> >>>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's. >>>> >>>> Are you using a numeric IP or DNS name ? Self-signed or ACME ? >>>> >>>> Lonnie >>>> >>>> >>>> >>>> >>>> >>>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote: >>>>> >>>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump? >>>>> >>>>> Regards >>>>> Michael Knill >>>>> >>>>> From: David Kerr <da...@ke...> >>>>> Reply-To: AstLinux List <ast...@li...> >>>>> Date: Wednesday, 8 August 2018 at 10:54 pm >>>>> To: AstLinux List <ast...@li...> >>>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow >>>>> >>>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering. >>>>> >>>>> David >>>>> >>>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote: >>>>>> Hi Group >>>>>> >>>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time. >>>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up. >>>>>> >>>>>> Any ideas where I should start troubleshooting? >>>>>> >>>>>> Regards >>>>>> Michael Knill |
|
From: Michael K. <mic...@ip...> - 2018-08-10 04:28:44
|
It returned immediately.
So you think I need to regenerate the self signed certificate?
Regards
Michael Knill
On 10/8/18, 12:39 am, "Lonnie Abelbeck" <li...@lo...> wrote:
Hi Michael,
If you ssh into the box, try
--
time curl -Lk https://127.0.0.1
--
If this completes in much less than the 20 seconds you are seeing in a browser, it could be related to the browser's certificate validation.
If this also takes 20 seconds ... I'm stumped.
Lonnie
> On Aug 9, 2018, at 2:16 AM, Michael Knill <mic...@ip...> wrote:
>
> Hi Michael
>
> This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹
>
> Regards
> Michael Knill
>
> On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote:
>
>
>> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>:
>>
>> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up.
>> Its certainly not a resource or network issue.
>> Plenty of var space:
>> Filesystem Size Used Available Use% Mounted on
>> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom
>> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw
>> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd
>>
>> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc.
>>
>> Regards
>> Michael Knill
>
> BTW: Have you tried it with a clean install image from our website?
>
>> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>
>> Try running "htop" via the CLI while you are trying to access the web interface.
>>
>> If the htop usage stays reasonably low, then it most likely is a network-ish issue.
>>
>> If you are traffic shaping, make sure it is not a typo too low.
>>
>> If HTTPS logs are enabled and you are out of /var/ space that could be an issue.
>>
>> Lonnie
>>
>>
>>
>>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote:
>>>
>>> Nope it doesn't matter whether its local or remote SSH.
>>> Im quite certain its not a network problem.
>>>
>>> Regards
>>> Michael Knill
>>>
>>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>>
>>> I have not seen such a thing. Does sound like a local network issue.
>>>
>>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's.
>>>
>>> Are you using a numeric IP or DNS name ? Self-signed or ACME ?
>>>
>>> Lonnie
>>>
>>>
>>>
>>>
>>>
>>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote:
>>>>
>>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump?
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> From: David Kerr <da...@ke...>
>>>> Reply-To: AstLinux List <ast...@li...>
>>>> Date: Wednesday, 8 August 2018 at 10:54 pm
>>>> To: AstLinux List <ast...@li...>
>>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow
>>>>
>>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering.
>>>>
>>>> David
>>>>
>>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote:
>>>>> Hi Group
>>>>>
>>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time.
>>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up.
>>>>>
>>>>> Any ideas where I should start troubleshooting?
>>>>>
>>>>> Regards
>>>>> Michael Knill
>
>
> Michael
>
> http://www.mksolutions.info
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Lonnie A. <li...@lo...> - 2018-08-09 14:38:57
|
Hi Michael, If you ssh into the box, try -- time curl -Lk https://127.0.0.1 -- If this completes in much less than the 20 seconds you are seeing in a browser, it could be related to the browser's certificate validation. If this also takes 20 seconds ... I'm stumped. Lonnie > On Aug 9, 2018, at 2:16 AM, Michael Knill <mic...@ip...> wrote: > > Hi Michael > > This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹ > > Regards > Michael Knill > > On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote: > > >> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>: >> >> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up. >> Its certainly not a resource or network issue. >> Plenty of var space: >> Filesystem Size Used Available Use% Mounted on >> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom >> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw >> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd >> >> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc. >> >> Regards >> Michael Knill > > BTW: Have you tried it with a clean install image from our website? > >> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote: >> >> Try running "htop" via the CLI while you are trying to access the web interface. >> >> If the htop usage stays reasonably low, then it most likely is a network-ish issue. >> >> If you are traffic shaping, make sure it is not a typo too low. >> >> If HTTPS logs are enabled and you are out of /var/ space that could be an issue. >> >> Lonnie >> >> >> >>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote: >>> >>> Nope it doesn't matter whether its local or remote SSH. >>> Im quite certain its not a network problem. >>> >>> Regards >>> Michael Knill >>> >>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote: >>> >>> I have not seen such a thing. Does sound like a local network issue. >>> >>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's. >>> >>> Are you using a numeric IP or DNS name ? Self-signed or ACME ? >>> >>> Lonnie >>> >>> >>> >>> >>> >>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote: >>>> >>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump? >>>> >>>> Regards >>>> Michael Knill >>>> >>>> From: David Kerr <da...@ke...> >>>> Reply-To: AstLinux List <ast...@li...> >>>> Date: Wednesday, 8 August 2018 at 10:54 pm >>>> To: AstLinux List <ast...@li...> >>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow >>>> >>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering. >>>> >>>> David >>>> >>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote: >>>>> Hi Group >>>>> >>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time. >>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up. >>>>> >>>>> Any ideas where I should start troubleshooting? >>>>> >>>>> Regards >>>>> Michael Knill > > > Michael > > http://www.mksolutions.info > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Michael K. <mic...@ip...> - 2018-08-09 07:16:57
|
Hi Michael
This is not a new site, its an existing one. All the clean installs work fine. This was my last resort ☹
Regards
Michael Knill
On 9/8/18, 4:50 pm, "Michael Keuter" <li...@mk...> wrote:
> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>:
>
> Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up.
> Its certainly not a resource or network issue.
> Plenty of var space:
> Filesystem Size Used Available Use% Mounted on
> /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom
> /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw
> /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd
>
> Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc.
>
> Regards
> Michael Knill
BTW: Have you tried it with a clean install image from our website?
> On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>
> Try running "htop" via the CLI while you are trying to access the web interface.
>
> If the htop usage stays reasonably low, then it most likely is a network-ish issue.
>
> If you are traffic shaping, make sure it is not a typo too low.
>
> If HTTPS logs are enabled and you are out of /var/ space that could be an issue.
>
> Lonnie
>
>
>
>> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote:
>>
>> Nope it doesn't matter whether its local or remote SSH.
>> Im quite certain its not a network problem.
>>
>> Regards
>> Michael Knill
>>
>> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote:
>>
>> I have not seen such a thing. Does sound like a local network issue.
>>
>> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's.
>>
>> Are you using a numeric IP or DNS name ? Self-signed or ACME ?
>>
>> Lonnie
>>
>>
>>
>>
>>
>>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote:
>>>
>>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump?
>>>
>>> Regards
>>> Michael Knill
>>>
>>> From: David Kerr <da...@ke...>
>>> Reply-To: AstLinux List <ast...@li...>
>>> Date: Wednesday, 8 August 2018 at 10:54 pm
>>> To: AstLinux List <ast...@li...>
>>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow
>>>
>>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering.
>>>
>>> David
>>>
>>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote:
>>>> Hi Group
>>>>
>>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time.
>>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up.
>>>>
>>>> Any ideas where I should start troubleshooting?
>>>>
>>>> Regards
>>>> Michael Knill
Michael
http://www.mksolutions.info
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Michael K. <li...@mk...> - 2018-08-09 06:50:10
|
> Am 09.08.2018 um 01:29 schrieb Michael Knill <mic...@ip...>: > > Ok I did htop and it was basically nothing while I was waiting and then a quick couple of percent when the page came up. > Its certainly not a resource or network issue. > Plenty of var space: > Filesystem Size Used Available Use% Mounted on > /dev/sda1 255.6M 97.6M 158.1M 38% /oldroot/cdrom > /dev/sda2 247.9M 50.8M 184.3M 22% /oldroot/mnt/asturw > /dev/sda3 27.0G 527.9M 25.1G 2% /mnt/kd > > Its certainly waiting for something. PS I also did an upgrade which didn't fix it so it's not a corrupted binary etc. > > Regards > Michael Knill BTW: Have you tried it with a clean install image from our website? > On 9/8/18, 9:21 am, "Lonnie Abelbeck" <li...@lo...> wrote: > > Try running "htop" via the CLI while you are trying to access the web interface. > > If the htop usage stays reasonably low, then it most likely is a network-ish issue. > > If you are traffic shaping, make sure it is not a typo too low. > > If HTTPS logs are enabled and you are out of /var/ space that could be an issue. > > Lonnie > > > >> On Aug 8, 2018, at 5:53 PM, Michael Knill <mic...@ip...> wrote: >> >> Nope it doesn't matter whether its local or remote SSH. >> Im quite certain its not a network problem. >> >> Regards >> Michael Knill >> >> On 9/8/18, 7:52 am, "Lonnie Abelbeck" <li...@lo...> wrote: >> >> I have not seen such a thing. Does sound like a local network issue. >> >> Are you accessing it via a LAN device ? If so, (ex eth1) try "arp-scan -l -I eth1" to look for duplicate IP's. >> >> Are you using a numeric IP or DNS name ? Self-signed or ACME ? >> >> Lonnie >> >> >> >> >> >>> On Aug 8, 2018, at 4:43 PM, Michael Knill <mic...@ip...> wrote: >>> >>> No its every transaction on any page and I am talking 20 seconds here. Its like its waiting for a DNS timeout or something but I couldn't see anything with tcpdump? >>> >>> Regards >>> Michael Knill >>> >>> From: David Kerr <da...@ke...> >>> Reply-To: AstLinux List <ast...@li...> >>> Date: Wednesday, 8 August 2018 at 10:54 pm >>> To: AstLinux List <ast...@li...> >>> Subject: Re: [Astlinux-users] Astlinux Web GUI slow >>> >>> Every page or just one in particular? I have found that the status page can be slow to display if you have enabled a lot of the sections. In that case one of the culprits seems to be DNS lookups (e.g. to list hosts for NTP time sources, etc.). Lonnie and I did some work recently to speed up that page by "multi threading" some of the data gathering. >>> >>> David >>> >>> On Wed, Aug 8, 2018 at 6:55 AM, Michael Knill <mic...@ip...> wrote: >>>> Hi Group >>>> >>>> Im sure I have fixed this issue before but I cant remember what the problem was. Think I may document it this time. >>>> I have a site where the web GUI is very delayed e.g. it take a number of seconds for each page to come up. >>>> >>>> Any ideas where I should start troubleshooting? >>>> >>>> Regards >>>> Michael Knill Michael http://www.mksolutions.info |
63 messages has been excluded from this view by a project administrator.
