After updating from 145->147, I started getting hundreds of emails from WIO regarding my ipsec connection being on.
Subject: WIO IPsec - - Active - Mon, 03.08.2020 06:50:01
As a stop-gap, I disabled IPFire’s Mail Service. Anyone else have this happen?
As a test, I re-enabled the Mail Service and the emails started flowing again, to the point where I hit my mail server’s hourly limit and all emails stopped to my account. I now have to wait an hour for my email to start flowing again.
Just an update: there were so many emails that were queued in the system that the load on IPFire skyrocketed, causing internet access to cut in and out. In particular, the IRQ CPU usage and System CPU usage jumped and bogged the firewall down. It looks like as all the queued emails are working their way through and I’m deleting thousands of them as they hit my inbox. It appears as if they’re done (I’d disabled the Mail Server and WIO about 20 minutes ago) and the cpu usage is going back to normal.
Hello,
the problem is unknown.
Use the Core 147 here and there is no problem when monitoring IPSec connections.
Ever created a backup of WIO, uninstalled WIO and reinstalled?
WIO IPsec monitoring disabled to see what happens?
Best regards
sfeddersen
Yes, I took a backup of WIO before the update. For now we are in the middle of a workday so I have to wait for more experimenting. For now I have WIO completely disabled and Mail Service. I will start with the mail service, then disable IPSEC monitoring before turning WIO back on, then go from there. Perhaps another reboot of the firewall will help as well.
edit: these WIO notifications are still arriving in my inbox with send times from this morning. I get them in bunches of 50-1500 and immediately mass-delete them. I’m using IMAP so they should not be redelivering from the mail server. Not sure why they keep trickling in 8 hours later, but at least IPFire’s cpu usage is almost nil and no more internet loss. Afterhours I will reboot IPFire to see if that flushes the rest of them out. It could be that my mail server was so flooded that it’s sending them out in batches to keep from saturating the system.
Looks like I finally killed the onslaught by creating a filter in webmail to discard all messages starting with ‘WIO IPsec’
There were well over 100,000 emails that were deleted. I’m scared to death to re-enable WIO IPsec. No one else has had this happen?
Hello,
please post the wio.conf from /var/ipfire/wio and wio from /etc/fcron.minutely.
Many thanks
sfeddersen
OVPNRWMAIL=on
CLIENTREMARK=on
MAILREMARK=off
CRON=15
ENABLE=off
LOGGING=off
TIMEOUT=01
SORT=IPADR
MAILSTYLE=email
OVPNCRON=05
#!/bin/bash
#
# Script to run wio helpers
#
. /var/ipfire/wio/wio.conf
MINUTE=`date +%M`
if [ $ENABLE == on ]; then
if [ $(($MINUTE%$CRON)) == 0 ]; then
/var/ipfire/wio/wio.pl > /dev/null
fi
if [ $OVPNRWMAIL == on ]; then
if [ $(($MINUTE%$OVPNCRON)) == 0 ]; then
/var/ipfire/wio/wiovpn.pl > /dev/null
fi
else
rm -f /var/log/wio/.vpncache
rm -f /var/log/wio/.ovpncache
fi
fiCore 155. Exactly the same here today. No changes in the config for at least 5 days and sudenly it started sending thousands of WIO emails. High CPU usage, high memory usage.
Hello,
very interesting feedback.
At the moment I cannot judge what has changed in the last IPFire Core updates, but it seems to have an impact on the WIO addon. I find it strange that it occurs suddenly without any changes or settings being made knowingly.
With Core Update 156 there are also problems with the hardwired theme and the graphs. Some users complain of an unusable WIO …
Yes, I take care of the addon, but only in my free time and when I have the time.
I already have changes for some problems, but I’m not sure how things will or should go on with the addon in the long term … it could be possible that I will discontinue the addon.
Best
Stephan
Thanks for the add on. I use it mostly to know when someone login into IPSec.
The problem right now is how to turn it off.
I did tried disable WIO and MAIL but I am still receiving emails on my inbox.
Right now I also disabled “Enable OpenVPN RW and IPsec Statusmails?”
Hopefully to see the email sending stop.
Is there any way to flush the unsent emails queue on ipfire?
Looks like IPfire use DMA mail. The queue is at /var/spool/dma.
Apparently disabling WIO did stop new emails.
It’s just the DMA queue filled up with >18000 unsent emails.
Disabling MAIL didn’t stop sending emails in the queue.
It doesn’t explain what happened.
Most emails are kind of empty and clearly related to IPsec active or inactive.
Client : (there is no client identified)
Login : Wed, 28.04.2021 15:40:00 (there are dozens with same time)
Status : Active
Remark :
Hoep this help someone.
Miguel - I am not a DMA user so this is a guess on my part…
EDIT: Also see this thread:
Thanks for the tip.
Your guess is correct.
Go to /var/spool/dma and delete all files.
I deleted all except a file called “flush”, that one doesn’t look like an email!