Murus Not Auto-Starting at Boot

Murus
Post Reply
BrandonNC
Posts: 9
Joined: Tue May 12, 2015 4:08 am

Murus Not Auto-Starting at Boot

Post by BrandonNC » Wed Dec 09, 2015 4:19 pm

I've done a clean install of El Capitan (and thus Murus as well) and everything works fine except for the fact that Murus does not auto-start at boot time. Whenever I reboot the machine I have to log in, manually start Murus, then click the "play" button in the top right corner. This changes the single orange dot to two green dots. I've tried repeatedly to use the Firewall -> Boot Scripts -> Install Boot scripts option and each time Murus tells me the boot scripts were installed successfully, but as soon as I reboot and go back into Murus, the dot in the corner is orange again indicating that the default mac firewall stuff is active (and not Murus). As mentioned, clicking the play button to start murus works fine and the orange dot changes to two green dots.

Any idea what I can do to fix this?

It should be noted that before I re-installed El Capitan, Murus started automatically just fine.

Thanks in advance.

hany
Posts: 454
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus Not Auto-Starting at Boot

Post by hany » Sun Dec 13, 2015 4:12 pm

Troubleshooting this issue is a pain, I'm sorry, I must ask you to do some annoying things in order to understand what happens :)

1) the first thing to do is to see if the issue occurs using the Murus default configuration too. So please select Murus "Firewall" menu in OS X menu bar, then click the first menu item "restore default configuration". Then from the Firewall->Boot Scripts menu please UNINSTALL boot scripts, and immediately after INSTALL boot scripts again. Reboot your Mac and see if it works.

If it does not work then...
2) please download ONYX, it's a free tool for OS X. It solved some Murus issues in the past, it could be the same for you, hopefully. You can get ONYX from this web site http://www.titanium.free.fr/onyx.html. Please be sure to download the correct version for El Capitan. After running the ONYX cleaning procedure, please repeat STEP 1 described above.

If it does not work then...
3) please open Terminal.app from Applications/Utility folder and type these commands, then please show me the resulting output:

Code: Select all

ls -la /Library/LaunchDaemons

Code: Select all

ls -la /etc/murus*
Thanks

BrandonNC
Posts: 9
Joined: Tue May 12, 2015 4:08 am

Re: Murus Not Auto-Starting at Boot

Post by BrandonNC » Thu Jan 21, 2016 11:03 pm

hany,

Sorry for the late reply. Since my original post I have updated to 1.3.6 and still the same issue. I tried your suggestions and the problem persists. I decided to add some debugging to your /etc/murus.sh script, I basically redirect STDOUT and STDERR to /tmp/murus.log now so that I can see the output from the pfctl commands, I notice the following after a clean boot:

Code: Select all

$ cat /tmp/murus.log
No ALTQ support in kernel
ALTQ related functions disabled
pf enabled
Token : 8608051791229891987
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
no IP address found for en0:network
/etc/murus/murus.nat:1: could not parse host specification
no IP address found for en0
/etc/murus/murus.nat:2: could not parse host specification
pfctl: Syntax error in config file: pf rules not loaded
pfctl: load anchors
As you can see, it looks like Murus is trying to load before en0 has acquired an IP address from DHCP. If I log in and run /etc/murus.sh manually, it starts fine and the light in Murus turns from orange to green. I do see in your murus.sh:

Code: Select all

ipconfig waitall
sleep 7
But does the waitall option also wait for DHCP? We use spanning-tree so it often takes 20+ seconds for the switchport to begin forwarding and allow the DHCP packets, so often there is no IP for a bit when the machine first boots.

Any ideas?

BrandonNC
Posts: 9
Joined: Tue May 12, 2015 4:08 am

Re: Murus Not Auto-Starting at Boot

Post by BrandonNC » Thu Jan 21, 2016 11:11 pm

hany,

Just to note, I was able to resolve this by changing the "sleep 7" line in murus.sh instead to "sleep 30". The longer sleep seems to give my Cisco 3950 switch enough time to begin forwarding packets and allow the machine to get an IP address before the pfctl commands are executed.

Perhaps there should be a setting in the GUI to alter the sleep time before murus starts pfctl, or perhaps the default of 7 should simply be increased?

Thanks

shields
Posts: 3
Joined: Fri Nov 06, 2015 4:32 am

Re: Murus Not Auto-Starting at Boot

Post by shields » Sat Jun 04, 2016 5:50 pm

FYI - BrandonNC's 'fix' solved this exact problem for me.

rommulussmith
Posts: 2
Joined: Wed Jun 10, 2015 7:02 pm

Re: Murus Not Auto-Starting at Boot

Post by rommulussmith » Thu Sep 08, 2016 1:17 am

OP I <3 you.

Your solution worked a treat.

Great work!

aluff
Posts: 9
Joined: Fri Jul 24, 2015 6:33 pm

Re: Murus Not Auto-Starting at Boot

Post by aluff » Thu Sep 08, 2016 4:43 pm

I also tried this from a clean OS X 10.11 install and had the same problem. The proposed fix of delaying the startup further did not work for me unfortunately. I'd like to hear what's being done to address this in Murus.

hany
Posts: 454
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus Not Auto-Starting at Boot

Post by hany » Fri Sep 09, 2016 12:41 pm

aluff please post your interfaces configuration.
Just open the Terminal and type

ifconfig

and paste here your result.
If you mind about privacy you can grey out your ip addresses :)

aluff
Posts: 9
Joined: Fri Jul 24, 2015 6:33 pm

Re: Murus Not Auto-Starting at Boot

Post by aluff » Wed Sep 21, 2016 9:13 pm

Code: Select all

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 xxxx prefixlen 64 scopeid 0x1
        nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether xxxx
        inet 10.129.3.63 netmask 0xffffff00 broadcast 10.129.3.255
        inet6 xxxx%en0 prefixlen 64 secured scopeid 0x5
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
        options=60<TSO4,TSO6>
        ether xxxx
        media: autoselect <full-duplex>
        status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
        options=60<TSO4,TSO6>
        ether xxxxx
        media: autoselect <full-duplex>
        status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
        ether xxxx
        media: autoselect
        status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
        ether xxxx
        inet6 xxxx%awdl0 prefixlen 64 scopeid 0x9
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=63<RXCSUM,TXCSUM,TSO4,TSO6>
        ether xxxx
        Configuration:
                id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
                maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
                root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
                ipfilter disabled flags 0x2
        member: en1 flags=3<LEARNING,DISCOVER>
                ifmaxaddr 0 port 6 priority 0 path cost 0
        member: en2 flags=3<LEARNING,DISCOVER>
                ifmaxaddr 0 port 7 priority 0 path cost 0
        nd6 options=201<PERFORMNUD,DAD>
        media: <unknown type>
        status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
        inet6 xxxxx%utun0 prefixlen 64 scopeid 0xb
        nd6 options=201<PERFORMNUD,DAD>
ipsec0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1430
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33080
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
        inet6 xxxx%utun1 prefixlen 64 scopeid 0xe
        inet6 xxxx prefixlen 64
        nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
        inet6 xxxx%utun2 prefixlen 64 scopeid 0xf
        nd6 options=201<PERFORMNUD,DAD>
gpd0: flags=8862<BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1400
        ether xxxx
        inet 10.129.21.87 netmask 0xffffffff broadcast 10.129.21.87
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
        ether xxxx
        inet6 xxxx%en5 prefixlen 64 secured scopeid 0x4
        inet 10.129.1.42 netmask 0xffffff00 broadcast 10.129.1.255
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect (1000baseT <full-duplex,flow-control>)
        status: active

Post Reply