Error launching monitoring using UI
-
Hmm, I can't replicate that even on a clean install.
You have an OpenVPN server created I assume? Is it assigned as an interface?
-
@stephenw10, thank you!
This was it! I didn't have OpenVPN server setup - as I said, it was a new installation... In retrospect, it probably would be nice to get a message like "Dummy, go create an OpenVPN server first!", or something similar, instead of an error.
-
It absolutely shouldn't error out like that without an OpenVPN entry. I tested it without one first and couldn't replicate it. There must have been something different in your config. What config had you made when it was showing it, just in general?
Since you didn't have an OpenVPN server defined the monitoring graphs shouldn't have even offered to show that. The default graph there isn't that either. This was happening just trying to access Status > Monitoring, not when selecting a data set to graph there right?
-
@stephenw10, I don't think there is anything crazy in my systems other than maybe dual WAN providers.
A few packages have been installed:Some basic rules, a few VLANs and nothing else worth noting. Anything specifically you are looking for?
-
The error you're hitting is an OpenVPN config condition so something related to that. Do you have an OpenVPN client configured perhaps?
-
@stephenw10
no, I don't have anything, other then basic server, configured at this time. No clients and no custom overrides. -
Hmm. And, just to be clear, you are no longer seeing it after adding the server?
Are you able to test removing the server? I expect it to still work in that situation. Errors like that are almost always because nothing has ever been configured. -
I see quite a few places in the code on that page where it could have issues with PHP 8.1, though I haven't managed to replicate any errors yet here either.
-
https://redmine.pfsense.org/issues/13892
I have an update pushed which should take care of any potential PHP 8.1 issues I could find in the code. It should start showing up in builds tomorrow.
-
@stephenw10
If I remove the instance of the server, I get my error back:PHP ERROR: Type: 1, File: /usr/local/www/status_monitoring.php, Line: 287, Message: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/status_monitoring.php:287 Stack trace: #0 {main} thrown @ 2023-01-23 12:43:33
-
Ah, interesting. Well now you can try the above commit via the System Patches package if you wish. or just wait for the next snapshot.
-
@stephenw10
great, thank you very much @stephenw10 and @jimp!
I will install a new snapshot in the morning and report the result. -
@jimp and @stephenw10 - you are the best!
The original Monitoring error issue is gone - tested with and without the OpenVPN server being defined.
Now I'm faced with another issue - OpenVPN service fails to start. Tried nuking and re-creating the server as UDP only and as TCP only, made sure the firewall rules have been created. No dice.The only thing that makes mike installation different from "vanila" is dual gateway setup, but that should be completely transparent, no?
-
Indeed, dual gateway shouldn't make any difference.
Do you see errors in the system or openvpn logs?
-
Ok, so the issue seems to be an empty cert file:
Jan 24 08:01:01 pfSense openvpn[61036]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate Jan 24 08:01:01 pfSense openvpn[61036]: OpenVPN 2.5.7 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Oct 26 2022 Jan 24 08:01:01 pfSense openvpn[61036]: library versions: OpenSSL 1.1.1q-freebsd 5 Jul 2022, LZO 2.10 Jan 24 08:01:01 pfSense openvpn[61036]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 24 08:01:01 pfSense openvpn[61036]: OpenSSL: error:0909006C:PEM routines:get_name:no start line Jan 24 08:01:01 pfSense openvpn[61036]: OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Jan 24 08:01:01 pfSense openvpn[61036]: Cannot load certificate file /var/etc/openvpn/server1/cert Jan 24 08:01:01 pfSense openvpn[61036]: Exiting due to fatal error
Any idea how to force the cert to be regenerated?
-
Make sure the cert exists in the cert manager (System > Cert Manager). If not create a new one there and then edit the OpenVPN instance to use it.
-
That worked. For some reason, when I initially told the setup to create a new certificate, it just created a private key and not the certificate. Jan 24 build however worked!