Error launching monitoring using UI

stephenw10

It absolutely shouldn't error out like that without an OpenVPN entry. I tested it without one first and couldn't replicate it. There must have been something different in your config. What config had you made when it was showing it, just in general?

Since you didn't have an OpenVPN server defined the monitoring graphs shouldn't have even offered to show that. The default graph there isn't that either. This was happening just trying to access Status > Monitoring, not when selecting a data set to graph there right?

yuryk

@stephenw10, I don't think there is anything crazy in my systems other than maybe dual WAN providers.
A few packages have been installed:

Some basic rules, a few VLANs and nothing else worth noting. Anything specifically you are looking for?

stephenw10

The error you're hitting is an OpenVPN config condition so something related to that. Do you have an OpenVPN client configured perhaps?

yuryk

@stephenw10
no, I don't have anything, other then basic server, configured at this time. No clients and no custom overrides.

stephenw10

Hmm. And, just to be clear, you are no longer seeing it after adding the server?
Are you able to test removing the server? I expect it to still work in that situation. Errors like that are almost always because nothing has ever been configured.

jimp

I see quite a few places in the code on that page where it could have issues with PHP 8.1, though I haven't managed to replicate any errors yet here either.

jimp

https://redmine.pfsense.org/issues/13892

I have an update pushed which should take care of any potential PHP 8.1 issues I could find in the code. It should start showing up in builds tomorrow.

yuryk

@stephenw10
If I remove the instance of the server, I get my error back:

PHP ERROR: Type: 1, File: /usr/local/www/status_monitoring.php, Line: 287, Message: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/status_monitoring.php:287
Stack trace:
#0 {main}
thrown @ 2023-01-23 12:43:33

stephenw10

Ah, interesting. Well now you can try the above commit via the System Patches package if you wish. or just wait for the next snapshot.

yuryk

@stephenw10
great, thank you very much @stephenw10 and @jimp!
I will install a new snapshot in the morning and report the result.

yuryk

@jimp and @stephenw10 - you are the best!

The original Monitoring error issue is gone - tested with and without the OpenVPN server being defined.
Now I'm faced with another issue - OpenVPN service fails to start. Tried nuking and re-creating the server as UDP only and as TCP only, made sure the firewall rules have been created. No dice.

The only thing that makes mike installation different from "vanila" is dual gateway setup, but that should be completely transparent, no?

stephenw10

Indeed, dual gateway shouldn't make any difference.

Do you see errors in the system or openvpn logs?

yuryk

Ok, so the issue seems to be an empty cert file:

Jan 24 08:01:01 pfSense openvpn[61036]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Jan 24 08:01:01 pfSense openvpn[61036]: OpenVPN 2.5.7 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Oct 26 2022
Jan 24 08:01:01 pfSense openvpn[61036]: library versions: OpenSSL 1.1.1q-freebsd  5 Jul 2022, LZO 2.10
Jan 24 08:01:01 pfSense openvpn[61036]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 24 08:01:01 pfSense openvpn[61036]: OpenSSL: error:0909006C:PEM routines:get_name:no start line
Jan 24 08:01:01 pfSense openvpn[61036]: OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Jan 24 08:01:01 pfSense openvpn[61036]: Cannot load certificate file /var/etc/openvpn/server1/cert
Jan 24 08:01:01 pfSense openvpn[61036]: Exiting due to fatal error

Any idea how to force the cert to be regenerated?

stephenw10

Make sure the cert exists in the cert manager (System > Cert Manager). If not create a new one there and then edit the OpenVPN instance to use it.

yuryk

That worked. For some reason, when I initially told the setup to create a new certificate, it just created a private key and not the certificate. Jan 24 build however worked!