Error launching monitoring using UI

yuryk

@stephenw10
no, I don't have anything, other then basic server, configured at this time. No clients and no custom overrides.

stephenw10

Hmm. And, just to be clear, you are no longer seeing it after adding the server?
Are you able to test removing the server? I expect it to still work in that situation. Errors like that are almost always because nothing has ever been configured.

jimp

I see quite a few places in the code on that page where it could have issues with PHP 8.1, though I haven't managed to replicate any errors yet here either.

jimp

https://redmine.pfsense.org/issues/13892

I have an update pushed which should take care of any potential PHP 8.1 issues I could find in the code. It should start showing up in builds tomorrow.

yuryk

@stephenw10
If I remove the instance of the server, I get my error back:

PHP ERROR: Type: 1, File: /usr/local/www/status_monitoring.php, Line: 287, Message: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/status_monitoring.php:287
Stack trace:
#0 {main}
thrown @ 2023-01-23 12:43:33

stephenw10

Ah, interesting. Well now you can try the above commit via the System Patches package if you wish. or just wait for the next snapshot.

yuryk

@stephenw10
great, thank you very much @stephenw10 and @jimp!
I will install a new snapshot in the morning and report the result.

yuryk

@jimp and @stephenw10 - you are the best!

The original Monitoring error issue is gone - tested with and without the OpenVPN server being defined.
Now I'm faced with another issue - OpenVPN service fails to start. Tried nuking and re-creating the server as UDP only and as TCP only, made sure the firewall rules have been created. No dice.

The only thing that makes mike installation different from "vanila" is dual gateway setup, but that should be completely transparent, no?

stephenw10

Indeed, dual gateway shouldn't make any difference.

Do you see errors in the system or openvpn logs?

yuryk

Ok, so the issue seems to be an empty cert file:

Jan 24 08:01:01 pfSense openvpn[61036]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Jan 24 08:01:01 pfSense openvpn[61036]: OpenVPN 2.5.7 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Oct 26 2022
Jan 24 08:01:01 pfSense openvpn[61036]: library versions: OpenSSL 1.1.1q-freebsd  5 Jul 2022, LZO 2.10
Jan 24 08:01:01 pfSense openvpn[61036]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 24 08:01:01 pfSense openvpn[61036]: OpenSSL: error:0909006C:PEM routines:get_name:no start line
Jan 24 08:01:01 pfSense openvpn[61036]: OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Jan 24 08:01:01 pfSense openvpn[61036]: Cannot load certificate file /var/etc/openvpn/server1/cert
Jan 24 08:01:01 pfSense openvpn[61036]: Exiting due to fatal error

Any idea how to force the cert to be regenerated?

stephenw10

Make sure the cert exists in the cert manager (System > Cert Manager). If not create a new one there and then edit the OpenVPN instance to use it.

yuryk

That worked. For some reason, when I initially told the setup to create a new certificate, it just created a private key and not the certificate. Jan 24 build however worked!