[SOLVED] pfBlockerNG - Reloading unbound fails
-
Thanks for getting back so quickly. DNSSEC was enabled, forwarding was not. I disabled DNSSEC, restarted unbound and tried again, but the messages remain the same on both fronts.
-
Enable "Suppression" in the pfBlockerNG General Tab, then run a "Force Reload - All" and see if that fixes it for you…
Does this command execute ok?
unbound-control -c /var/unbound/unbound.conf status -
Enabled suppression and tried again, still the same.
And no, the command does not execute OK:
error: Error setting up SSL_CTX client key and cert 34386131464:error:0200100D:system library:fopen:Permission denied:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:398:fopen('/var/unbound/unbound_control.pem','r') 34386131464:error:20074002:BIO routines:FILE_CTRL:system lib:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:400: 34386131464:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:687: -
Something is wrong with the Resolver installation… Leave DNSBL disabled for now, and post in the DHCP/DNS section to see how to fix that issue with the base software...
Make sure to post what version of pfSense you are using. Or maybe try a fresh install and copy back you current config?
Once you have the Resolver functional, then re-enable DNSBL...
-
All right, thanks for your help.
One more thing: When I ran the unbound-control command just then I was NOT logged in as admin/root, but as another user who I thought had the same rights, which does not seem to be true. Running as root gives me
unbound-control -c /var/unbound/unbound.conf status error: SSL handshake failed 34386131464:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: -
I don't know how, but a reboot seems to have fixed it. unbound doesn't throw any errors, and DNSBL work as they should.
-
I had the same problem, restart didn't work for me.
What did help is that I disabled EasyPrivacy in DNSBL EasyList.
Not sure why this happened exactly, but maybe it will help people out who find this topic.
-
I had this same Error: Reloading Unbound… Failed to Reload... Restoring previous database.... Not completed.
Disabling EasyPrivacy in DNSBL EasyList also worked for me.
Using PFSense 2.4.2 p1 latest release
-
I had the same issues and found another solution:
Sometimes the certificates generated by ubound are not valid (by time/date/etc.).
Solution: delete all certificates from ubound in the folder /var/ubound/ - than restart pfsense/ubound.
-
same here,
after deletingunbound_control.key
unbound_control.pem
unbound_server.key
unbound_server.pemreboot everything worked no error in
unbound-control -c /var/unbound/unbound.conf status
-
@noplan said in [SOLVED] pfBlockerNG - Reloading unbound fails:
unbound-control -c /var/unbound/unbound.conf status
Hello, I am a beginner in pfsense, please can you tell me what are the commands to delete these files? or is there an interface to remove them?
-
Hello, I am a beginner in pfsense, please can you tell me what are the commands to delete these files? or is there an interface to remove them?
-
rm unbound_control.keybe aware ! and understand what you are doing.
brNp
-
-
cool thing !
have fun & stay safe nP -
@noplan Many thanks. Removing those files (dated 1969) and restarting the Unbound service worked for me
