[SOLVED] pfBlockerNG - Reloading unbound fails

BBcan177 · Sep 29, 2016, 4:37 PM

Enable "Suppression" in the pfBlockerNG General Tab, then run a "Force Reload - All" and see if that fixes it for you…

Does this command execute ok?

unbound-control -c /var/unbound/unbound.conf status

fpv · Sep 29, 2016, 5:30 PM

Enabled suppression and tried again, still the same.

And no, the command does not execute OK:

error: Error setting up SSL_CTX client key and cert
34386131464:error:0200100D:system library:fopen:Permission denied:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:398:fopen('/var/unbound/unbound_control.pem','r')
34386131464:error:20074002:BIO routines:FILE_CTRL:system lib:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:400:
34386131464:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:687:

BBcan177 · Sep 29, 2016, 4:49 PM

Something is wrong with the Resolver installation… Leave DNSBL disabled for now, and post in the DHCP/DNS section to see how to fix that issue with the base software...

Make sure to post what version of pfSense you are using. Or maybe try a fresh install and copy back you current config?

Once you have the Resolver functional, then re-enable DNSBL...

fpv · Sep 29, 2016, 5:30 PM

All right, thanks for your help.

One more thing: When I ran the unbound-control command just then I was NOT logged in as admin/root, but as another user who I thought had the same rights, which does not seem to be true. Running as root gives me

unbound-control -c /var/unbound/unbound.conf status
error: SSL handshake failed
34386131464:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:

fpv · Sep 30, 2016, 8:30 AM

I don't know how, but a reboot seems to have fixed it. unbound doesn't throw any errors, and DNSBL work as they should.

Coornail · May 11, 2017, 9:49 AM

I had the same problem, restart didn't work for me.

What did help is that I disabled EasyPrivacy in DNSBL EasyList.

Not sure why this happened exactly, but maybe it will help people out who find this topic.

lmannyr · Feb 12, 2018, 4:19 AM

I had this same Error: Reloading Unbound… Failed to Reload... Restoring previous database.... Not completed.

Disabling EasyPrivacy in DNSBL EasyList also worked for me.

Using PFSense 2.4.2 p1 latest release

Superluminar · Jul 7, 2018, 5:04 PM

I had the same issues and found another solution:

Sometimes the certificates generated by ubound are not valid (by time/date/etc.).

Solution: delete all certificates from ubound in the folder /var/ubound/ - than restart pfsense/ubound.

noplan · Dec 30, 2018, 4:10 PM

same here,
after deleting

unbound_control.key
unbound_control.pem
unbound_server.key
unbound_server.pem

reboot everything worked no error in

unbound-control -c /var/unbound/unbound.conf status

alearero · Apr 24, 2020, 8:40 PM

@noplan said in [SOLVED] pfBlockerNG - Reloading unbound fails:

unbound-control -c /var/unbound/unbound.conf status

Hello, I am a beginner in pfsense, please can you tell me what are the commands to delete these files? or is there an interface to remove them?

alearero · Apr 24, 2020, 8:44 PM

@Superluminar

Hello, I am a beginner in pfsense, please can you tell me what are the commands to delete these files? or is there an interface to remove them?

noplan · Apr 24, 2020, 8:46 PM

rm unbound_control.key

be aware ! and understand what you are doing.

brNp

alearero · Apr 25, 2020, 2:42 AM

@noplan

It worked for me, thanks everyone.

noplan · Apr 25, 2020, 6:47 AM

cool thing !
have fun & stay safe nP

juanzelli · Jan 8, 2023, 4:17 PM

@noplan Many thanks. Removing those files (dated 1969) and restarting the Unbound service worked for me