Cannot access Unbound Remote Control



  • I'm trying to pull stats from Unbound, but am unable to access it's remote control, I receive the following error with the command "/usr/local/sbin/unbound-control -s 127.0.0.1:953 stats_noreset":

    unbound-control[3529:0] warning: control-enable is 'no' in the config file.
    error: Error setting up SSL_CTX client key and cert
    34391425992:error:02001002:system library:fopen:No such file or directory:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/bio/bss_file.c:406:fopen('/usr/local/etc/unbound/unbound_control.pem','r')
    
    

    I have the following in the config (/var/unbound/unbound.conf which includes /var/unbound/remoteaccess.conf):

    remote-control:
            control-enable: yes
            control-interface: 127.0.0.1
            control-port: 953
            server-key-file: "/var/unbound/unbound_server.key"                                        
            server-cert-file: "/var/unbound/unbound_server.pem"                                       
            control-key-file: "/var/unbound/unbound_control.key"                                      
            control-cert-file: "/var/unbound/unbound_control.pem"
    

    Control is definitely enabled, why am I getting that error? Unbound seems to be trying to reference the cert that is mentioned in the /usr/local/sbin/unbound/unbound.conf file (which is entire commented out), not the one in the config file that pfsense seems to have it using.

    Is Unbound using a different config from somewhere else? Is there a different unbound-control I should be using? How can I resolve this?


  • Rebel Alliance Developer Netgate

    You need to pass it the full path to the config file.

    $ unbound-control -c /var/unbound/unbound.conf stats_noreset