Missing algorithms



  • I have a box where all the options in the drop down for algorithms are missing and None is the only option. I thought I saw another thread with the same issue a while back, but I cannot find it. Is this a known bug?

    It’s an i5 running 2.4.3

    The OpenVPN server that is already configured is working with AES, but I don’t want to make a needed change because I can’t select the algorithms I had previously selected.



  • @coreybrett said in Missing algorithms:

    e a box where all the options in the drop down for algorithms are missing and None is the only option. I thought I saw another thread with the same issue a while back, but I cannot find it. Is this a known bug?

    What list ? Where ?

    @coreybrett said in Missing algorithms:

    It’s an i5 running 2.4.3

    Among others, OpenVPN was updated - 2.4.3 is no more, 2.4.4 works just fine ;)



  • The missing options are in the OpenVPN server config for an existing (working) tunnel.

    I don't want to upgrade to 2.4.4 until the first maintenance release comes out.

    I may just have to wait on the change I need to make to the tunnel until that happens.

    alt text


  • Rebel Alliance Developer Netgate

    You probably updated the OpenVPN client export package which pulled in the copy from 2.4.4, which broke that drop-down.

    The box is populated by the output from an OpenVPN command, and either the output is a different format or the binary is failing to run. You can verify that by checking the output of this command:

    /usr/local/sbin/openvpn --show-ciphers
    


  • @jimp said in Missing algorithms:

    /usr/local/sbin/openvpn --show-ciphers

    Shared object "libdl.so.1" not found, required by "openvpn"
    

  • Rebel Alliance Global Moderator

    Another user updating package without updating to 2.4.4 it seems.. This just came up the other day - same exact question.


  • Rebel Alliance Developer Netgate

    Upgrade to 2.4.4. At this point, it's your only viable path forward in-place.



  • Would be nice if packages had "dependencies" on pfS release levels to prevent this type of situation.


  • Rebel Alliance Global Moderator

    Guns should have a feature to not allow the user to shoot themselves in the foot as well ;)



  • That would be an excellent feature! With modern image processing tech, not at all impossible.


  • Rebel Alliance Global Moderator

    hehehe - agreed ;)

    Idioting proofing and keeping users from shooting themselves are always good features to implement when time and money and the effort warrants I think everyone will agree.. Over the years they have implemented such features in many other areas already..

    II do believe they put in something already to try and stop the users from shooting themselves around the php upgrade already some packages kill. But the openvpn has not been on high priority list to idiot proof since it doesn't cause as big a blowup as when the php stuff blows up.

    But have seen users blow up their linux and bsd installs as well by installing packages... Its not something limited to pfsense that is for sure..

    You can put in all the features you want - and users still find a way to dick up their installs ;) hehehe



  • To put that in perspective, Red Hat package manager (YUM) has been doing dependency quite well for years, so the algorithm for this has already been solved. Agreed that writing the code for pfSense will require precious developer time....


  • Rebel Alliance Global Moderator

    YUM blows up all the time ;) and while repository mangers like yum and apt don't prevent the users from shooting themselves in the foot and running into dependency hell.

    They have attempted to stop most of this by making it harder to install your own packages and stuff - but users still do it.

    Pfsense uses apt and use special pfsense repository... Sure they are or will be looking into locking it down to specific version repositories.. Where if package and or any of its dependencies require upstream version of anything the package will not be presented to the current installed version of package manager, etc.