Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    9 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rentul_netgate
      last edited by

      I upgraded my backup pfsense device to 2.4.4. Everything appeared to have gone ok in the webui then all the sudden I couldn't get to it. The device is up and I can SSH to it from the LAN, but the WAN seems to not be working even though em0 is plumbed and up with the IP. I see this error in /var/log/system.log

      Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: Resyncing OpenVPN instances.
      Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
      Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: New alert found: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
      Nov  8 21:05:00 pfsense-vpn-02 kernel: Starting CRON... done.
      Nov  8 21:05:00 pfsense-vpn-02 php-fpm[395]: /rc.start_packages: Restarting/Starting all packages.
      

      I've rebooted and that didn't help things. I can't do a pfSense-upgrade from the command line because I have no WAN connectivity. Any ideas?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Looks like it's having some sort of problem parsing the CRL entries on your OpenVPN server, which caused PHP to stop processing the rest of the bootup sequence.

        Does it show you the console menu? If so, run option 16 and then 11, see if you can get to the GUI. If so, check the CRL entries and see if anything looks amiss (maybe you made a CRL for a CA you don't actually have the private key for?), maybe remove the CRLs from OpenVPN servers and reboot to see if the problem goes away.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rentul_netgate
          last edited by

          Thanks for the reply, jimp. I'll try those options. Thanks.

          1 Reply Last reply Reply Quote 0
          • R
            rentul_netgate
            last edited by

            Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.

            jimpJ 1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate @rentul_netgate
              last edited by

              @rentul_netgate said in upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui:

              Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.

              Is this an SG-3100 or SG-1000, by chance?

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • R
                rentul_netgate
                last edited by

                Neither. It's a VM running on vSphere 6.x.

                1 Reply Last reply Reply Quote 0
                • F
                  f3dR
                  last edited by

                  Hi All,

                  I'm new to this portal (but not new to pfSense). I started "playing" with pfSense at work and I was so enthusiastic about it that I bought a SG-1000 for my home. Today I had the bad idea of upgrading from version 2.4.3-p1 to 2.4.4 and guess what...the filesystem is now broken as I'm getting errors on php (due to the php7.2 changes) and it looks the pfSense can not load several kernel modules. I've done a backup before the upgrade but I can't of course use it.

                  I don't remember if I've activated the gold subscription and I'm now kind of lost. At this point, reading about all the numerous problems that the pfSense 2.4.4 is having, I'd like reinstalling the 2.4.3-p1 firmware version from scratch. I also use the pfBlockerNG package.

                  It would be great if anyone from Netgate could give me an advise, please, on where I can download the 2.4.3-p1 image.

                  Many thanks in advance!

                  GrimsonG 1 Reply Last reply Reply Quote 0
                  • GrimsonG
                    Grimson Banned @f3dR
                    last edited by

                    @f3dr
                    https://forum.netgate.com/topic/135395/where-to-download-old-versions/5
                    https://forum.netgate.com/topic/137600/how-to-install-pfblockerng-if-you-don-t-want-to-upgrade-to-pfsense-v2-4-4/2

                    Next time don't be lazy and search yourself.

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      f3dR @Grimson
                      last edited by

                      @grimson said in upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui:

                      @f3dr
                      https://forum.netgate.com/topic/135395/where-to-download-old-versions/5
                      I've read that post and probably missed that bit, sorry.

                      https://forum.netgate.com/topic/137600/how-to-install-pfblockerng-if-you-don-t-want-to-upgrade-to-pfsense-v2-4-4/2
                      Totally missed that as I was just focused on fixing the broken firmware first. Thank you anyway!

                      Next time don't be lazy and search yourself.
                      I think I've not been lazy, just searched in the wrong places. I will try to improve my research next time and I will check all the possible problems before attempting the update! Thanks

                      Thanks for your help @grimson

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.