upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui

rentul_netgate

I upgraded my backup pfsense device to 2.4.4. Everything appeared to have gone ok in the webui then all the sudden I couldn't get to it. The device is up and I can SSH to it from the LAN, but the WAN seems to not be working even though em0 is plumbed and up with the IP. I see this error in /var/log/system.log

Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: Resyncing OpenVPN instances.
Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: New alert found: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
Nov  8 21:05:00 pfsense-vpn-02 kernel: Starting CRON... done.
Nov  8 21:05:00 pfsense-vpn-02 php-fpm[395]: /rc.start_packages: Restarting/Starting all packages.

I've rebooted and that didn't help things. I can't do a pfSense-upgrade from the command line because I have no WAN connectivity. Any ideas?

jimp

Looks like it's having some sort of problem parsing the CRL entries on your OpenVPN server, which caused PHP to stop processing the rest of the bootup sequence.

Does it show you the console menu? If so, run option 16 and then 11, see if you can get to the GUI. If so, check the CRL entries and see if anything looks amiss (maybe you made a CRL for a CA you don't actually have the private key for?), maybe remove the CRLs from OpenVPN servers and reboot to see if the problem goes away.

rentul_netgate

Thanks for the reply, jimp. I'll try those options. Thanks.

rentul_netgate

Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.

jimp

@rentul_netgate said in upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui:

Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.

Is this an SG-3100 or SG-1000, by chance?

rentul_netgate

Neither. It's a VM running on vSphere 6.x.