upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui



  • I upgraded my backup pfsense device to 2.4.4. Everything appeared to have gone ok in the webui then all the sudden I couldn't get to it. The device is up and I can SSH to it from the LAN, but the WAN seems to not be working even though em0 is plumbed and up with the IP. I see this error in /var/log/system.log

    Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: Resyncing OpenVPN instances.
    Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
    Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: New alert found: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
    Nov  8 21:05:00 pfsense-vpn-02 kernel: Starting CRON... done.
    Nov  8 21:05:00 pfsense-vpn-02 php-fpm[395]: /rc.start_packages: Restarting/Starting all packages.
    

    I've rebooted and that didn't help things. I can't do a pfSense-upgrade from the command line because I have no WAN connectivity. Any ideas?


  • Rebel Alliance Developer Netgate

    Looks like it's having some sort of problem parsing the CRL entries on your OpenVPN server, which caused PHP to stop processing the rest of the bootup sequence.

    Does it show you the console menu? If so, run option 16 and then 11, see if you can get to the GUI. If so, check the CRL entries and see if anything looks amiss (maybe you made a CRL for a CA you don't actually have the private key for?), maybe remove the CRLs from OpenVPN servers and reboot to see if the problem goes away.



  • Thanks for the reply, jimp. I'll try those options. Thanks.



  • Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.


  • Rebel Alliance Developer Netgate

    @rentul_netgate said in upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui:

    Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.

    Is this an SG-3100 or SG-1000, by chance?



  • Neither. It's a VM running on vSphere 6.x.