upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui



  • I upgraded my backup pfsense device to 2.4.4. Everything appeared to have gone ok in the webui then all the sudden I couldn't get to it. The device is up and I can SSH to it from the LAN, but the WAN seems to not be working even though em0 is plumbed and up with the IP. I see this error in /var/log/system.log

    Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: Resyncing OpenVPN instances.
    Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
    Nov  8 21:05:00 pfsense-vpn-02 php-cgi: rc.bootup: New alert found: PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: #0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') #1 /etc/inc/certs.inc(975): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, false, false) #2 /etc/inc/openvpn.inc(1181): crl_update(Array) #3 /etc/inc/openvpn.inc(1320): openvpn_reconfigure('server', Array) #4 /etc/inc/openvpn.inc(1543): openvpn_restart('server', Array) #5 /etc/inc/openvpn.inc(1583): openvpn_resync('server', Array) #6 /etc/rc.bootup(224): openvpn_resync_all() #7 {main}   thrown
    Nov  8 21:05:00 pfsense-vpn-02 kernel: Starting CRON... done.
    Nov  8 21:05:00 pfsense-vpn-02 php-fpm[395]: /rc.start_packages: Restarting/Starting all packages.
    

    I've rebooted and that didn't help things. I can't do a pfSense-upgrade from the command line because I have no WAN connectivity. Any ideas?


  • Rebel Alliance Developer Netgate

    Looks like it's having some sort of problem parsing the CRL entries on your OpenVPN server, which caused PHP to stop processing the rest of the bootup sequence.

    Does it show you the console menu? If so, run option 16 and then 11, see if you can get to the GUI. If so, check the CRL entries and see if anything looks amiss (maybe you made a CRL for a CA you don't actually have the private key for?), maybe remove the CRLs from OpenVPN servers and reboot to see if the problem goes away.



  • Thanks for the reply, jimp. I'll try those options. Thanks.



  • Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.


  • Rebel Alliance Developer Netgate

    @rentul_netgate said in upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui:

    Running options 16 and then 11 got the WebUI back so that's great, thanks you. However, now I cannot authenticate against the OpenVPN setup on the system.

    Is this an SG-3100 or SG-1000, by chance?



  • Neither. It's a VM running on vSphere 6.x.



  • Hi All,

    I'm new to this portal (but not new to pfSense). I started "playing" with pfSense at work and I was so enthusiastic about it that I bought a SG-1000 for my home. Today I had the bad idea of upgrading from version 2.4.3-p1 to 2.4.4 and guess what...the filesystem is now broken as I'm getting errors on php (due to the php7.2 changes) and it looks the pfSense can not load several kernel modules. I've done a backup before the upgrade but I can't of course use it.

    I don't remember if I've activated the gold subscription and I'm now kind of lost. At this point, reading about all the numerous problems that the pfSense 2.4.4 is having, I'd like reinstalling the 2.4.3-p1 firmware version from scratch. I also use the pfBlockerNG package.

    It would be great if anyone from Netgate could give me an advise, please, on where I can download the 2.4.3-p1 image.

    Many thanks in advance!





  • @grimson said in upgrade from 2.4.3 to 2.4.4 failed. no wan and no webui:

    @f3dr
    https://forum.netgate.com/topic/135395/where-to-download-old-versions/5
    I've read that post and probably missed that bit, sorry.

    https://forum.netgate.com/topic/137600/how-to-install-pfblockerng-if-you-don-t-want-to-upgrade-to-pfsense-v2-4-4/2
    Totally missed that as I was just focused on fixing the broken firmware first. Thank you anyway!

    Next time don't be lazy and search yourself.
    I think I've not been lazy, just searched in the wrong places. I will try to improve my research next time and I will check all the possible problems before attempting the update! Thanks

    Thanks for your help @grimson