Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED][2.4.5]OpenVPN\Certificate Creation SSL Errors

    Scheduled Pinned Locked Moved OpenVPN
    27 Posts 3 Posters 933 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pando85
      last edited by pando85

      I updated to 2.4.5 and certificate creation stops working.

      I tried the most simple certificate and with two difference CAs and it does not work.

      The error that promps is:

      The following input errors were detected:
      
          openssl library returns: error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid null name
          openssl library returns: error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string
          openssl library returns: error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension
      

      My input data is:

      {
          "Form data": {
              "__csrf_magic": "sid:13cb8bee108212129f2258e12819c5db54d27781,1585755451",
              "method": "internal",
              "descr": "test",
              "catosignwith": "58fc608148129",
              "csrtosign": "new",
              "csrpaste": "",
              "keypaste": "",
              "csrsign_digest_alg": "sha256",
              "cert": "",
              "key": "",
              "caref": "5d8cf5f82dd7c",
              "keylen": "2048",
              "digest_alg": "sha256",
              "lifetime": "3",
              "dn_commonname": "test",
              "dn_country": "ES",
              "dn_state": "Madrid",
              "dn_city": "Madrid",
              "dn_organization": "Fake",
              "dn_organizationalunit": "Fake",
              "csr_keylen": "2048",
              "csr_digest_alg": "sha256",
              "csr_dn_commonname": "",
              "csr_dn_country": "",
              "csr_dn_state": "",
              "csr_dn_city": "",
              "csr_dn_organization": "",
              "csr_dn_organizationalunit": "",
              "certref": "58fc6081c5fd9",
              "type": "user",
              "altname_type0": "DNS",
              "altname_value0": "test2",
              "save": "Save"
          }
      }
      
      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        I used the same parameters here for a test certificate on 2.4.5 and it worked. There must be something else in your setup or environment contributing to the problem.

        Check your openssl.conf file, it may be invalid in some way:

        $ sha256 /etc/ssl/openssl.cnf
        SHA256 (/etc/ssl/openssl.cnf) = ed2a326c7740867385d6bf504a4a412cabf1c85771584f96de9d0f5b1d353082
        

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          pando85 @jimp
          last edited by pando85

          @jimp It is the same file:

          #sha256 /etc/ssl/openssl.cnf 
          SHA256 (/etc/ssl/openssl.cnf) = ed2a326c7740867385d6bf504a4a412cabf1c85771584f96de9d0f5b1d353082
          
          #openssl version
          OpenSSL 1.0.2u-freebsd  20 Dec 2019
          

          I tried creating a new CA and new silly cert, and CAs creation is working but internal certs always send same error.

          Thanks for your help.

          1 Reply Last reply Reply Quote 0
          • P Offline
            pando85
            last edited by

            Same problem with Create a Certificate Signing Requests.

            1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              Have you manually changed anything in, for example, /etc/inc/globals.inc like the product name? That might also make it fail in various ways.

              I don't see why it would allow you to create a CA but fail on a certificate unless it isn't locating the right openssl config or there is something else wrong in your input. For example, mixing the wrong SAN type and value could result in that kind of error. But when I tried the input you posted above, it worked fine for me.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              P 1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator
                last edited by

                @pando85 said in [2.4.5]OpenVPN\Certificate Creation SSL Errors:

                "altname_value0": "test2",

                That should be a fqdn, not sure if that would cause an issue. If jimp says it worked, then prob ok... But its not actually going to be worth anything.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                jimpJ 1 Reply Last reply Reply Quote 0
                • jimpJ Offline
                  jimp Rebel Alliance Developer Netgate @johnpoz
                  last edited by

                  @johnpoz said in [2.4.5]OpenVPN\Certificate Creation SSL Errors:

                  @pando85 said in [2.4.5]OpenVPN\Certificate Creation SSL Errors:

                  "altname_value0": "test2",

                  That should be a fqdn, not sure if that would cause an issue. If jimp says it worked, then prob ok... But its not actually going to be worth anything.

                  "altname_type0": "DNS",

                  That is "FQDN or Hostname" so it should be OK. And it works fine for me.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Online
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    putting just a hostname and not a fqdn for dns, is pretty freaking useless ;) should be test2.something.tld

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • jimpJ Offline
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      That field is also commonly used for usernames which are effectively the same as hostnames (no domain) so not useless.

                      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Online
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        @pando85 said in [2.4.5]OpenVPN\Certificate Creation SSL Errors:

                        "dn_commonname": "test",

                        So setting CN to test, and then san of test2, where the CN will be ignored seems like a pretty borked setup to me. Not saying you can't create a cert with that info - but why.. seems pointless!

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                        1 Reply Last reply Reply Quote 0
                        • jimpJ Offline
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          The CN is always added as a SAN no matter what you put in the SAN list.

                          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ Online
                            johnpoz LAYER 8 Global Moderator
                            last edited by johnpoz

                            valid point :) But I just don't see why you would use single label like that..

                            OH - didn't notice this is a user cert, not a server cert.

                            I just created a user cert with those values as well - no problems on 2.4.5

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                            1 Reply Last reply Reply Quote 0
                            • P Offline
                              pando85 @jimp
                              last edited by

                              @jimp said in [2.4.5]OpenVPN\Certificate Creation SSL Errors:

                              /etc/inc/globals.inc
                              I didn't modify anything manually (Since I remember I didn't do that but it could be). This is my sha256.

                              #sha256 /etc/inc/globals.inc
                              SHA256 (/etc/inc/globals.inc) = 2563166d23fef463d3a4a47571726aff0a3de98ceb38c55ec520eb3ca901101c
                              

                              I think that it happens when I update to 2.4.5 but I was like various months without create new certificates so I dunno when happen.

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ Online
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                That is different than mine

                                [2.4.5-RELEASE][admin@sg4860.local.lan]/: sha256 /etc/inc/globals.inc 
                                SHA256 (/etc/inc/globals.inc) = 93cd34ef3e9cc2e00e86888dadb1275cda9e7b5874539405ee726c0a4262e020
                                

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                1 Reply Last reply Reply Quote 0
                                • jimpJ Offline
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by

                                  That looks right, too.

                                  Still odd that it makes a CA but not a cert since the code is pretty much the same on the backend.

                                  Do you have more than one firewall? Can you replicate it anywhere else?

                                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  P 1 Reply Last reply Reply Quote 0
                                  • jimpJ Offline
                                    jimp Rebel Alliance Developer Netgate
                                    last edited by

                                    His matches mine (which is CE on the one I checked):

                                    : sha256 /etc/inc/globals.inc
                                    SHA256 (/etc/inc/globals.inc) = 2563166d23fef463d3a4a47571726aff0a3de98ceb38c55ec520eb3ca901101c
                                    

                                    Factory (Netgate hardware) would differ slightly.

                                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                    Need help fast? Netgate Global Support!

                                    Do not Chat/PM for help!

                                    1 Reply Last reply Reply Quote 0
                                    • johnpozJ Online
                                      johnpoz LAYER 8 Global Moderator
                                      last edited by

                                      Yeah mine is a factory, on a 4860

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                      1 Reply Last reply Reply Quote 0
                                      • jimpJ Offline
                                        jimp Rebel Alliance Developer Netgate
                                        last edited by

                                        Also if you get a chance to reboot it, watch the console and system logs for errors there.

                                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                        Need help fast? Netgate Global Support!

                                        Do not Chat/PM for help!

                                        1 Reply Last reply Reply Quote 0
                                        • P Offline
                                          pando85 @jimp
                                          last edited by

                                          @jimp I have just one firewall.
                                          This is my log, I don't see anything weird.

                                          Apr  2 21:02:00 pfsense syslogd: kernel boot file is /boot/kernel/kernel
                                          Apr  2 21:02:00 pfsense kernel: Copyright (c) 1992-2020 The FreeBSD Project.
                                          Apr  2 21:02:00 pfsense kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
                                          Apr  2 21:02:00 pfsense kernel: 	The Regents of the University of California. All rights reserved.
                                          Apr  2 21:02:00 pfsense kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
                                          Apr  2 21:02:00 pfsense kernel: FreeBSD 11.3-STABLE #236 21cbb70bbd1(RELENG_2_4_5): Tue Mar 24 15:26:53 EDT 2020
                                          Apr  2 21:02:00 pfsense kernel:     root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-245/obj/amd64/YNx4Qq3j/build/ce-crossbuild-245/sources/FreeBSD-src/sys/pfSense amd64
                                          Apr  2 21:02:00 pfsense kernel: FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
                                          Apr  2 21:02:00 pfsense kernel: VT(vga): resolution 640x480
                                          Apr  2 21:02:00 pfsense kernel: CPU: AMD GX-412TC SOC                                (998.15-MHz K8-class CPU)
                                          Apr  2 21:02:00 pfsense kernel:   Origin="AuthenticAMD"  Id=0x730f01  Family=0x16  Model=0x30  Stepping=1
                                          Apr  2 21:02:00 pfsense kernel:   Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
                                          Apr  2 21:02:00 pfsense kernel:   Features2=0x3ed8220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C>
                                          Apr  2 21:02:00 pfsense kernel:   AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
                                          Apr  2 21:02:00 pfsense kernel:   AMD Features2=0x1d4037ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,Topology,PNXC,DBE,PTSC,PL2I>
                                          Apr  2 21:02:00 pfsense kernel:   Structured Extended Features=0x8<BMI1>
                                          Apr  2 21:02:00 pfsense kernel:   XSAVE Features=0x1<XSAVEOPT>
                                          Apr  2 21:02:00 pfsense kernel:   SVM: NP,NRIP,AFlush,DAssist,NAsids=8
                                          Apr  2 21:02:00 pfsense kernel:   TSC: P-state invariant, performance statistics
                                          Apr  2 21:02:00 pfsense kernel: real memory  = 4815060992 (4592 MB)
                                          Apr  2 21:02:00 pfsense kernel: avail memory = 4069310464 (3880 MB)
                                          Apr  2 21:02:00 pfsense kernel: Event timer "LAPIC" quality 600
                                          Apr  2 21:02:00 pfsense kernel: ACPI APIC Table: <CORE   COREBOOT>
                                          Apr  2 21:02:00 pfsense kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
                                          Apr  2 21:02:00 pfsense kernel: FreeBSD/SMP: 1 package(s) x 4 core(s)
                                          Apr  2 21:02:00 pfsense kernel: ioapic1: Changing APIC ID to 5
                                          Apr  2 21:02:00 pfsense kernel: ioapic0 <Version 2.1> irqs 0-23 on motherboard
                                          Apr  2 21:02:00 pfsense kernel: ioapic1 <Version 2.1> irqs 24-55 on motherboard
                                          Apr  2 21:02:00 pfsense kernel: SMP: AP CPU #3 Launched!
                                          Apr  2 21:02:00 pfsense kernel: SMP: AP CPU #1 Launched!
                                          Apr  2 21:02:00 pfsense kernel: SMP: AP CPU #2 Launched!
                                          Apr  2 21:02:00 pfsense kernel: Timecounter "TSC" frequency 998147829 Hz quality 1000
                                          Apr  2 21:02:00 pfsense kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
                                          Apr  2 21:02:00 pfsense kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff806a1f20, 0) error 1
                                          Apr  2 21:02:00 pfsense kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
                                          Apr  2 21:02:00 pfsense kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff806a1fd0, 0) error 1
                                          Apr  2 21:02:00 pfsense kernel: random: entropy device external interface
                                          Apr  2 21:02:00 pfsense kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
                                          Apr  2 21:02:00 pfsense kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff806a2080, 0) error 1
                                          Apr  2 21:02:00 pfsense kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
                                          Apr  2 21:02:00 pfsense kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff806c9140, 0) error 1
                                          Apr  2 21:02:00 pfsense kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
                                          Apr  2 21:02:00 pfsense kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff806c91f0, 0) error 1
                                          Apr  2 21:02:00 pfsense kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
                                          Apr  2 21:02:00 pfsense kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff806c92a0, 0) error 1
                                          Apr  2 21:02:00 pfsense kernel: wlan: mac acl policy registered
                                          Apr  2 21:02:00 pfsense kernel: kbd0 at kbdmux0
                                          Apr  2 21:02:00 pfsense kernel: 000.000022 [4213] netmap_init               netmap: loaded module
                                          Apr  2 21:02:00 pfsense kernel: module_register_init: MOD_LOAD (vesa, 0xffffffff812c9960, 0) error 19
                                          Apr  2 21:02:00 pfsense kernel: mlx5en: Mellanox Ethernet driver 3.5.2 (September 2019)
                                          Apr  2 21:02:00 pfsense kernel: nexus0
                                          Apr  2 21:02:00 pfsense kernel: vtvga0: <VT VGA driver> on motherboard
                                          Apr  2 21:02:00 pfsense kernel: cryptosoft0: <software crypto> on motherboard
                                          Apr  2 21:02:00 pfsense kernel: padlock0: No ACE support.
                                          Apr  2 21:02:00 pfsense kernel: acpi0: <CORE COREBOOT> on motherboard
                                          Apr  2 21:02:00 pfsense kernel: acpi0: Power Button (fixed)
                                          Apr  2 21:02:00 pfsense kernel: cpu0: <ACPI CPU> on acpi0
                                          Apr  2 21:02:00 pfsense kernel: cpu1: <ACPI CPU> on acpi0
                                          Apr  2 21:02:00 pfsense kernel: cpu2: <ACPI CPU> on acpi0
                                          Apr  2 21:02:00 pfsense kernel: cpu3: <ACPI CPU> on acpi0
                                          Apr  2 21:02:00 pfsense kernel: atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
                                          Apr  2 21:02:00 pfsense kernel: atrtc0: registered as a time-of-day clock, resolution 1.000000s
                                          Apr  2 21:02:00 pfsense kernel: Event timer "RTC" frequency 32768 Hz quality 0
                                          Apr  2 21:02:00 pfsense kernel: attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
                                          Apr  2 21:02:00 pfsense kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
                                          Apr  2 21:02:00 pfsense kernel: Event timer "i8254" frequency 1193182 Hz quality 100
                                          Apr  2 21:02:00 pfsense kernel: Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
                                          Apr  2 21:02:00 pfsense kernel: acpi_timer0: <32-bit timer at 3.579545MHz> port 0x818-0x81b on acpi0
                                          Apr  2 21:02:00 pfsense kernel: hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
                                          Apr  2 21:02:00 pfsense kernel: Timecounter "HPET" frequency 14318180 Hz quality 950
                                          Apr  2 21:02:00 pfsense kernel: acpi_button0: <Power Button> on acpi0
                                          Apr  2 21:02:00 pfsense kernel: pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
                                          Apr  2 21:02:00 pfsense kernel: pci0: <ACPI PCI bus> on pcib0
                                          Apr  2 21:02:00 pfsense kernel: pcib1: <ACPI PCI-PCI bridge> at device 2.2 on pci0
                                          Apr  2 21:02:00 pfsense kernel: pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
                                          Apr  2 21:02:00 pfsense kernel: pci1: <ACPI PCI bus> on pcib1
                                          Apr  2 21:02:00 pfsense kernel: igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> mem 0xfe500000-0xfe51ffff,0xfe520000-0xfe523fff at device 0.0 on pci1
                                          Apr  2 21:02:00 pfsense kernel: igb0: Using MSIX interrupts with 5 vectors
                                          Apr  2 21:02:00 pfsense kernel: igb0: Ethernet address: 00:0d:b9:45:e1:b0
                                          Apr  2 21:02:00 pfsense kernel: igb0: Bound queue 0 to cpu 0
                                          Apr  2 21:02:00 pfsense kernel: igb0: Bound queue 1 to cpu 1
                                          Apr  2 21:02:00 pfsense kernel: igb0: Bound queue 2 to cpu 2
                                          Apr  2 21:02:00 pfsense kernel: igb0: Bound queue 3 to cpu 3
                                          Apr  2 21:02:00 pfsense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
                                          Apr  2 21:02:00 pfsense kernel: pcib2: <ACPI PCI-PCI bridge> at device 2.3 on pci0
                                          Apr  2 21:02:00 pfsense kernel: pci2: <ACPI PCI bus> on pcib2
                                          Apr  2 21:02:00 pfsense kernel: igb1: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x2000-0x201f mem 0xfe600000-0xfe61ffff,0xfe620000-0xfe623fff at device 0.0 on pci2
                                          Apr  2 21:02:00 pfsense kernel: igb1: Using MSIX interrupts with 5 vectors
                                          Apr  2 21:02:00 pfsense kernel: igb1: Ethernet address: 00:0d:b9:45:e1:b1
                                          Apr  2 21:02:00 pfsense kernel: igb1: Bound queue 0 to cpu 0
                                          Apr  2 21:02:00 pfsense kernel: igb1: Bound queue 1 to cpu 1
                                          Apr  2 21:02:00 pfsense kernel: igb1: Bound queue 2 to cpu 2
                                          Apr  2 21:02:00 pfsense kernel: igb1: Bound queue 3 to cpu 3
                                          Apr  2 21:02:00 pfsense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
                                          Apr  2 21:02:00 pfsense kernel: pcib3: <ACPI PCI-PCI bridge> at device 2.4 on pci0
                                          Apr  2 21:02:00 pfsense kernel: pci3: <ACPI PCI bus> on pcib3
                                          Apr  2 21:02:00 pfsense kernel: igb2: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x3000-0x301f mem 0xfe700000-0xfe71ffff,0xfe720000-0xfe723fff at device 0.0 on pci3
                                          Apr  2 21:02:00 pfsense kernel: igb2: Using MSIX interrupts with 5 vectors
                                          Apr  2 21:02:00 pfsense kernel: igb2: Ethernet address: 00:0d:b9:45:e1:b2
                                          Apr  2 21:02:00 pfsense kernel: igb2: Bound queue 0 to cpu 0
                                          Apr  2 21:02:00 pfsense kernel: igb2: Bound queue 1 to cpu 1
                                          Apr  2 21:02:00 pfsense kernel: igb2: Bound queue 2 to cpu 2
                                          Apr  2 21:02:00 pfsense kernel: igb2: Bound queue 3 to cpu 3
                                          Apr  2 21:02:00 pfsense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024
                                          Apr  2 21:02:00 pfsense kernel: pcib4: <ACPI PCI-PCI bridge> at device 2.5 on pci0
                                          Apr  2 21:02:00 pfsense kernel: pci4: <ACPI PCI bus> on pcib4
                                          Apr  2 21:02:00 pfsense kernel: ath0: <Atheros 9280> mem 0xfe800000-0xfe80ffff at device 0.0 on pci4
                                          Apr  2 21:02:00 pfsense kernel: [ath] enabling AN_TOP2_FIXUP
                                          Apr  2 21:02:00 pfsense kernel: ath0: [HT] enabling HT modes
                                          Apr  2 21:02:00 pfsense kernel: ath0: [HT] 1 stream STBC receive enabled
                                          Apr  2 21:02:00 pfsense kernel: ath0: [HT] 1 stream STBC transmit enabled
                                          Apr  2 21:02:00 pfsense kernel: ath0: [HT] 2 RX streams; 2 TX streams
                                          Apr  2 21:02:00 pfsense kernel: ath0: AR9280 mac 128.2 RF5133 phy 13.0
                                          Apr  2 21:02:00 pfsense kernel: ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0
                                          Apr  2 21:02:00 pfsense kernel: pci0: <encrypt/decrypt> at device 8.0 (no driver attached)
                                          Apr  2 21:02:00 pfsense kernel: xhci0: <AMD FCH USB 3.0 controller> mem 0xfeb22000-0xfeb23fff at device 16.0 on pci0
                                          Apr  2 21:02:00 pfsense kernel: xhci0: 32 bytes context size, 64-bit DMA
                                          Apr  2 21:02:00 pfsense kernel: xhci0: Unable to map MSI-X table 
                                          Apr  2 21:02:00 pfsense kernel: usbus0 on xhci0
                                          Apr  2 21:02:00 pfsense kernel: usbus0: 5.0Gbps Super Speed USB v3.0
                                          Apr  2 21:02:00 pfsense kernel: ahci0: <AMD Hudson-2 AHCI SATA controller> port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xfeb25000-0xfeb253ff at device 17.0 on pci0
                                          Apr  2 21:02:00 pfsense kernel: ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier supported with FBS
                                          Apr  2 21:02:00 pfsense kernel: ahcich0: <AHCI channel> at channel 0 on ahci0
                                          Apr  2 21:02:00 pfsense kernel: ahcich1: <AHCI channel> at channel 1 on ahci0
                                          Apr  2 21:02:00 pfsense kernel: ehci0: <AMD FCH USB 2.0 controller> mem 0xfeb25400-0xfeb254ff at device 19.0 on pci0
                                          Apr  2 21:02:00 pfsense kernel: usbus1: EHCI version 1.0
                                          Apr  2 21:02:00 pfsense kernel: usbus1 on ehci0
                                          Apr  2 21:02:00 pfsense kernel: usbus1: 480Mbps High Speed USB v2.0
                                          Apr  2 21:02:00 pfsense kernel: isab0: <PCI-ISA bridge> at device 20.3 on pci0
                                          Apr  2 21:02:00 pfsense kernel: isa0: <ISA bus> on isab0
                                          Apr  2 21:02:00 pfsense kernel: sdhci_pci0: <Generic SD HCI> mem 0xfeb25500-0xfeb255ff at device 20.7 on pci0
                                          Apr  2 21:02:00 pfsense kernel: sdhci_pci0: 1 slot(s) allocated
                                          Apr  2 21:02:00 pfsense kernel: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
                                          Apr  2 21:02:00 pfsense kernel: uart0: console (115200,n,8,1)
                                          Apr  2 21:02:00 pfsense kernel: orm0: <ISA Option ROMs> at iomem 0xc0000-0xc0fff,0xef000-0xeffff on isa0
                                          Apr  2 21:02:00 pfsense kernel: ppc0: cannot reserve I/O port range
                                          Apr  2 21:02:00 pfsense kernel: uart1: <16550 or compatible> at port 0x2f8 irq 3 on isa0
                                          Apr  2 21:02:00 pfsense kernel: hwpstate0: <Cool`n'Quiet 2.0> on cpu0
                                          Apr  2 21:02:00 pfsense kernel: Timecounters tick every 1.000 msec
                                          Apr  2 21:02:00 pfsense kernel: ugen1.1: <AMD EHCI root HUB> at usbus1
                                          Apr  2 21:02:00 pfsense kernel: ugen0.1: <0x1022 XHCI root HUB> at usbus0
                                          Apr  2 21:02:00 pfsense kernel: uhub0: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
                                          Apr  2 21:02:00 pfsense kernel: uhub1: <0x1022 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
                                          Apr  2 21:02:00 pfsense kernel: uhub1: 4 ports with 4 removable, self powered
                                          Apr  2 21:02:00 pfsense kernel: uhub0: 2 ports with 2 removable, self powered
                                          Apr  2 21:02:00 pfsense kernel: ugen1.2: <vendor 0x0438 product 0x7900> at usbus1
                                          Apr  2 21:02:00 pfsense kernel: uhub2 on uhub0
                                          Apr  2 21:02:00 pfsense kernel: uhub2: <vendor 0x0438 product 0x7900, class 9/0, rev 2.00/0.18, addr 2> on usbus1
                                          Apr  2 21:02:00 pfsense kernel: uhub2: 4 ports with 4 removable, self powered
                                          Apr  2 21:02:00 pfsense kernel: ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
                                          Apr  2 21:02:00 pfsense kernel: ada0: <KINGSTON SMS200S360G 60AABBF0> ATA8-ACS SATA 3.x device
                                          Apr  2 21:02:00 pfsense kernel: ada0: Serial Number 50026B726C01BA4E
                                          Apr  2 21:02:00 pfsense kernel: ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
                                          Apr  2 21:02:00 pfsense kernel: ada0: Command Queueing enabled
                                          Apr  2 21:02:00 pfsense kernel: ada0: 57241MB (117231408 512 byte sectors)
                                          Apr  2 21:02:00 pfsense kernel: Trying to mount root from ufs:/dev/ufsid/56dcd2f0ead8d48f [rw]...
                                          Apr  2 21:02:00 pfsense kernel: random: unblocking device.
                                          Apr  2 21:02:00 pfsense kernel: CPU: AMD GX-412TC SOC                                (998.15-MHz K8-class CPU)
                                          Apr  2 21:02:00 pfsense kernel:   Origin="AuthenticAMD"  Id=0x730f01  Family=0x16  Model=0x30  Stepping=1
                                          Apr  2 21:02:00 pfsense kernel:   Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
                                          Apr  2 21:02:00 pfsense kernel:   Features2=0x3ed8220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C>
                                          Apr  2 21:02:00 pfsense kernel:   AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
                                          Apr  2 21:02:00 pfsense kernel:   AMD Features2=0x1d4037ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,Topology,PNXC,DBE,PTSC,PL2I>
                                          Apr  2 21:02:00 pfsense kernel:   Structured Extended Features=0x8<BMI1>
                                          Apr  2 21:02:00 pfsense kernel:   XSAVE Features=0x1<XSAVEOPT>
                                          Apr  2 21:02:00 pfsense kernel:   SVM: NP,NRIP,AFlush,DAssist,NAsids=8
                                          Apr  2 21:02:00 pfsense kernel:   TSC: P-state invariant, performance statistics
                                          Apr  2 21:02:00 pfsense kernel: padlock0: No ACE support.
                                          Apr  2 21:02:00 pfsense kernel: aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
                                          Apr  2 21:02:00 pfsense kernel: amdtemp0: <AMD CPU On-Die Thermal Sensors> on hostb5
                                          Apr  2 21:02:00 pfsense kernel: lo0: link state changed to UP
                                          Apr  2 21:02:00 pfsense kernel: wlan0: Ethernet address: 04:f0:21:2e:5d:50
                                          Apr  2 21:02:00 pfsense php-cgi: rc.bootup: Cloning new wireless interface ath0_wlan1
                                          Apr  2 21:02:00 pfsense kernel: wlan0: changing name to 'ath0_wlan0'
                                          Apr  2 21:02:00 pfsense php-cgi: rc.bootup: Cloning new wireless interface ath0_wlan2
                                          Apr  2 21:02:00 pfsense kernel: wlan1: Ethernet address: 06:f0:21:2e:5d:50
                                          Apr  2 21:02:00 pfsense kernel: wlan1: changing name to 'ath0_wlan1'
                                          Apr  2 21:02:00 pfsense php-cgi: rc.bootup: Cloning new wireless interface ath0_wlan3
                                          Apr  2 21:02:00 pfsense kernel: wlan2: Ethernet address: 0e:f0:21:2e:5d:50
                                          Apr  2 21:02:00 pfsense kernel: wlan2: changing name to 'ath0_wlan2'
                                          Apr  2 21:02:00 pfsense kernel: wlan3: Ethernet address: 0e:f0:21:2e:5d:50
                                          Apr  2 21:02:00 pfsense kernel: wlan3: changing name to 'ath0_wlan3'
                                          Apr  2 21:02:00 pfsense kernel: 
                                          Apr  2 21:02:00 pfsense kernel: vlan0: changing name to 'igb0.20'
                                          Apr  2 21:02:01 pfsense sshd[14507]: Server listening on :: port 22.
                                          Apr  2 21:02:01 pfsense sshd[14507]: Server listening on 0.0.0.0 port 22.
                                          Apr  2 21:02:04 pfsense kernel: igb0: link state changed to UP
                                          Apr  2 21:02:04 pfsense kernel: igb0.20: link state changed to UP
                                          Apr  2 21:02:04 pfsense check_reload_status: Linkup starting igb0
                                          Apr  2 21:02:04 pfsense check_reload_status: Linkup starting igb0.20
                                          Apr  2 21:02:07 pfsense check_reload_status: rc.newwanip starting igb0.20
                                          Apr  2 21:02:07 pfsense kernel: vlan1: changing name to 'igb0.832'
                                          Apr  2 21:02:08 pfsense php-fpm[395]: /rc.newwanip: rc.newwanip: Info: starting on igb0.20.
                                          Apr  2 21:02:08 pfsense php-fpm[395]: /rc.newwanip: rc.newwanip: on (IP address: 0.0.0.0) (interface: WAN[wan]) (real interface: igb0.20).
                                          Apr  2 21:02:08 pfsense php-fpm[395]: /rc.newwanip: rc.newwanip: Failed to update wan IP, restarting...
                                          Apr  2 21:02:08 pfsense check_reload_status: Configuring interface wan
                                          Apr  2 21:02:08 pfsense check_reload_status: rc.newwanip starting igb0.20
                                          Apr  2 21:02:08 pfsense kernel: done.
                                          Apr  2 21:02:09 pfsense kernel: done.
                                          Apr  2 21:02:09 pfsense php-fpm[396]: /rc.newwanip: rc.newwanip: Info: starting on igb0.20.
                                          Apr  2 21:02:09 pfsense php-fpm[396]: /rc.newwanip: rc.newwanip: on (IP address: 90.74.232.209) (interface: WAN[wan]) (real interface: igb0.20).
                                          Apr  2 21:02:09 pfsense php-fpm[396]: /rc.newwanip: Removing static route for monitor 8.8.8.8 and adding a new route through 90.74.239.254
                                          Apr  2 21:02:10 pfsense kernel: done.
                                          Apr  2 21:02:10 pfsense kernel: bridge0: Ethernet address: 02:0c:6d:eb:8d:00
                                          Apr  2 21:02:10 pfsense php-cgi: rc.bootup: Resyncing OpenVPN instances.
                                          Apr  2 21:02:10 pfsense kernel: igb2: promiscuous mode enabled
                                          Apr  2 21:02:10 pfsense kernel: bridge0: link state changed to UP
                                          Apr  2 21:02:10 pfsense kernel: ath0_wlan0: promiscuous mode enabled
                                          Apr  2 21:02:10 pfsense kernel: 
                                          Apr  2 21:02:10 pfsense kernel: tun1: changing name to 'ovpns1'
                                          Apr  2 21:02:10 pfsense check_reload_status: rc.newwanip starting igb0.20
                                          Apr  2 21:02:10 pfsense kernel: ovpns1: link state changed to UP
                                          Apr  2 21:02:10 pfsense kernel: tun2: changing name to 'ovpns2'
                                          Apr  2 21:02:10 pfsense check_reload_status: rc.newwanip starting ovpns1
                                          Apr  2 21:02:11 pfsense kernel: ovpns2: link state changed to UP
                                          Apr  2 21:02:11 pfsense check_reload_status: rc.newwanip starting ovpns2
                                          Apr  2 21:02:11 pfsense kernel: pflog0: promiscuous mode enabled
                                          Apr  2 21:02:11 pfsense kernel: .
                                          Apr  2 21:02:11 pfsense php-fpm[395]: /rc.newwanip: rc.newwanip: Info: starting on igb0.20.
                                          Apr  2 21:02:11 pfsense kernel: 
                                          Apr  2 21:02:11 pfsense kernel: DUMMYNET 0 with IPv6 initialized (100409)
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched FIFO loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched QFQ loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched RR loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched WF2Q+ loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched PRIO loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched FQ_CODEL loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_sched dn_sched FQ_PIE loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_aqm dn_aqm CODEL loaded
                                          Apr  2 21:02:11 pfsense kernel: load_dn_aqm dn_aqm PIE loaded
                                          Apr  2 21:02:11 pfsense php-fpm[395]: /rc.newwanip: rc.newwanip: on (IP address: 90.74.232.209) (interface: WAN[wan]) (real interface: igb0.20).
                                          Apr  2 21:02:11 pfsense php-fpm[396]: /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
                                          Apr  2 21:02:11 pfsense php-fpm[396]: /rc.newwanip: rc.newwanip: on (IP address: 10.0.76.1) (interface: []) (real interface: ovpns1).
                                          Apr  2 21:02:11 pfsense php-fpm[395]: /rc.newwanip: Removing static route for monitor 8.8.8.8 and adding a new route through 90.74.239.254
                                          Apr  2 21:02:12 pfsense php-fpm[396]: /rc.newwanip: rc.newwanip: Info: starting on ovpns2.
                                          Apr  2 21:02:12 pfsense php-fpm[396]: /rc.newwanip: rc.newwanip: on (IP address: 10.0.1.1) (interface: []) (real interface: ovpns2).
                                          Apr  2 21:02:13 pfsense kernel: igb1: link state changed to UP
                                          Apr  2 21:02:13 pfsense check_reload_status: Linkup starting igb1
                                          Apr  2 21:02:13 pfsense php-cgi: rc.bootup: Removing static route for monitor 8.8.8.8 and adding a new route through 90.74.239.254
                                          Apr  2 21:02:13 pfsense kernel: done.
                                          Apr  2 21:02:14 pfsense kernel: 
                                          Apr  2 21:02:14 pfsense kernel: igb2: link state changed to UP
                                          Apr  2 21:02:14 pfsense check_reload_status: Linkup starting igb2
                                          Apr  2 21:02:14 pfsense php-cgi: rc.bootup: Default gateway setting Interface WAN_DHCP Gateway as default.
                                          Apr  2 21:02:14 pfsense php-cgi: rc.bootup: Gateway, none 'available' for inet6, use the first one configured. ''
                                          Apr  2 21:02:24 pfsense php-cgi: rc.bootup: sync unbound done.
                                          Apr  2 21:02:24 pfsense kernel: done.
                                          Apr  2 21:02:24 pfsense kernel: pw: group `wheel' does not exist
                                          Apr  2 21:02:25 pfsense kernel: done.
                                          Apr  2 21:02:25 pfsense kernel: done.
                                          Apr  2 21:02:25 pfsense php-cgi: rc.bootup: NTPD is starting up.
                                          Apr  2 21:02:26 pfsense kernel: done.
                                          Apr  2 21:02:26 pfsense dhcpleases: kqueue error: unknown
                                          Apr  2 21:02:26 pfsense check_reload_status: Updating all dyndns
                                          Apr  2 21:02:26 pfsense kernel: .
                                          Apr  2 21:02:27 pfsense kernel: .
                                          Apr  2 21:02:27 pfsense kernel: ..
                                          Apr  2 21:02:27 pfsense php-fpm[396]: /rc.dyndns.update: phpDynDNS (grigri.cloud): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
                                          Apr  2 21:02:28 pfsense kernel: 0 addresses deleted.
                                          Apr  2 21:02:32 pfsense kernel: done.
                                          Apr  2 21:02:32 pfsense php-cgi: rc.bootup: Creating rrd update script
                                          Apr  2 21:02:32 pfsense kernel: done.
                                          Apr  2 21:02:33 pfsense root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
                                          Apr  2 21:02:36 pfsense syslogd: exiting on signal 15
                                          Apr  2 21:02:36 pfsense syslogd: kernel boot file is /boot/kernel/kernel
                                          Apr  2 21:02:36 pfsense kernel: done.
                                          Apr  2 21:02:37 pfsense php-fpm[395]: /rc.start_packages: Restarting/Starting all packages.
                                          Apr  2 21:02:37 pfsense php-fpm[395]: [pfBlockerNG] Starting cron process.
                                          Apr  2 21:02:38 pfsense check_reload_status: Syncing firewall
                                          Apr  2 21:02:38 pfsense check_reload_status: Reloading filter
                                          Apr  2 21:02:40 pfsense php-fpm[6848]: /status_logs.php: Successful login for user 'admin' from: 192.168.76.82 (Local Database Fallback)
                                          Apr  2 21:02:40 pfsense php-cgi: haproxy: starting old pid:none
                                          Apr  2 21:02:41 pfsense php-cgi: haproxy: started new pid:86070
                                          

                                          I don't have any other router to try it. How can I do a deep debug? Could try to generate certs manually or something? I'm totally lost :S

                                          Thanks for your help, anyway.

                                          1 Reply Last reply Reply Quote 0
                                          • jimpJ Offline
                                            jimp Rebel Alliance Developer Netgate
                                            last edited by

                                            That all seems OK.

                                            Last time something weird like this happened that wasn't due to globals.inc shenanigans the user had manually created their own disk layout with multiple disks and it botched the update somehow.

                                            What does the mount command output?

                                            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                            Need help fast? Netgate Global Support!

                                            Do not Chat/PM for help!

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.