OpenVPN could not be established after upgrade to 23.01 on SG-3100
-
@innostus Mission critical software development, testing, deployment, and support has been my career since 1985. First rule for applying an update: develop and test a contingency plan to ensure you can fallback to a known operational state if anything goes wrong during or after the update.
You can blame Netgate for missing a defect but we are all responsible for ensuring that we follow industry established best practices to ensure a rapid recovery from an unplanned event or disaster. If I upgraded my environment without testing or having a fallback plan and I am suffering from unexpected or degraded performance, I am to blame - not Netgate.
If I don’t have the time or resources to test or recover then I wait to upgrade and monitor forums like this to see if there are any issues that may impact my environment.
Finally, thank you very much to everyone who did discover issues and provided the valuable information for Netgate to address them.
-
@maxk-0 Thanks for replying. You seem to assume that I do not have a fallback. However, one of the reasons someone buys an appliance, is to have decent reliability and support. Also, the 3100 is aimed at small business and private persons, who do not always have a spare device to test with. My own mistakes: I missed the news items on the 23.01 beta, RC and release. They followed rapidly after each other. That should have tipped me off into waiting a little longer.
Have a nice day!
Arnold
-
@maxk-0 said in OpenVPN could not be established after upgrade to 23.01 on SG-3100:
contingency plan to ensure you can fallback to a known operational state
This is the way ;)
Be it your in an enterprise or just a home user - this is the way! ;)
-
@johnpoz
sure there's a way, I just, dammit, don't want to go onsite! -
Opened a bug for this: https://redmine.pfsense.org/issues/13963
Updating the linker file manaully fixed it for me. Run:
kldxref /boot/kernel
Steve
-
@stephenw10 This works for me!
-
working fine and is reboot safe. Excellent. Thanks.
I won't reflash and wait for a possible bugfix release. -
@shpokas I hear ya - but we always have someone on hand in the DC when doing any sort of upgrade.. Just in case.. The best laid plans can always fail..
I left some boxes at sites on old pfsense for longest time because of covid, and just pita to either go there or have someone available..
And also hear ya that damn it this box should just work.. And I should just be able to click update.. But no matter how easy it should be or how many times it has worked in the past, etc. And this is not some minor update, this is a major change to freebsd, and an upgrade to php as well, etc..
I haven't pulled the trigger yet on my 4860 here at home.. But I did get the new 23.01 image from tac already, and will burn it to usb and be ready to clean install if something goes horrible wrong.. Nothing will I hope - but just in case, I don't want to be down for any period of time. I also still have 22.05 image if need be to clean install too, etc.
Also notice that I might have an issue with my 4860 "may have issues with the ichsmb0 and/or ehci0" so have that info handy to put in the /boot/loader.conf.local
If something crashes and burns - I wouldn't be happy no.. But also know that things like this can happen.. I need to update the dsm version on my nas for example.. And had many an update go smooth in the past, but since the last update I have created a non supported configuration with nvme as storage.. People say shouldn't be a problem - but just in case I am currently backing up my plex and dockers that reside on the nvme storage - just in case that doesn't survive the update.. And I don't want to go through the hassle recreating them, nor using a backup from a few days ago.. So running a backup just before I do the update later this morning ;)
-
I would add the line to disable ichsmb on the 4860 before upgrading @johnpoz
You lose nothing by having it there. We will likely add that by default in 23.05.
If you're not on the console you won't notice anything anyway. -
@stephenw10 thanks I was thinking of that.. Any reason why a clean install might be good - change to the zfs layout or anything. I was thinking I should be able to test the zfs rollback feature with this update as well.
So should I be able to rollback to 22.05 after an update to 23.01?
-
Yes you can roll back to 22.05 from 23.01. But not to 22.01.
There's no particular reason a clean install should be any better there. IMO at least!
-
@stephenw10 might have to give that a test run ;) I really don't ever see any need for the feature myself - but might be nice to have at least tested it in case of anyone having questions on it at some point.
-
-
-
Same here (SG-3100), OpenVPN service cannot start after 23.01 update.
Is the command kldxref /boot/kernel (described in this thead as a fix) the offcial recommended solution, or should we wait for another workaround? If done, would it be a permanent fix?
Thank you
-
I have use that and seen no issues since. It does survive a reboot.
-
Ok great, thank you!
I will also follow your bug report status.. -
Same here, kldxref /boot/kernel fixed for me as well. 3100
-
I also had this issue with a 3100 and the kldxref /boot/kernel command worked for me too.
-
-
-
-
-
@stephenw10 I ended up having this issue on a 1537. Applied the patch from the redmine post and issue is now resolved.
-
@stephenw10 Is this ran through SSH console? I ran via SSH and ran into the following error: kldxref: can't create /boot/lhint.h6bsDi: Permission denied
-
You probably need to be logged in as root or admin to run that.
It should work via Diag > Command Prompt in the webgui though.