Internet lost in PfSense but VPN or everythingelse work well?
-
You like the 2.7.0 bugs better as the 2.7.2 bugs ?
-
@Gertjan ,
I check and it says I use latest version? -
@Gertjan ,
Is this bug? -
At the command line run:
certctl rehash
Then re-check.
That's probably also the pkg issue you are seeing.
-
Now I can see below screen;
-
Aha !!
You saw that ?
Fiirst :then, after the 'patch' (I sometimes have this strange feeling that @stephenw10 is an AI Netgate bot that is here to drop this "run: certctl rehash" command (sorry, stephenw10, I couldn't resist))
and then
which opens the path to 2.7.2.
Be ware that 2.7.2 won't free you from all misery, as you're like us : upgrading is great, but more then often, don't forget to upgrade the admin also (that's where most of the issues resides).
It will include a new OpenSSL and a way more recent OpenVPN.
If you are using the OpenVPN server you have to upgrade your clients also.
Easy enough : https://openvpn.net/client/client-connect-vpn-for-windows/ or : your phone app store etc.
Export a new OpenVPN client profile.
Import it into your OpenVPN client, and you're good. -
Yup. You should upgrade though!
-
Hi @Gertjan,
Finally. Yes. Thanks.
I will try to update today.Regards,
Mucip:) -
Dear @stephenw10 ,
Finally...Regards,
Mucip:) -
Dear @Gertjan ,
I updated to 2.7.2 finally. I have one pfsense box in outer office.
As you advice I will update it to 2.7.2 too.
But first of all I apply "certctl rehash" command in other pfsense. :)Thanks to all guys...
Regards,
Mucip:) -
Dear @stephenw10 ,
It happend again. It's like dejavu? :)
I used "run: certctl rehash" and now everything turned to normal. But why? What is the reason?
Should I add this command in the cron or what?Regards,
Mucip:) -
@mucip said in Internet lost in PfSense but VPN or everythingelse work well?:
But why? What is the reason?
Afaik : when upgrading from pfSense <2.7.0 to 2.7.0, this command should have been part of the steps to do after the upgrade finishes.
The thing is : it was forgotten.Don't worry, this situation only happened ones ^^ No need to thing about it anymore.
-
Dear @Gertjan,
I hope so. I already added this command to cron.
Well I will remove command from cron and check in the near future.Regards,
Mucip:) -
There should be no need to run that command manually in 2.7.2. The pkg scripts run it anyway when it's required.
How were you testing? If you simply ran
pkg update
from the CLI the client cert may have expired. Checking from the webgui should never hit that though. -
Dear @stephenw10,
I updated from WEB GUI not CLI.
In any case this morning the people said me that there is no internet out from Linux server.
I applied our famous command "certctl rehash" from webgui command execute menu and everything turn to normal again.
I will check. If I need to apply same command again than I add this command in the cron and run every midnight.Regards,
Mucip:) -
Hmm, that is odd. The only thing that should help with is local certs on pfSense itself. So access to the pkg repos which requires a client side cert.
It shouldn't make any difference to routing traffic. Unless maybe that is going via VPN that requires a cert.
-
Hi @stephenw10,
Well what should I do now?
And advice?
Adding in to cron?Regards,
Mucip:) -
It seems unlikely the issue is actually cert related. Somehow running that is re-loading something that allows traffic to restart. So I would be trying to determine exactly what fails when traffic stops.
-
Dear @stephenw10,
But how? What shoul I check if the internet stops again?Or I need to write script to check internet connetion in pfsense. When the internet lost than I need to run "certctl rehash" command again? I don't know?
Regards,
Mucip:) -
You are able to reach the pfSense gui from LAN when it fails yes?
So I would first test what pfSense itself can do in that situation. Can it ping 8.8.8.8? Can it ping google.com?
If it can then can LAN side clients do either of those?