Messages

I am seeing the same issue, also on an apu2 but with coreboot v4.17.0.3 and OPNsense v21.7.6. My uptime is slightly higher, around 36 h.

According to smartctl the SSD is fine, no errors at all. Scrubbing the pool shows no errors. Only thing I can think of is to swap out the SSD regardless.

@senser @thomas.sec Was there any progress on this since your posts?

After updating from 22.1 to 22.7 using the web browser, OPNsense failed to boot. On the serial console, I got the error message:

>>> Invoking early script 'carp'
CARP event system: Error (127)
Launching the init system.../usr/local/etc/rc: /usr/local/etc/rc.bootup: not found
Enter full pathname of shell or RETURN for /bin/sh:


After some head scratching, it turns out that rc.bootup is a PHP file and /usr/local/bin/php was AWOL as in simply not there (or anywhere else in the file system, for that matter.)  :(

Since I have daily config backups, I felt confident in trying a re-install. So I created a boot image on a USB stick and booted that.

It turns out there is an option to Import Configuration in the installer, which (spoiler alert) managed to import my entire configuration perfectly.  :)

So the installer ran through and re-booted. I then ran the updater again from the serial console since there was an update from 22.7 to 22.7.4 available. That installed just fine and my firewall is running as before now.

Unfortunately, I have no idea what went wrong, since I got no indication of a problem in the web installer. If there is a log file hidden somewhere, I'd be happy to provide it if someone can point me to it.

I guess I will go back to using the serial console for updates, if only to have a log in the rare case that something goes wrong.

I want to thank the OPNsense team for doing such a fine job with the installer (and OPNsense in general)! Things shouldn't - but they can - go wrong and the installer had my back.  8) :)

Hi Franco,

just to confirm that this is not a one-off: I am seeing the same error as Ralf (I also saw it with 21.7 as documented here  https://forum.opnsense.org/index.php?PHPSESSID=mqo6ikmrudta2di05im45v616g&topic=23556.msg112148#msg112148).

I can also confirm that switching from LibreSSL to OpenSSL is a working workaround ;). So it looks as if the LibreSSL-build of the freeradius3 package is broken.

Cheers
Christian

Uninstalling and re-installing from the web GUI did not resolve the issue, so I used pkg remove freeradius3-3.0.15_1 to nuke the package.

The messages while installing were quite different from what I saw before and now the certificates specified in EAP settings are used. All is well.  :)

Thanks!

Hi,

I have tried replacing my previous manually-installed freeradius with the os-freeradius package. Installing the package trashed the existing configuration by overwriting some files but not removing all old files, so I uninstalled, removed all configuration files manually, and re-installed os-freeradius.

For installation and configuration, I followed https://wiki.opnsense.org/manual/how-tos/freeradius.html.

Freeradius does not start. In /var/log/radius.log I see the following:

    Warning: Support for old-style clients will be removed in a future release
    Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 192.168.178.53. Please fix your configuration
    Warning: Support for old-style clients will be removed in a future release
    Info: Debugger not attached
    Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"    found in filter list for realm "DEFAULT".
    Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"    found in filter list for realm "DEFAULT".
    Error: Unable to check file "/usr/local/etc/raddb/certs/server.pem": No such file or directory
    Error: rlm_eap_tls: Failed initializing SSL context
    Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls
    Error: /usr/local/etc/raddb/mods-enabled/eap[15]: Instantiation failed for module "eap"

I don't know what the warnings are about, I guess those are internal problems with the plugin?

It seems to me that the fatal error is the fact that /usr/local/etc/raddb/certs/server.pem is missing. I did not find any mention of creating this file in the howto and I am at a loss what to do.

Any help would be much appreciated. ;)

Thanks,
Christian