"
Did you lose all connectivity? I lost access to about half the internet. I gave up trying to figure it out, and reinstalled. All worked again, so tried to update, and same issue.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 05, 2022, 03:21:38 PM
#3
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 05, 2022, 02:34:10 PMQuote from: Fright on February 05, 2022, 06:20:20 AM
still not clear why the request with ipv6 is hitting the local port. perhaps the output of pfctl right after curl would help to understand.
It generates a lot of data. This seems to be the relevant bit.
Code Select
all tcp 2a02:my:ip:xxx::1[50482] -> 2001:1af8:4f00:a005:5::[443] FIN_WAIT_2:FIN_WAIT_2
#4
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 04, 2022, 07:01:06 PM
This is what I looks like with IPV6 enabled.
Code Select
root@OPNsense:~ # curl -v https://pkg.opnsense.org
* Trying 2001:1af8:4f00:a005:5:::443...
* Connected to pkg.opnsense.org (2001:1af8:4f00:a005:5::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /usr/local/etc/ssl/cert.pem
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=GB; ST=Hampshire; L=Southampton; O=LogicEthos; emailAddress=stuart@something.com; CN=LE-Cert
* start date: Feb 4 14:48:04 2022 GMT
* expire date: Mar 8 14:48:04 2023 GMT
* SSL: certificate subject name 'LE-Cert' does not match target host name 'pkg.opnsense.org'
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: certificate subject name 'LE-Cert' does not match target host name 'pkg.opnsense.org'
More details here: https://curl.se/docs/sslcerts.html
#5
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 04, 2022, 06:40:56 PM
I have just forced unbound to issue the IPV4 address, instead of the IPV6 address for pkg.opnsense.org
It now works! ¯\_(ツ)_/¯
It now works! ¯\_(ツ)_/¯
#6
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 03, 2022, 05:13:22 PMQuote from: MoonbeamFrame on February 03, 2022, 05:08:30 PM
Is the implication here that this is failing because the VM does not have a real external IP?
Perhaps you could try downloading changelog.txz as above. When I do it from OpnSense console, it fails. From my desktop (which is connected via OpnSense) it works. The implication is there is an internal proxy, but I have not been able to find it.
#7
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 03, 2022, 11:11:09 AM
I tried removing port forwarding. Same.
I deleted the certificate that was in my config file. I created a new self-cert certificates
From my web broser, I can download without problems.
but from the console I get
I deleted the certificate that was in my config file. I created a new self-cert certificates
Code Select
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
SSL certificate subject doesn't match host www.mirrorservice.org
From my web broser, I can download without problems.
Code Select
https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txzbut from the console I get
Code Select
root@OPNsense:~ # curl https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz
curl: (60) SSL: certificate subject name 'LE Cert' does not match target host name 'pkg.opnsense.org'
#8
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 02, 2022, 02:45:22 PM
I have this in my certificates.
#9
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 02, 2022, 02:06:17 PM
pkg = 1.16.3_1
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Wed Feb 2 13:05:06 UTC 2022
>>> Check installed kernel version
Version 22.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.74 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dhcpleases-0.2 has no upstream equivalent
Checking packages: .
dnsmasq-2.86_2,1 has no upstream equivalent
Checking packages: .
dpinger-3.0 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.2P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.2P1_1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.63 has no upstream equivalent
Checking packages: .
monit-5.29.0_1 has no upstream equivalent
Checking packages: .
mpd5-5.9_6 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_4 has no upstream equivalent
Checking packages: .
openssh-portable-8.8.p1_1,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1m_1,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.5 has no upstream equivalent
Checking packages: .
opnsense-22.1 has no upstream equivalent
Checking packages: .
opnsense-installer-22.1 has no upstream equivalent
Checking packages: .
opnsense-lang-21.7.8 has no upstream equivalent
Checking packages: .
opnsense-update-22.1 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.7_9 has no upstream equivalent
Checking packages: .
php74-ctype-7.4.27 has no upstream equivalent
Checking packages: .
php74-curl-7.4.27 has no upstream equivalent
Checking packages: .
php74-dom-7.4.27 has no upstream equivalent
Checking packages: .
php74-filter-7.4.27 has no upstream equivalent
Checking packages: .
php74-gettext-7.4.27 has no upstream equivalent
Checking packages: .
php74-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php74-json-7.4.27 has no upstream equivalent
Checking packages: .
php74-ldap-7.4.27 has no upstream equivalent
Checking packages: .
php74-openssl-7.4.27 has no upstream equivalent
Checking packages: .
php74-pdo-7.4.27 has no upstream equivalent
Checking packages: .
php74-pecl-radius-1.4.0b1_1 has no upstream equivalent
Checking packages: .
php74-phalcon4-4.1.3 has no upstream equivalent
Checking packages: .
php74-phpseclib-2.0.35 has no upstream equivalent
Checking packages: .
php74-session-7.4.27 has no upstream equivalent
Checking packages: .
php74-simplexml-7.4.27 has no upstream equivalent
Checking packages: .
php74-sockets-7.4.27 has no upstream equivalent
Checking packages: .
php74-sqlite3-7.4.27 has no upstream equivalent
Checking packages: .
php74-xml-7.4.27 has no upstream equivalent
Checking packages: .
php74-zlib-7.4.27 has no upstream equivalent
Checking packages: .
pkg-1.16.3_1 has no upstream equivalent
Checking packages: .
py38-Jinja2-3.0.1 has no upstream equivalent
Checking packages: .
py38-dnspython2-2.2.0 has no upstream equivalent
Checking packages: .
py38-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py38-requests-2.25.1 has no upstream equivalent
Checking packages: .
py38-sqlite3-3.8.12_7 has no upstream equivalent
Checking packages: .
py38-ujson-5.0.0 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.7.2_4 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-4.15 has no upstream equivalent
Checking packages: .
strongswan-5.9.4 has no upstream equivalent
Checking packages: .
sudo-1.9.8p2 has no upstream equivalent
Checking packages: .
suricata-6.0.4_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.35.1 has no upstream equivalent
Checking packages: .
unbound-1.14.0 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***
#10
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
February 01, 2022, 10:13:57 PM
I had this problem too before updating. Still got it. Must be something wrong with my configuration file.
Code Select
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Tue Feb 1 21:10:47 UTC 2022
Fetching changelog information, please wait... Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
34374492160:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916: #11
22.1 Legacy Series / Re: Set PPPoE MRU MTU independent
January 18, 2022, 09:16:05 PMQuote from: seed on January 17, 2022, 08:09:59 PM
To view the statistics you just need to edit the mpd5 configuration file (/var/etv/mpd_wan.conf) and add this:
set user foo bar admin
set web self 127.0.0.1 5006
set web open
Just what I was looking for, thank you.
#12
22.1 Legacy Series / Re: Set PPPoE MRU MTU independent
January 13, 2022, 05:55:23 PM
Would be nice if PPPoE could get a better UI. Realtime status of connection attempts, and server responses.
#13
22.1 Legacy Series / Re: Is version 22 being built on FreeBSD 13
December 28, 2021, 09:43:28 PM
Looks like it.
https://opnsense.org/about/road-map/
https://opnsense.org/about/road-map/
#14
21.7 Legacy Series / Re: Unable to check for updates.
September 30, 2021, 04:42:58 PM
No.
I don't remember there being a reboot, after the last update. Maybe that's it. I'll try that when things are quiet.
Thanks.
I don't remember there being a reboot, after the last update. Maybe that's it. I'll try that when things are quiet.
Thanks.
#15
21.7 Legacy Series / Re: Unable to check for updates.
September 30, 2021, 04:37:12 PM
Looks like it, yet from the LAN side there is no problem. I tried using curl from shell, and it fails with "self signed certificate".
