Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
After Upgrade to 21.7 - freeradius fail to start
« previous
next »
Print
Pages: [
1
]
Author
Topic: After Upgrade to 21.7 - freeradius fail to start (Read 2930 times)
Ralf_s
Newbie
Posts: 7
Karma: 0
After Upgrade to 21.7 - freeradius fail to start
«
on:
July 29, 2021, 04:48:45 pm »
Hi,
the freeradius wouldn't start with the error message:
Error: /usr/local/etc/raddb/mods-enabled/pap[13]: Failed to link to module 'rlm_pap': Cannot open "/usr/local/lib/freeradius-3*/rlm_pap.so"
Could you please help
best regards,
Ralf
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #1 on:
July 30, 2021, 12:38:43 pm »
I think the latest FreeRADIUS does not like LibreSSL anymore.. switching to OpenSSL should fix this.
Cheers,
Franco
Logged
Ralf_s
Newbie
Posts: 7
Karma: 0
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #2 on:
July 30, 2021, 01:08:05 pm »
switching to OpenSSL - reboot - freeradius is working again. TOP!!!
many thanks,
Ralf
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #3 on:
July 30, 2021, 01:28:39 pm »
Hi Ralf,
Glad to hear
I'll be watching for changes there. It's a bit unusual because previously it has always played nice with LibreSSL except for some compile errors.
Cheers,
Franco
Logged
Christian
Newbie
Posts: 5
Karma: 2
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #4 on:
August 23, 2021, 07:51:12 pm »
Hi Franco,
just to confirm that this is not a one-off: I am seeing the same error as Ralf (I also saw it with 21.7 as documented here
https://forum.opnsense.org/index.php?PHPSESSID=mqo6ikmrudta2di05im45v616g&topic=23556.msg112148#msg112148
).
I can also confirm that switching from LibreSSL to OpenSSL is a working workaround
. So it looks as if the LibreSSL-build of the freeradius3 package is broken.
Cheers
Christian
Logged
tom.goes.open
Newbie
Posts: 15
Karma: 0
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #5 on:
August 31, 2021, 09:23:07 am »
Hi,
as there are lots of problems using LibreSSL in the past months (OpenVPN, CertManager/PHP, FreeRADIUS), do you recommend chaning to OpenSSL in general?
Thanks.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #6 on:
August 31, 2021, 10:25:43 am »
It's never been much different to be honest. We recommend upstream projects to support LibreSSL proper, but if they don't this is always going to happen.
In the grand scheme of things LibreSSL popularity slowly declined over the past couple of years and we don't have it in the business edition to avoid such unfortunate (but avoidable) issues by using OpenSSL.
The slow adaptation of CMS and TLS 1.3 probably play a role here coupled with the release cycle and ABI breakage that only fits the OpenBSD release cycle.
Don't get me wrong. I'm a huge fan of the LibreSSL effort and we have been helping with FreeBSD ports integration and patching since 2015. This is just my personal observation of the topic.
Cheers,
Franco
«
Last Edit: August 31, 2021, 10:27:20 am by franco
»
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: After Upgrade to 21.7 - freeradius fail to start
«
Reply #7 on:
September 01, 2021, 09:48:24 pm »
The nginx plugin also has some small issues when it runs on LibreSSL.
Handshakes: Curves are missing (defined variables are not filled with values)
General: TLS 1.3 support
So I guess that even if such major software struggles with LibreSSL, then the support in smaller projects is even worse.
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
For example, $ssl_Curves is as far as I know, only supported by OpenSSL, while $ssl_ciphers is supported by both of them. Those variables are used to build the browser fingerprint together with the UA.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
After Upgrade to 21.7 - freeradius fail to start