25.4 - OPNcentral lost all managed firewalls

Started by Patrick M. Hausen, April 11, 2025, 10:19:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 11, 2025, 10:19:29 PM
Hi!

After upgrading our 4 systems with a business subscription all are working well but I cannot see them in OPNcentral at all. Re-creating and reconfiguring an API key for one of the manages systems did not change anything.

All systems including the one running OPNcentral are on 25.4.

Where shall I look for clues?

Thanks!
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 12, 2025, 03:39:05 PM #1
Hi!

Do you have the same issue as me in topic https://forum.opnsense.org/index.php?topic=46772.0?
April 12, 2025, 05:40:32 PM #2
Apparently. Four nodes including the management system itself - none show up in the status overview.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 14, 2025, 11:07:28 AM #3
Hi Patrick,

Which user is logged in at the central node? are there any host groups configured? if not, does the browser console show any errors?

Best regards,

Ad
April 14, 2025, 11:15:33 AM #4 Last Edit: April 14, 2025, 11:51:03 AM by Patrick M. Hausen
1. My personal user with full administration privileges. To connect the firewalls to OPNcentral I had generated the API keys for each root user.

2. When I log in as root I can see the one system for which I generated a new API key over the weekend as part of my trouble shooting attempts.
EDIT: probably would have seen all of them - I accidentally disabled all but one.

3. No errors in the browser console, neither with my user nor with root.

Thanks!
Patrick

Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 14, 2025, 11:42:37 AM #5
Hi Patrick,

I think I found the culprit, can you paste the following in a text file on the OPNcentral node:

Code Select
diff --git a/deciso/OPNcentral/src/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php b/deciso/OPNcentral/src/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php
index 02c77910d..1e80df3bb 100644
--- /usr/local/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php
+++ /usr/local/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php
@@ -63,7 +63,7 @@ class Central extends BaseModel
                    $auth_groups[] = (string)$groupNode->gid;
                } else {
                    foreach ($groupNode->children() as $itemKey => $node) {
-                        if ($itemKey == 'member' && (string)$node != "" && (string)$node == $this_uid) {
+                        if ($itemKey == 'member' && in_array($this_uid, explode(',', (string)$node))) {
                            $auth_groups[] = (string)$groupNode->gid;
                        }
                    }


assuming the file is called /tmp/opncentral.patch, next run :

Code Select
patch -p0 < /tmp/opncentral.patch

If this fixes your issue, we'll schedule a minor upgrade as soon as possible.

Best regards,

Ad
April 14, 2025, 11:50:12 AM #6
Quote from: AdSchellevis on April 14, 2025, 11:42:37 AMIf this fixes your issue, we'll schedule a minor upgrade as soon as possible.

It does - thank you.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 14, 2025, 02:21:25 PM #7
This has been hotfixed.


Cheers,
Franco
Print
Go Up Pages1
User actions