[SOLVED] OpenVPN will not start on 18.1.r1

[elektroinside]

Only OpenVPN, which i use to connect with clients from my workplace and phone. I'm pushing all the traffic through the tunnel on the clients, but on the server it's a standard setup with "redirect gateway" enabled...

Not using ddns as my ISP provides this service for me.

Do you want me to open another thread for the pf restart issue and post the diff there, not to mix the thread with other stuff? The OpenVPN issue was fixed anyway...

[franco]

It's ok to continue in here. It's related to OpenVPN boot ordering somehow.

[elektroinside]

I sent you the diff in a PM, it has some data i would not like to be made public...

[franco]

Thanks, it does not look like it's problematic in the rules, but in any case try this patch, I was looking in the wrong place as bootup is different in behaviour...

https://github.com/opnsense/core/commit/27fe55f


Thank you for your help

Franco

[elektroinside]

Rebooted the box twice after applying the patch (1-console, 2-GUI)
First time it worked, the second it didn't...

Sure Franco, any time.

[franco]

Annoying, can you send over the first page of the system logs from after reboot when this works and when it doesn't?

I don't think the rules are different now at all, which either indicates a route issue or something that happens / does not happen after boot.

There are more changes on the development branch in the git repo, but patching them manually on top is getting tricky.


Cheers,
Franco

[elektroinside]

I have sent you a wetransfer download link in your PM with both.

Thanks Franco!

[elektroinside]

Can i delete this exact reply? Accidentally quoted myself Anyway, is the verbosity level ok?

[franco]

Ok, so I think there is a race happening with PPPoE startup, because... you are running a lot of plugins / additional services.

I will have to ask you to update your configuration to master to make sure to try the full rework:

# opnsense-code core
# cd /usr/core
# make upgrade CORE_ABI=18.1 CORE_NAME=opnsense

The changes against 18.1.r1 are minimal at the moment.

I've moved the service config generation out of the actual boot sequence and added messages for when the PPPoE startup is ignored because we are still booting. That should:

(a) make it work more reliably, but still not perfect, but
(b) will let us hopefully confirm that the ignored PPPoE reconfigure is the issue here.


Cheers,
Franco

[elektroinside]

Hi Franco,

In the meantime i've switched back to devel and updated to 18.1.r15.
Same issue though... I also needed to apply the OpenVPN patch as well.

I just tried to update to master, but:

Code: [Select]

root@gateway:~ # opnsense-code core
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        git: 2.15.1
        p5-Error: 0.17025
        cvsps: 2.1_2

Number of packages to be installed: 3

The process will require 27 MiB more space.
4 MiB to be downloaded.
[1/3] Fetching git-2.15.1.txz: 100%    4 MiB   4.5MB/s    00:01
[2/3] Fetching p5-Error-0.17025.txz: 100%   19 KiB  19.3kB/s    00:01
[3/3] Fetching cvsps-2.1_2.txz: 100%   41 KiB  41.6kB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing p5-Error-0.17025...
[1/3] Extracting p5-Error-0.17025: 100%
[2/3] Installing cvsps-2.1_2...
[2/3] Extracting cvsps-2.1_2: 100%
[3/3] Installing git-2.15.1...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
Extracting git-2.15.1: 100%
Message from cvsps-2.1_2:

===>   NOTICE:

The cvsps port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from git-2.15.1:

------------------------------------------------------------------------
*************************** GITWEB *************************************
If you installed the GITWEB option please follow these instructions:

In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.

All you have to do to make gitweb work is:
1) Copy the files /usr/local/share/examples/git/gitweb/* to a directory on
   your web server (e.g. Apache2) in which you are able to execute
   CGI-scripts.
2) In gitweb.cgi, adjust the variable $projectroot to point to
   your git repository (that is where you have your *.git project
   directories).
*************************** GITWEB *************************************

*************************** CONTRIB ************************************
If you installed the CONTRIB option please note that the scripts are
installed in /usr/local/share/git-core/contrib. Some of them require
other ports to be installed (perl, python, etc), which you may need to
install manually.
*************************** CONTRIB ************************************
------------------------------------------------------------------------
Cloning into '/usr/core'...
remote: Counting objects: 93291, done.
remote: Compressing objects: 100% (36/36), done.
remote: Total 93291 (delta 15), reused 28 (delta 12), pack-reused 93242
Receiving objects: 100% (93291/93291), 56.53 MiB | 4.96 MiB/s, done.
Resolving deltas: 100% (66667/66667), done.
root@gateway:~ # cd /usr/core
root@gateway:/usr/core # make upgrade CORE_ABI=18.1 CORE_NAME=opnsense
pkg: No package(s) matching opnsense
>>> Cannot find package.  Please run 'opnsense-update -t opnsense'
*** Error code 1

Stop.
make: stopped in /usr/core


Think i did something stupid.. i'm not a newbie as a user of freebsd firewalls, i'm a total newbie in freebsd though, i never did go deeper than the GUI up until now :-) Sorry for the headaches.

[elektroinside]

Should i run 'opnsense-update -t opnsense' and then 'make upgrade CORE_ABI=18.1 CORE_NAME=opnsense' ?

[elektroinside]

Ok, the switch to master worked. Let me try to reproduce the issue.

[elektroinside]

I think it worked Franco! I am unable to reproduce the issue!

Awesome job!

Can i switch back to LibreSSL? I think i can't just yet

Personally, i have one more remaining issue, maybe you could also shed some light there:
https://forum.opnsense.org/index.php?topic=6855.0


Many thanks!

[franco]

Ok, it's not perfect yet but definitely better. If a reboot should ever not work please let me know coupled with the system log as there is a telling debug message now saying "IP renewal ignored during boot".

I assumed you were on 18.1.r1, that's why CORE_NAME had to be modified for master.

Installing the opnsense-devel package will always take you back to 18.1.r_15 as that is the fixed version on the mirror.

To wrap up, all this will make it into 18.1.r2 (RC2).

Let me follow up on the other issue later. It's probably not our code....


Cheers,
Franco

[franco]

And LibreSSL will be back when 18.1 is out which comes after 18.1.r2.