Netgate SG-1000 microFirewall

Author Topic: Upgraded from 2.2.6 to 2.3RC and OpenVPN site2site broke  (Read 2047 times)

0 Members and 1 Guest are viewing this topic.

Offline eroji

  • Newbie
  • *
  • Posts: 24
  • Karma: +4/-0
    • View Profile
Upgraded from 2.2.6 to 2.3RC and OpenVPN site2site broke
« on: April 07, 2016, 03:51:00 am »
I upgraded my main pfsense router to 2.3RC and it completed very painlessly. So I didn't even bother taking a config backup and proceeded to upgrade the remote pfsense router at my parents and that ended up failing spectacularly. Both router has the exact same identical hardware and nearly identical configuration aside from OpenVPN differences. The remote router came back online post the initial upgrade and tunnel had been working. However, the auto update check stated there is another upgrade build so I went ahead with that install and that's when things went down hill.

I have some static routes set up on it because I am using L3 switch for all LAN traffic, and for some reason seem the routes were not set post the upgrade. That caused the DNS to my internal DC/DNS to fail and site2site tunnel wouldn't even connect. I am unable to access the web GUI but is able to ssh into it so I made a temporary change in resolv.conf to use a public DNS and that brought the tunnel back online. However, I am still unable to get to the web GUI and it appears that the remote routes aren't being pushed over correctly...

In any event, is it possible to somehow, remotely back up the config? I will be heading over there to attempt and fix it this weekend and I'd like to have a good copy available if I need to reinstall.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Upgraded from 2.2.6 to 2.3RC and OpenVPN site2site broke
« Reply #1 on: April 07, 2016, 04:04:20 am »
What was in resolv.conf previously? Sounds like maybe itself, but dnsmasq or unbound failed to start. 'clog /var/log/system.log|grep unbound' in SSH to see why it failed to start (if unbound).

You can scp /cf/conf/config.xml to backup the config.

Offline eroji

  • Newbie
  • *
  • Posts: 24
  • Karma: +4/-0
    • View Profile
Re: Upgraded from 2.2.6 to 2.3RC and OpenVPN site2site broke
« Reply #2 on: April 07, 2016, 04:59:25 am »
It doesn't appear to be unbound. Last error entry is back on 3/12/16. I do however see this

Code: [Select]
Apr  7 01:32:54 pfsense2 php-cgi: rc.bootup: PHP ERROR: Type: 1, File: /usr/local/pkg/haproxy/haproxy.inc, Line: 444, Message: Cannot redeclare haproxy_portoralias_to_list() (previously declared in /usr/local/pkg/haproxy.inc:267)

The resolv.conf had been using my internal DC, which is 10.10.10.100. But since static routes for the VLANs on the L3 switch did not get added, pfsense could not resolve the hostname to my router and the site2site tunnel could not connect.

Offline PiBa

  • Hero Member
  • *****
  • Posts: 792
  • Karma: +129/-1
  • PiBa-NL(on IRC)
    • View Profile
Re: Upgraded from 2.2.6 to 2.3RC and OpenVPN site2site broke
« Reply #3 on: April 07, 2016, 11:51:54 am »
The "/usr/local/pkg/haproxy.inc" file is old and should be removed. That should avoid the php error you write above.. That shouldn't affect OpenVPN though..