Project

General

Profile

Actions

Regression #13963

closed

OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``

Added by Steve Wheeler almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:
SG-3100

Description

Tunnels can fail to start like:

Feb 16 13:32:46     openvpn     53057     DEPRECATED OPTION: The option --secret is deprecated.
Feb 16 13:32:46     openvpn     53057     DEPRECATION: No tls-client or tls-server option in configuration detected. OpenVPN 2.7 will remove the functionality to run a VPN without TLS. See the examples section in the manual page for examples of a similar quick setup with peer-fingerprint.
Feb 16 13:32:46     openvpn     53057     OpenVPN 2.6_beta1 armv7-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] [DCO]
Feb 16 13:32:46     openvpn     53057     library versions: OpenSSL 1.1.1t-freebsd 7 Feb 2023, LZO 2.10
Feb 16 13:32:46     openvpn     53057     NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 16 13:32:46     openvpn     53057     Cannot open TUN/TAP dev /dev/tun3: No such file or directory (errno=2)
Feb 16 13:32:46     openvpn     53057     Exiting due to fatal error 

When that happens the system log shows:

Feb 16 13:32:45     kernel         warning: KLD '/boot/kernel/kernel' is newer than the linker.hints file
Feb 16 13:32:45     kernel         warning: KLD '/boot/kernel/kernel' is newer than the linker.hints file 

This does not affect tunnels that have DCO enabled.

Updating that manually allows the tunnels to start:

kldxref /boot/kernel

This only seems to affect 3100s upgraded to 23.01. Clean installs function as expected.

Actions #2

Updated by Jim Pingle almost 2 years ago

  • Subject changed from OpenVPN: Tunnels fails to start on 3100 after 23.01 upgrade to Some interface operations (e.g. OpenVPN and GIF create/destroy) fail on 3100 after 23.01 upgrade
  • Target version set to 23.05
Actions #4

Updated by Jim Pingle almost 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle almost 2 years ago

  • Project changed from pfSense Plus to pfSense
  • Subject changed from Some interface operations (e.g. OpenVPN and GIF create/destroy) fail on 3100 after 23.01 upgrade to Some interface operations (e.g. OpenVPN and GIF create/destroy) fail after 23.01 upgrade due to outdated linker.hints
  • Category changed from OpenVPN to Operating System
  • Assignee set to Jim Pingle
  • Target version changed from 23.05 to 2.7.0
  • Affected Plus Version deleted (23.01)
  • Plus Target Version set to 23.05

The change above will make it refresh the linker.hints file on each boot instead of only when the file doesn't exist. We've only seen the issue on 3100 so far but that doesn't mean it couldn't happen elsewhere under other circumstances.

It should only need to be done once per kernel update but there doesn't appear to be any harm in checking it each time to make sure it's up-to-date.

If we decide to take a different approach this can always be backed out.

There are two ways to work around it for the time being:

1. Manually run kldxref /boot/kernel and reboot for good measure to ensure everything starts correctly.

2. Install the System Patches package and then create an entry for 18b8e41591905844627377b76347f8acba88f0a1, fetch+apply the patch, and then reboot.

Actions #6

Updated by Zac West almost 2 years ago

If the /dev/tun part is significant I'm still seeing this after running both `kldxref` (and restarting) and patching `18b8e4…` (and restarting):

Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 Program starting: v1.36.0, Go 1.19.2: []string{"/usr/local/bin/tailscaled", "-port", "41641", "-tun", "tailscale0"}
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 LogID: ...
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 logpolicy: using system state directory "/var/db/tailscale" 
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 wgengine.NewUserspaceEngine(tun "tailscale0") ...
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 no TUN failure diagnostics for OS "freebsd" 
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 wgengine.NewUserspaceEngine(tun "tailscale0") error: tstun.New("tailscale0"): open /dev/tun: no such file or directory
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 flushing log.
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 logger closing down
Feb 17 15:13:31 pfsense tailscaled[33964]: 2023/02/17 15:13:31 getLocalBackend error: createEngine: tstun.New("tailscale0"): open /dev/tun: no such file or directory

I don't see any kernel warnings in the logs, however.

Actions #7

Updated by R W over 1 year ago

I can't upgrade until this Tailscale situation is resolved. Is this the correct issue to follow updates on Tailscale not working with the SG-3100?

Actions #8

Updated by Jim Pingle over 1 year ago

If kldxref /boot/kernel did not fix it, then it is not related to this Redmine issue but something else entirely, so it needs its own report instead of getting mixed up with this one.

I don't see an open issue against tailscale specifically either, just a forum thread -- but it's not clear from the replies there if anyone seeing that exact error had their issue resolved by kldxref or if that fixed a different error.

If everyone still experiencing issues is facing the exact same errors, then make a fresh issue under https://redmine.pfsense.org/projects/pfsense-packages/ with as much related information as possible (logs, etc).

Actions #9

Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Resolved

This change is working well, numerous confirmations on the forum that it fixed the problem after applying it from the system patches package.

Actions #10

Updated by Jim Pingle over 1 year ago

  • Tracker changed from Bug to Regression
  • Subject changed from Some interface operations (e.g. OpenVPN and GIF create/destroy) fail after 23.01 upgrade due to outdated linker.hints to OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``

Updating subject for release notes.

Actions #11

Updated by Jim Pingle over 1 year ago

  • Affected Version set to 2.7.0
Actions

Also available in: Atom PDF