Regression #13963
closed
OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``
100%
Description
Tunnels can fail to start like:
Feb 16 13:32:46 openvpn 53057 DEPRECATED OPTION: The option --secret is deprecated. Feb 16 13:32:46 openvpn 53057 DEPRECATION: No tls-client or tls-server option in configuration detected. OpenVPN 2.7 will remove the functionality to run a VPN without TLS. See the examples section in the manual page for examples of a similar quick setup with peer-fingerprint. Feb 16 13:32:46 openvpn 53057 OpenVPN 2.6_beta1 armv7-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] [DCO] Feb 16 13:32:46 openvpn 53057 library versions: OpenSSL 1.1.1t-freebsd 7 Feb 2023, LZO 2.10 Feb 16 13:32:46 openvpn 53057 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 16 13:32:46 openvpn 53057 Cannot open TUN/TAP dev /dev/tun3: No such file or directory (errno=2) Feb 16 13:32:46 openvpn 53057 Exiting due to fatal error
When that happens the system log shows:
Feb 16 13:32:45 kernel warning: KLD '/boot/kernel/kernel' is newer than the linker.hints file Feb 16 13:32:45 kernel warning: KLD '/boot/kernel/kernel' is newer than the linker.hints file
This does not affect tunnels that have DCO enabled.
Updating that manually allows the tunnels to start:
kldxref /boot/kernel
This only seems to affect 3100s upgraded to 23.01. Clean installs function as expected.
Updated by
Updated by Jim Pingle about 1 year ago
- Subject changed from OpenVPN: Tunnels fails to start on 3100 after 23.01 upgrade to Some interface operations (e.g. OpenVPN and GIF create/destroy) fail on 3100 after 23.01 upgrade
- Target version set to 23.05
This also affects GIF interfaces, so it's more general than just OpenVPN.
Updated by Danilo Zrenjanin about 1 year ago
It looks like the Tailcalse is affected too.
https://forum.netgate.com/topic/177923/tailscale-service-won-t-start-after-upgrading-to-23-01-on-sg-3100/5
Updated by Jim Pingle about 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset pfsense:18b8e41591905844627377b76347f8acba88f0a1.
Updated by Jim Pingle about 1 year ago
- Project changed from pfSense Plus to pfSense
- Subject changed from Some interface operations (e.g. OpenVPN and GIF create/destroy) fail on 3100 after 23.01 upgrade to Some interface operations (e.g. OpenVPN and GIF create/destroy) fail after 23.01 upgrade due to outdated linker.hints
- Category changed from OpenVPN to Operating System
- Assignee set to Jim Pingle
- Target version changed from 23.05 to 2.7.0
- Affected Plus Version deleted (
23.01) - Plus Target Version set to 23.05
The change above will make it refresh the linker.hints file on each boot instead of only when the file doesn't exist. We've only seen the issue on 3100 so far but that doesn't mean it couldn't happen elsewhere under other circumstances.
It should only need to be done once per kernel update but there doesn't appear to be any harm in checking it each time to make sure it's up-to-date.
If we decide to take a different approach this can always be backed out.
There are two ways to work around it for the time being:
1. Manually run kldxref /boot/kernel and reboot for good measure to ensure everything starts correctly.
2. Install the System Patches package and then create an entry for 18b8e41591905844627377b76347f8acba88f0a1, fetch+apply the patch, and then reboot.
Updated by Zac West about 1 year ago
If the /dev/tun part is significant I'm still seeing this after running both `kldxref` (and restarting) and patching `18b8e4…` (and restarting):
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 Program starting: v1.36.0, Go 1.19.2: []string{"/usr/local/bin/tailscaled", "-port", "41641", "-tun", "tailscale0"}
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 LogID: ...
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 logpolicy: using system state directory "/var/db/tailscale"
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 wgengine.NewUserspaceEngine(tun "tailscale0") ...
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 no TUN failure diagnostics for OS "freebsd"
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 wgengine.NewUserspaceEngine(tun "tailscale0") error: tstun.New("tailscale0"): open /dev/tun: no such file or directory
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 flushing log.
Feb 17 15:13:30 pfsense tailscaled[33964]: 2023/02/17 15:13:30 logger closing down
Feb 17 15:13:31 pfsense tailscaled[33964]: 2023/02/17 15:13:31 getLocalBackend error: createEngine: tstun.New("tailscale0"): open /dev/tun: no such file or directory
I don't see any kernel warnings in the logs, however.
Updated by R W about 1 year ago
I can't upgrade until this Tailscale situation is resolved. Is this the correct issue to follow updates on Tailscale not working with the SG-3100?
Updated by Jim Pingle about 1 year ago
If kldxref /boot/kernel did not fix it, then it is not related to this Redmine issue but something else entirely, so it needs its own report instead of getting mixed up with this one.
I don't see an open issue against tailscale specifically either, just a forum thread -- but it's not clear from the replies there if anyone seeing that exact error had their issue resolved by kldxref or if that fixed a different error.
If everyone still experiencing issues is facing the exact same errors, then make a fresh issue under https://redmine.pfsense.org/projects/pfsense-packages/ with as much related information as possible (logs, etc).
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to Resolved
This change is working well, numerous confirmations on the forum that it fixed the problem after applying it from the system patches package.
Updated by Jim Pingle about 1 year ago
- Tracker changed from Bug to Regression
- Subject changed from Some interface operations (e.g. OpenVPN and GIF create/destroy) fail after 23.01 upgrade due to outdated linker.hints to OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``
Updating subject for release notes.