Hi, We have had IPFire installed for a while on out network and decided it needed an update as it hadn’t been done in a very long time. I ran an update via pakfire, it upgraded and then said there was another upgrade to apply, so I applied it (no reboots had occurred) and it said alone the lines of:
(I got this from another example site, not my firewall)
“ipfire pakfire: PING INFO: mirror1.ipfire.org is unreachable” etc.
I then asked it to reboot forum said they had to kill off process and it worked again. My network came back up as I for internet again, but I couldn’t access IPFire anymore via a Browser or using putty (SSH).
Another forum said this similar issue just fixed it self “possibly from a reboot”, so I forced the firewall off and restarted it with no luck.
I can ping it the firewall ok.
How would I go about gaining access or repairing to it again for config changes etc.without loosing what’s on there so far?
@xeonium I had a quick glance over that config file in VI and it looked ok from what I saw, however this was fine before the reboot and no rules had been added recently from what I believe.
@bbitsch I am sitting at the IPFire machine with a monitor attached to it, I can’t get on via SSH as previously mentioned.
I’ll mention we use a separate domain controller, no proxy server etc. so IPFire is just the firewall, no other features being used of it. On boot I see the fail parts (which I think is ok as we aren’t using those features?) of:
Starting random Number Generator Daemon…
/usr/sbin/rmgd: /usr/lib/libssl.so.1.1: version ‘OPENSSL_1_1_1’ not found (reguired by /usr/lib/libcurl.so.4) [FAIL]
Starting Unbound DNS Proxy…
/usr/sbin/unbound: /usr/lib/libssl.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by /usr/sbin/unbound)
/usr/sbin/unbound: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by /usr/sbin/unbound) [FAIL]
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
DNSSEC has been set to permissive mode [FAIL]
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
DNS still not functioning… Trying to sync time with ntp.ipfire.org (81.3.27.46)…
OpenSSL version mismatch. Built against 1010101f, you have 1010009f [fail]
Starting Apache daemon…
httpd: Syntax error on line 51 of /etc/httpd/config/httpd.conf: Syntax error on line 54 og /etc/httpd/conf/loadmodule.conf: Cannot load /usr/lib/apache/mod_ssl.so into server: /usr/lib/libssl.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by /usr/lib/apache/mod_ssl.so) [FAIL]
Starting fcron… [OK]
/etc/rc.d/rc3.d/S67nagios is not a valid symlink
and if I run pakfire update, I get:
There was no chance to get the file “lists/core-list.db” from any available server.
There was an error on the way. Please fix it.
Any further suggestions please? I did take a backup on the config only via IPFire’s GUI which I guess I would need to copy off via the console on to a USB disk if needed, but if it’s a case of the SSL DLLs need repairing/replacing somehow what’s the best method to repair it?
I’ve determined that it has upgraded to release 131, which I believe there are versions still to go after this. Is there away I can download a newer version and upgrade it via a USB stick or similar and see if that fix’s any corruptions?
I try on the console:
ping 8.8.8.8
and I get a reply ok. I try:
pakfire upgrade
I get:
Giving up: There was no chance to get the file “list/core-list.db” from any available server.
There was an error on the way. Please fix it
CORE ERROR: No new upgrades available. You are on release 131.
Giving up: There was no chance to get the file “list/core-list.db” from any available server.
There was an error on the way. Please fix it
Update: iftop
Version: 0.17 → 1.0pre4
Release: 1 → 2
I see that you are running PAE kernel. Others have run out of space on /boot when using older installations with PAE.
The message that there are no updates after core 131 could indicate corruption of the package manifest.
It looks like the backup is in /var/ipfire/backup/ You should be able to copy that to USB stick from a console.
My suggestion is copy the backup directory off the IPFire PC, run the manufacturer’s HDD utility over the HDD (could incur data loss), then install core 139 from scratch and return backup from USB stick to /var/ipfire. You would then need to do a save & restore backu via GUI, to get your settings back
Taking the config backups off the ipfire box on to a USB sick
I identify the USB device using the command lsblk before and after inserting the USB to identify what has been added. The partition I wanted displayed as sdb/sdb1
Created a mount point with sudo mkdir /media/usb
Mounted sudo mount /dev/sdb1 /media/usb
Copy the backups off to the USB device cp -r /var/ipfire/backup /media/usb
Taking note of all the IP Addresses used with the command ip address
Reinstalled IPFire to the latest version, re-configured the IP addresses
Used IPFires GUI to restore the latest firewall config rules, and the internet started to work again
Our VPN won’t connect which is on a separate server and we seem to have intermittent drops when from my windows pc I do ping 8.8.8.8 -t, but at least we have a GUI and internet use, I just need to figure out why these aren’t working since the firewall was reinstalled and rules reinstated.