IPFire allows internet but I can't access IPFire via a browser or SSH

Hi, We have had IPFire installed for a while on out network and decided it needed an update as it hadn’t been done in a very long time. I ran an update via pakfire, it upgraded and then said there was another upgrade to apply, so I applied it (no reboots had occurred) and it said alone the lines of:

(I got this from another example site, not my firewall)
“ipfire pakfire: PING INFO: mirror1.ipfire.org is unreachable” etc.

I then asked it to reboot forum said they had to kill off process and it worked again. My network came back up as I for internet again, but I couldn’t access IPFire anymore via a Browser or using putty (SSH).
Another forum said this similar issue just fixed it self “possibly from a reboot”, so I forced the firewall off and restarted it with no luck.

I can ping it the firewall ok.

How would I go about gaining access or repairing to it again for config changes etc.without loosing what’s on there so far?

Kind regards
Adam

Can you access on the console?

Hi, Yes, I just checked and I can get on the Console directly yes. I’m not all too familiar with it, is there anything I can try from there?

You do all, your used to do via SSH.
Additionally the boot process prints messages on it.
Maybe you can see some errors.

Did you check your firewall rules/config /var/ipfire/firewall/?.conf I think it was

I throwed me out of all remote connections
because of some mistakes by me

@xeonium I had a quick glance over that config file in VI and it looked ok from what I saw, however this was fine before the reboot and no rules had been added recently from what I believe.

@bbitsch I am sitting at the IPFire machine with a monitor attached to it, I can’t get on via SSH as previously mentioned.
I’ll mention we use a separate domain controller, no proxy server etc. so IPFire is just the firewall, no other features being used of it. On boot I see the fail parts (which I think is ok as we aren’t using those features?) of:

Starting random Number Generator Daemon…
/usr/sbin/rmgd: /usr/lib/libssl.so.1.1: version ‘OPENSSL_1_1_1’ not found (reguired by /usr/lib/libcurl.so.4) [FAIL]

Starting Unbound DNS Proxy…
/usr/sbin/unbound: /usr/lib/libssl.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by /usr/sbin/unbound)
/usr/sbin/unbound: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by /usr/sbin/unbound) [FAIL]
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)

DNSSEC has been set to permissive mode [FAIL]
unbound-control: /usr/lib/sse2/libcypto.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by unbound-control)
DNS still not functioning… Trying to sync time with ntp.ipfire.org (81.3.27.46)…

OpenSSL version mismatch. Built against 1010101f, you have 1010009f [fail]
Starting Apache daemon…
httpd: Syntax error on line 51 of /etc/httpd/config/httpd.conf: Syntax error on line 54 og /etc/httpd/conf/loadmodule.conf: Cannot load /usr/lib/apache/mod_ssl.so into server: /usr/lib/libssl.so.1.1: version ‘OPENSSL_1_1_1’ not found (required by /usr/lib/apache/mod_ssl.so) [FAIL]
Starting fcron… [OK]
/etc/rc.d/rc3.d/S67nagios is not a valid symlink

and if I run pakfire update, I get:

There was no chance to get the file “lists/core-list.db” from any available server.
There was an error on the way. Please fix it.

There is a problem with the (some?) ssl libraries.
These are necessary for SSH and HTTPS connections ( your problem, no browser and putty access ).

How would I go about fixing those ssl libraries please?

First check the lib directory
ll /usr/lib/libssl*

My system says

ll /usr/lib/libssl*
lrwxrwxrwx 1 root root         13 Dec 14 13:42 /usr/lib/libssl.so -> libssl.so.1.1
-rwxr-xr-x    1 root root 694088 Dec 14 16:57 /usr/lib/libssl.so.1.1

I ran that and I have:

ll /usr/lib/libssl*
 lrwxrwxrwx 1 root root     13 Aug 29   2018 /usr/lib/libssl.so -> libssl.so.1.1
 -rwxr-xr-x 1 root root 498144 Aug 30   2018 /usr/lib/libssl.so.10
 -rwxr-xr-x 1 root root 512284 Aug 30   2018 /usr/lib/libssl.so.1.1

Any further suggestions please? I did take a backup on the config only via IPFire’s GUI which I guess I would need to copy off via the console on to a USB disk if needed, but if it’s a case of the SSL DLLs need repairing/replacing somehow what’s the best method to repair it?

Many thanks in advance.

I’ve determined that it has upgraded to release 131, which I believe there are versions still to go after this. Is there away I can download a newer version and upgrade it via a USB stick or similar and see if that fix’s any corruptions?

I try on the console:

ping 8.8.8.8

and I get a reply ok. I try:

pakfire upgrade

I get:

Giving up: There was no chance to get the file “list/core-list.db” from any available server.
There was an error on the way. Please fix it
CORE ERROR: No new upgrades available. You are on release 131.
Giving up: There was no chance to get the file “list/core-list.db” from any available server.
There was an error on the way. Please fix it
Update: iftop
Version: 0.17 -> 1.0pre4
Release: 1 -> 2

update: linux-pae
Version: 0 -> 4.14.113
Release: 0 -> 82

PAKFIRE RESV: iftop: Resolving dependencies…
PAKFIRE RESV: linux-pae: Resolving dependencies…

Plus more of similar messages about giving up etc…

I see that you are running PAE kernel. Others have run out of space on /boot when using older installations with PAE.

The message that there are no updates after core 131 could indicate corruption of the package manifest.

It looks like the backup is in /var/ipfire/backup/ You should be able to copy that to USB stick from a console.

My suggestion is copy the backup directory off the IPFire PC, run the manufacturer’s HDD utility over the HDD (could incur data loss), then install core 139 from scratch and return backup from USB stick to /var/ipfire. You would then need to do a save & restore backu via GUI, to get your settings back

To inform people, I resolved this by:

  1. Taking the config backups off the ipfire box on to a USB sick
  • I identify the USB device using the command lsblk before and after inserting the USB to identify what has been added. The partition I wanted displayed as sdb/sdb1
  • Created a mount point with sudo mkdir /media/usb
  • Mounted sudo mount /dev/sdb1 /media/usb
  • Copy the backups off to the USB device cp -r /var/ipfire/backup /media/usb
  1. Taking note of all the IP Addresses used with the command ip address
  2. Reinstalled IPFire to the latest version, re-configured the IP addresses
  3. Used IPFires GUI to restore the latest firewall config rules, and the internet started to work again

Our VPN won’t connect which is on a separate server and we seem to have intermittent drops when from my windows pc I do ping 8.8.8.8 -t, but at least we have a GUI and internet use, I just need to figure out why these aren’t working since the firewall was reinstalled and rules reinstated.

Is that correct ?

Should it be:
Copy the backups off to the USB device cp -r /var/ipfire/backup /media/usb

Apologies, I think you are correct. I have edited it now. That was me confusing when I was mounting the drive and the cp together