loss internet connectivity after Open SSL update
loss internet connectivity after Open SSL update
as the subject says, we had a vulnerability for our SSL and instructs us to update to version SSL 1.1.1q, to address this vulnerability on the linux side. we are using Centos 7. i was able to do the update first to SSL 1.1.1k then proceed to update to 1.1.1q, during this period i am still able to access the internet and issued yum command to get these packages. but after the last update(1.1.1q), and after few days i observed that when i did some basic ping test(google.com), cannot resolve. so i did some checking and confirmed that it lost internet connectivity, i even execute yum update in the OS level to see if it can connect but it didnt. please advise if the open ssl upgrade has something to do with it. i am newbie on centos or any linux OS and i only rely on internet for answers.
Re: loss internet connectivity after Open SSL update
I have some bad news for you. What you have done so far has most likely broken your install beyond repair and your next steps will be to reinstall from scratch and start over.
The correct solution to the problem you tried to fix was to just run yum update to get the latest openssl packages from the CentOS repos.
There is no openssl 1.1.1 for CentOS 7. It uses 1.0.2k and will do until it goes EOL in 2024. Red Hat backport fixes from newer versions to 1.0.2k and make them available via yum update.
The correct solution to the problem you tried to fix was to just run yum update to get the latest openssl packages from the CentOS repos.
There is no openssl 1.1.1 for CentOS 7. It uses 1.0.2k and will do until it goes EOL in 2024. Red Hat backport fixes from newer versions to 1.0.2k and make them available via yum update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: loss internet connectivity after Open SSL update
uh oh.. that bad thanks for clearing this out to me.. so i guess i have to restore back my backup..
edit...
im able to restore our vmbackup, verified that the OpenSSL version is back to 1.0.2k-fips (26-Jan-2017)
anything i need to verify further? my internet access still not working.. when i run yum update im still getting the error, please see attached. sorry im still learning centos thru online guides.. hope u can help me, and thanks in advance
edit...
im able to restore our vmbackup, verified that the OpenSSL version is back to 1.0.2k-fips (26-Jan-2017)
anything i need to verify further? my internet access still not working.. when i run yum update im still getting the error, please see attached. sorry im still learning centos thru online guides.. hope u can help me, and thanks in advance
- Attachments
-
- yum_update error.jpg (210.8 KiB) Viewed 1485 times
Re: loss internet connectivity after Open SSL update
You could run yum clean all -- yum does cache metadata and can get confused by stale cache.
"Could not resolve host" means that name resolution has an error. What do you get with:
"Could not resolve host" means that name resolution has an error. What do you get with:
Code: Select all
host www.centos.org
Re: loss internet connectivity after Open SSL update
look at /etc/resolv.conf
Re: loss internet connectivity after Open SSL update
i am getting this... when i try to edit the network config file i changed the following
TYPE=Ethernet
PROXY_METHOD=no
BROWSER_ONLY=no
BOOTPROTO=none ( (before its set as dhcp), when i use dhcp and with ipaddr defined, i get 2 ip addresses. if i use dhcp only without IPADDR defined, i dont get my old ip address as i am assigned with a new IP.)
DEFROUTE=yes
IPADDR=192.168.200.201
IPV4_FAILURE_FATAL=no
IPV6_INIT=yes
IPV6_AUTOCONF=NO
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
DEVICE=ens33
ONBOOT=yes
PREFIX=16
DNS1=8.8.8.8
UUID=xxxxxxxxxx
please advise
TYPE=Ethernet
PROXY_METHOD=no
BROWSER_ONLY=no
BOOTPROTO=none ( (before its set as dhcp), when i use dhcp and with ipaddr defined, i get 2 ip addresses. if i use dhcp only without IPADDR defined, i dont get my old ip address as i am assigned with a new IP.)
DEFROUTE=yes
IPADDR=192.168.200.201
IPV4_FAILURE_FATAL=no
IPV6_INIT=yes
IPV6_AUTOCONF=NO
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
DEVICE=ens33
ONBOOT=yes
PREFIX=16
DNS1=8.8.8.8
UUID=xxxxxxxxxx
please advise
- Attachments
-
- resolv.jpg (10.5 KiB) Viewed 1445 times
Re: loss internet connectivity after Open SSL update
First, you do have NetworkManager.service and therefore you should use NM's tools (nmcli, nmtui) to modify your config rather than edit any files directly.
A summary of current status one gets with nmcli and that particular connection with nmcli c s ens33
If the DHCP gives you "new" address, then how do you know that it does not give the "old" address to someone else?
An address belongs to network more than to a machine. DHCP can centrally and dynamically give coherent configuration to everyone in the network.
The first priority is to get functional network connection. It does not matter what address you have, if it works. If something points to your machine with the old address, then you have to fix them once we know the address that is ok.
Revert to DHCP. Set BOOTPROTO=dhcp and remove the IPADDR, PREFIX and DNS1.
With nmcli that should be:
Code: Select all
sudo nmcli c mod ens33 ipv4.method auto ipv4.addresses "" ipv4.dns ""
Re: loss internet connectivity after Open SSL update
after following your advice of changing bootproto=dhcp, removing ipaddr, prefix and dns... i have started and stop ens33 (ifdown,ifup) and rebooted the server as well.. so i got this (please see screenshot), however when i check on systemctl status network.service i got that error please advise. thanks
- Attachments
-
- cfg3.jpg (168.54 KiB) Viewed 1398 times
Re: loss internet connectivity after Open SSL update
That state is correct and expected. The network.service is not needed in your system.
The interfaces are managed with NetworkManager.service. That is the default in EL7 distros.
See:
Code: Select all
systemctl status NetworkManager.service
nmcli
nmcli d s
nmcli c s
A (re)boot should apply only the stored configuration. Your output still shows the bogus address, so you did not clean the config completely.
(Note also that 192.168.102.0/24, which mean address range 192.168.102.0--192.168.102.255, is a subset of 192.168.0.0/16, the range 192.168.0.0--192.168.255.255. You can't have overlapping subnets like that.)
These should tell a bit:
Code: Select all
nmcli c s
nmcli -f ipv4 c s ens33
Re: loss internet connectivity after Open SSL update
the following are what i did.
1. i noticed from other articles that you should not have more than one ifcfg-ens33xx in /etc/sysconfig/network-scripts location (as i did backup my existing config to a new file whenever i made changes to the original); and so, i moved these files to my home directory, which left me with ifcfg-ens33 only.
2. as much as i wanted to set BOOTPROTO=dhcp, which im getting a new ip (192.168.102.205), the original IP for this server is 192.168.102.201, so i tried to put back again to
BOOTPROTO=none
IPADDR=192.168.102.201
DNS1=8.8.8.8
- reason y i need this IP, is because this is what is configured in our firewall that i allowed to have access to internet. when we check the traffic, we can only see the transmit request but there is no received.
3. rebooted my server and this is how it looks (pls see image below)
4. try to run yum clean all, then yum update still not able to..
1. i noticed from other articles that you should not have more than one ifcfg-ens33xx in /etc/sysconfig/network-scripts location (as i did backup my existing config to a new file whenever i made changes to the original); and so, i moved these files to my home directory, which left me with ifcfg-ens33 only.
2. as much as i wanted to set BOOTPROTO=dhcp, which im getting a new ip (192.168.102.205), the original IP for this server is 192.168.102.201, so i tried to put back again to
BOOTPROTO=none
IPADDR=192.168.102.201
DNS1=8.8.8.8
- reason y i need this IP, is because this is what is configured in our firewall that i allowed to have access to internet. when we check the traffic, we can only see the transmit request but there is no received.
3. rebooted my server and this is how it looks (pls see image below)
4. try to run yum clean all, then yum update still not able to..
- Attachments
-
- cf4.jpg (222.34 KiB) Viewed 1361 times