loss internet connectivity after Open SSL update

General support questions
de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/21 03:39:41

as the subject says, we had a vulnerability for our SSL and instructs us to update to version SSL 1.1.1q, to address this vulnerability on the linux side. we are using Centos 7. i was able to do the update first to SSL 1.1.1k then proceed to update to 1.1.1q, during this period i am still able to access the internet and issued yum command to get these packages. but after the last update(1.1.1q), and after few days i observed that when i did some basic ping test(google.com), cannot resolve. so i did some checking and confirmed that it lost internet connectivity, i even execute yum update in the OS level to see if it can connect but it didnt. please advise if the open ssl upgrade has something to do with it. i am newbie on centos or any linux OS and i only rely on internet for answers.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: loss internet connectivity after Open SSL update

Post by TrevorH » 2022/07/21 11:38:00

I have some bad news for you. What you have done so far has most likely broken your install beyond repair and your next steps will be to reinstall from scratch and start over.

The correct solution to the problem you tried to fix was to just run yum update to get the latest openssl packages from the CentOS repos.

There is no openssl 1.1.1 for CentOS 7. It uses 1.0.2k and will do until it goes EOL in 2024. Red Hat backport fixes from newer versions to 1.0.2k and make them available via yum update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/22 01:44:23

uh oh.. that bad :( thanks for clearing this out to me.. so i guess i have to restore back my backup..


edit...

im able to restore our vmbackup, verified that the OpenSSL version is back to 1.0.2k-fips (26-Jan-2017)

anything i need to verify further? my internet access still not working.. when i run yum update im still getting the error, please see attached. sorry im still learning centos thru online guides.. hope u can help me, and thanks in advance
Attachments
yum_update error.jpg
yum_update error.jpg (210.8 KiB) Viewed 1485 times

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/22 11:20:02

You could run yum clean all -- yum does cache metadata and can get confused by stale cache.

"Could not resolve host" means that name resolution has an error. What do you get with:

Code: Select all

host www.centos.org

BShT
Posts: 584
Joined: 2019/10/09 12:31:40

Re: loss internet connectivity after Open SSL update

Post by BShT » 2022/07/22 11:37:03

look at /etc/resolv.conf

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/25 01:50:26

i am getting this... when i try to edit the network config file i changed the following

TYPE=Ethernet
PROXY_METHOD=no
BROWSER_ONLY=no
BOOTPROTO=none ( (before its set as dhcp), when i use dhcp and with ipaddr defined, i get 2 ip addresses. if i use dhcp only without IPADDR defined, i dont get my old ip address as i am assigned with a new IP.)
DEFROUTE=yes
IPADDR=192.168.200.201
IPV4_FAILURE_FATAL=no
IPV6_INIT=yes
IPV6_AUTOCONF=NO
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
DEVICE=ens33
ONBOOT=yes
PREFIX=16
DNS1=8.8.8.8
UUID=xxxxxxxxxx

please advise
Attachments
resolv.jpg
resolv.jpg (10.5 KiB) Viewed 1445 times

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/25 08:20:24

de3jay wrote:
2022/07/25 01:50:26
BOOTPROTO=none ( (before its set as dhcp), when i use dhcp and with ipaddr defined, i get 2 ip addresses. if i use dhcp only without IPADDR defined, i dont get my old ip address as i am assigned with a new IP.)
First, you do have NetworkManager.service and therefore you should use NM's tools (nmcli, nmtui) to modify your config rather than edit any files directly.
A summary of current status one gets with nmcli and that particular connection with nmcli c s ens33

If the DHCP gives you "new" address, then how do you know that it does not give the "old" address to someone else?
An address belongs to network more than to a machine. DHCP can centrally and dynamically give coherent configuration to everyone in the network.

The first priority is to get functional network connection. It does not matter what address you have, if it works. If something points to your machine with the old address, then you have to fix them once we know the address that is ok.

Revert to DHCP. Set BOOTPROTO=dhcp and remove the IPADDR, PREFIX and DNS1.
With nmcli that should be:

Code: Select all

sudo nmcli c mod ens33 ipv4.method auto ipv4.addresses "" ipv4.dns ""

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/26 01:55:10

after following your advice of changing bootproto=dhcp, removing ipaddr, prefix and dns... i have started and stop ens33 (ifdown,ifup) and rebooted the server as well.. so i got this (please see screenshot), however when i check on systemctl status network.service i got that error please advise. thanks
Attachments
cfg3.jpg
cfg3.jpg (168.54 KiB) Viewed 1398 times

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/26 07:12:14

de3jay wrote:
2022/07/26 01:55:10
when i check on systemctl status network.service i got that error please advise. thanks
That state is correct and expected. The network.service is not needed in your system.
The interfaces are managed with NetworkManager.service. That is the default in EL7 distros.
See:

Code: Select all

systemctl status NetworkManager.service
nmcli
nmcli d s
nmcli c s
Related to that, the ifdown and ifup do not touch interfaces that are managed by NM, so they did nothing.

A (re)boot should apply only the stored configuration. Your output still shows the bogus address, so you did not clean the config completely.
(Note also that 192.168.102.0/24, which mean address range 192.168.102.0--192.168.102.255, is a subset of 192.168.0.0/16, the range 192.168.0.0--192.168.255.255. You can't have overlapping subnets like that.)

These should tell a bit:

Code: Select all

nmcli c s
nmcli -f ipv4 c s ens33

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/26 09:19:23

the following are what i did.

1. i noticed from other articles that you should not have more than one ifcfg-ens33xx in /etc/sysconfig/network-scripts location (as i did backup my existing config to a new file whenever i made changes to the original); and so, i moved these files to my home directory, which left me with ifcfg-ens33 only.
2. as much as i wanted to set BOOTPROTO=dhcp, which im getting a new ip (192.168.102.205), the original IP for this server is 192.168.102.201, so i tried to put back again to
BOOTPROTO=none
IPADDR=192.168.102.201
DNS1=8.8.8.8
- reason y i need this IP, is because this is what is configured in our firewall that i allowed to have access to internet. when we check the traffic, we can only see the transmit request but there is no received.

3. rebooted my server and this is how it looks (pls see image below)
4. try to run yum clean all, then yum update still not able to..
Attachments
cf4.jpg
cf4.jpg (222.34 KiB) Viewed 1361 times

Post Reply