IP-route to Greenbone server getting lost prior/during 4.2.22 to 4.3.2 upgrade on ExpertNet enabled GSM100.


#1

The Greenbone web page states (as of 22-Oct-2018 ~09:00 AM CEST) when doing the release switch from 4.2.22 to 4.3.2 to:

  1. Save the ExpertNet Configuration separate from the GSM.
  2. Optional: Consult Greenbone Support about possible challenges for the substitution of your ExpertNet configuration. Some advanced ways might not directly be transferable to the new scheme.
  3. Deactivate ExpertNet.
  4. Migrate to GOS 4.3
  5. Configure the network with the new opportunities based on the details in the preserved ExpertNet configuration.

Well, due to the fact our ExpertNet config here not being that complex, I decided to skip point 2.

Running SelfCheck after connecting to the appliance I got this returned:

±--------------------------------------------------------------------+
¦ Selfcheck failed! Please use the following information to correct ¦
¦ the problem. ¦
¦ If you need help, please contact the Greenbone Support ¦
¦ ¦
¦ Release switch available failed! ¦
¦ Severity: High ¦
¦ Solution: You should switch to the next GOS release. ¦
±--------------------------------------------------------------------¦
¦ < OK > ¦
±--------------------------------------------------------------------+

After deactivating ExpertNet and running SelfCheck again I got that:

±------------------------------------------------------------------------------------------------------+
¦ Selfcheck failed! Please use the following information to correct the problem. ¦
¦ If you need help, please contact the Greenbone Support ¦
¦ ¦
¦ Feed Update not possible failed! ¦
¦ Severity: High ¦
¦ Solution: The Feed Server is not reachable. Check your network and firewall configuration. If you ¦
¦ are using an Evaluation Subscription Key, it might have expired. If your key expired, deleting it ¦
¦ will switch you to the community server. ¦
¦ Release switch available failed! ¦
¦ Severity: High ¦
¦ Solution: You should switch to the next GOS release. ¦
±------------------------------------------------------------------------------------------------------¦
¦ < OK > ¦
±------------------------------------------------------------------------------------------------------+

Well, in our setup the route to the Greenbone server with the public IP 193.108.181.138, to which e.g. feed.greenbone.net. and apt.greenbone.net. resolve to, we have statically configured through eth3. This routing entry (besides others) got lost upon disabling ExpertNet on 4.2.22 and explaining the “Feed Update not possible failed!” message in the previous screenshot.

Hence - PRIOR kicking of the upgrade still on 4.2.22 - I configured the route back, so the routing table looked like this (again) [Replaced the actual internal IP’s with dummies´in below]:

±---------------------------------------------------------------------+
¦ default via 10.10.111.1 dev eth0 ¦
¦ 10.10.111.0/24 dev eth0 proto kernel scope link src 10.10.111.11 ¦
¦ 10.10.123.0/24 dev eth2 proto kernel scope link src 10.10.123.11 ¦
¦ 10.10.199.0/24 dev eth1 proto kernel scope link src 10.10.199.11 ¦
¦ 10.10.234.0/24 dev eth3 proto kernel scope link src 10.10.234.11 ¦
¦ 193.108.181.138 via 10.10.234.1 dev eth3 ¦
¦ ¦
±---------------------------------------------------------------------¦
¦ < EXIT > ¦
±---------------------------------------------------------------------+

This was to be on the safe side, to ensure during the actual upgrade process the Greenbone server can be reached for downloading stuff etc.

The default GW setting in our setup, pointing to a host reachable through eth0, the system kept when disabling ExpertNet.

Running SelfCheck another time I “only” got the very first screen shot further above.

After that I kicked of the GSM100 upgrade. Probably upon kicking of the upgrade the upgrade script might have complained already not being able to reach the Greenbone server(s). But I had no bandwidth to test this out nor wanted to take the risk, the upgrade failing in the middle, in case no such checks are part of the upgrade process.

It took around 20 minutes (GSM100 with DSL-modem into WWW, morning time ~07:00 AM) without further interactions until the below “Reboot” request appeared.

±--------------------------Warning------------------------------+
¦ Upgrade successfully finished. ¦
¦ Please reboot your GSM now for changes to take effect! ¦
¦ ¦
¦ Note: Without restart the system will remain in a potentially ¦
¦ unstable state and you might experience crashes. Continue only ¦
¦ if you have good reasons to do so! ¦
±---------------------------------------------------------------¦
¦ < Reboot > ¦
±---------------------------------------------------------------+

Confirming the Reboot the GSM100 came up fine, but after logging in the first time post-upgrade I got this:

±------------------------------------GSM Status-----------------------------------------+
¦ Some remarks about the current status of your GSM: ¦
¦ ¦
¦ - Feed Update not possible: The Feed Server is not reachable. Check your network and ¦
¦ firewall configuration. If you are using an Evaluation Subscription Key, it might ¦
¦ have expired. If your key expired, deleting it will switch you to the comunity ¦
¦ server. ¦
¦ ¦
±---------------------------------------------------------------------------------------+
¦ < OK > ¦
±---------------------------------------------------------------------------------------+

Verifying again, the GSM100 lost again that routing entry to 193.108.181.138 and I had to add it again.

No more complaints by SelfCheck afterwards.

To summarise this:
Ensure, after Disabling ExpertNet prior the 4.2.22 (or higher in future) to 4.3.2 upgrade, to run another SelfCheck and possibly add (back) a route to the Greenbone public IP 193.108.181.138.


#2

Thank you for the summary and I apologize for the inconvenience.

We are working on advanced route management via GOS menu. It will be available in GOS 4.3 prior to opening the upgrade of midrange/enterprise models.

However, we generally recommend to contact the Greenbone Support when using ExpertNet and planning to to upgrade to GOS 4.3. We will stress this recommendation more prominently next time.