OPNsense Forum
English Forums => 23.7 Legacy Series => Topic started by: seed on July 31, 2023, 03:07:59 pm
-
Using these directions:
https://forum.opnsense.org/index.php?topic=25540.msg122731#msg122731
i will upgrade my opnsense this evening. I will post my experiences.
If you already have upgraded your instance feel free to report.
-
Unbound does not start any longer, now using Mobile backup.
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php.50:in_array(): Argument#2($haystack) must be of type array, int given.
Hope this gets fixed soon. My firewall itself can't get Internet access any longer due to lack of DNS ...
-
Can you be any less specific please?
-
I upgraded to 23.7 and the Unbound service does not start any longer. This was the message that I got when trying to restart it manually.
Does that help?
-
Running into the same issue and I also looks like the unbound configuration is completely missing. All reset to default. I got it back to working by disabling Adguard and setting unbound to port 53.
-
Same situation hereā¦
-
I upgraded to 23.7 and the Unbound service does not start any longer. This was the message that I got when trying to restart it manually.
Does that help?
Thanks, could be a bug in the adguard plugin implementation or local workaround put in place.
Cheers,
Franco
-
I'm not using adguard, and it's broken for me. Pretty vanilla config as well, with just a couple of forwards to nextdns. Got things working temporarily by setting 1.1.1.1 as the system dns, and telling unbound to use the system nameservers.
The unbound service itself, though, still won't start, but at least it doesn't seem to be in the way any longer.
EDIT: I was wrong. I had two possible solutions in play, and what I described above was not helping. Only way I can get things to work simply is to bypass the my router entirely for dns on my devices.
-
...so nextdns like adguardhome is not a plugin we distribute...
Cheers,
Franco
-
Not using the plugin - just using two entries in the DNS over TLS section
-
Geez, can you post your
# configctl service list
Cheers,
Franco
-
[
{
"description": "ACME client",
"pidfile": "/var/run/lighttpd-acme-challenge.pid",
"configd": {
"restart": [
"acme-http-challenge restart"
],
"start": [
"acme-http-challenge start"
],
"stop": [
"acme-http-challenge stop"
]
},
"name": "acme",
"status": "acme is running as pid 25973."
},
{
"description": "chrony daemon",
"configd": {
"restart": [
"chrony restart"
],
"start": [
"chrony start"
],
"stop": [
"chrony stop"
]
},
"name": "chronyd",
"pidfile": "/var/run/chrony/chronyd.pid",
"status": "chronyd is running as pid 13315."
},
{
"description": "System Configuration Daemon",
"pidfile": "/var/run/configd.pid",
"mwexec": {
"restart": [
"/usr/local/etc/rc.d/configd restart"
],
"start": [
"/usr/local/etc/rc.d/configd start"
],
"stop": [
"/usr/local/etc/rc.d/configd stop"
]
},
"name": "configd",
"locked": true,
"status": "configd is running as pid 252."
},
{
"description": "Cron",
"php": {
"start": [
"system_cron_configure"
],
"restart": [
"system_cron_configure"
]
},
"pidfile": "/var/run/cron.pid",
"name": "cron",
"status": "cron is running as pid 86746."
},
{
"description": "CrowdSec",
"configd": {
"restart": [
"crowdsec restart"
],
"start": [
"crowdsec start"
],
"stop": [
"crowdsec stop"
]
},
"name": "crowdsec",
"status": "crowdsec is running as pid 4807."
},
{
"description": "ddclient",
"configd": {
"restart": [
"ddclient restart"
],
"start": [
"ddclient start"
],
"stop": [
"ddclient stop"
]
},
"name": "ddclient",
"pidfile": "/var/run/ddclient.pid",
"status": "ddclient is running as pid 61506."
},
{
"name": "dhcpd",
"description": "DHCPv4 Server",
"php": {
"restart": [
"dhcpd_dhcp4_configure"
],
"start": [
"dhcpd_dhcp4_configure"
]
},
"pidfile": "/var/dhcpd/var/run/dhcpd.pid",
"status": "dhcpd is running as pid 60955."
},
{
"description": "Shaper",
"configd": {
"restart": [
"ipfw reload"
],
"start": [
"ipfw reload"
],
"stop": [
"ipfw reload"
]
},
"name": "ipfw",
"nocheck": true,
"status": "ipfw is running."
},
{
"description": "Users and Groups",
"php": {
"restart": [
"system_login_configure"
]
},
"nocheck": true,
"name": "login",
"status": "login is running."
},
{
"description": "mDNS Repeater",
"configd": {
"restart": [
"mdnsrepeater restart"
],
"start": [
"mdnsrepeater start"
],
"stop": [
"mdnsrepeater stop"
]
},
"name": "mdns-repeater",
"status": "mdns-repeater is running as pid 14027."
},
{
"description": "Monit System Monitoring",
"configd": {
"restart": [
"monit restart"
],
"start": [
"monit start"
],
"stop": [
"monit stop"
]
},
"name": "monit",
"status": "monit is running as pid 11721."
},
{
"description": "Secure Shell Daemon",
"configd": {
"restart": [
"openssh restart"
],
"start": [
"openssh start"
],
"stop": [
"openssh stop"
]
},
"pidfile": "/var/run/sshd.pid",
"name": "openssh",
"status": "openssh is running as pid 13333."
},
{
"description": "Packet Filter",
"configd": {
"restart": [
"filter reload"
]
},
"nocheck": true,
"name": "pf",
"status": "pf is running."
},
{
"description": "System routing",
"php": {
"restart": [
"system_routing_configure"
]
},
"nocheck": true,
"name": "routing",
"status": "routing is running."
},
{
"description": "System tunables",
"php": {
"restart": [
"system_sysctl_configure"
]
},
"nocheck": true,
"name": "sysctl",
"status": "sysctl is running."
},
{
"description": "Syslog-ng Daemon",
"php": {
"stop": [
"system_syslog_stop"
],
"start": [
"system_syslog_start"
],
"restart": [
"system_syslog_start"
]
},
"pidfile": "/var/run/syslog-ng.pid",
"name": "syslog-ng",
"status": "syslog-ng is running as pid 18470."
},
{
"name": "unbound",
"dns_ports": [
"53"
],
"description": "Unbound DNS",
"php": {
"restart": [
"unbound_configure_do"
],
"start": [
"unbound_configure_do"
],
"stop": [
"unbound_service_stop"
]
},
"pidfile": "/var/run/unbound.pid",
"status": "unbound is not running."
},
{
"pidfile": "/var/run/lighty-webConfigurator.pid",
"description": "Web GUI",
"php": {
"restart": [
"webgui_configure_defer"
]
},
"name": "webgui",
"locked": true,
"status": "webgui is running as pid 18277."
}
]
-
Not the same issue then regarding dns_ports.
Cheers,
Franco
-
...this is a strange one.
I reconfigured unbound (as it lost all settings) and now the issue is gone. Even with Adguard enabled again.
Both services can now be started, re-started without any issue.
Will do a more testing on my backup router to figure out what went wrong.
-
under general DNS> i have one DNS server applied to WAN.
9.9.9.9
my upgrade worked fine, i decided to tinker when i read this thread:
under unbound i setup DNS over TLS
9.9.9.9
dns.quad.net
port 853
traffic stopped entirely.
deleted the configuration. and everything went back to working again!
-
under general DNS> i have one DNS server applied to WAN.
9.9.9.9
my upgrade worked fine, i decided to tinker when i read this thread:
under unbound i setup DNS over TLS
9.9.9.9
dns.quad.net
port 853
traffic stopped entirely.
deleted the configuration. and everything went back to working again!
I tried this, but unfortunately it didn't help (I had tried earlier to simply disable the entries) - thanks for the tip tho!
-
Any idea of what I can look at to resolve this?
I have so little config within Unbound that there's little to clear out, but I'll give it a shot...
-
waiting for the opnsense-lang update :'(
seems it doesn't auto-synced.
-
Any idea of what I can look at to resolve this?
I have so little config within Unbound that there's little to clear out, but I'll give it a shot...
Removed access-control-view.conf file (in /usr/local/etc/unbound.opnsense.d) - service started right up. Next: experiment with putting the file back and see if it fails again.
-
Unfortunately language updates are a lot of work and we couldn't fit this into the holiday season. We aim for 23.7.1 at the moment.
Cheers,
Franco
-
Removed access-control-view.conf file (in /usr/local/etc/unbound.opnsense.d) - service started right up. Next: experiment with putting the file back and see if it fails again.
Is that a custom file? oO
Cheers,
Franco
-
Yep - I've had it in place for a while now without issue. I use it solely to map my router's name to it's IP for each vlan - convenient to avoid confusion on machines that can access the router through any vlan.
-
I just upgraded and it all seems to be working great! This is on a Protectli VP2410 running Adguard Home on port 53 and Unbound on 8053, and it all continued to work after the update.
Thanks for the hard work.
-
i just upgraded. it took some minutes but all services are up and running. looks great.
-
Updated and working fine.... thank you OPNSense Team
-
I also had no problems upgrading from 23.1.11_1 to 23.7 on a Protectli FW4B. I am using Adguard Home on port 53 and Unbound on 53531. Not using TLS.
-
Completely unspectacular. Thanks folks!
-
Yup, seems fine, congrats!
-
Runs like clockwork - thanks for the good work!
-
updated to 23.7 also. Had a little hickup with internet not working, probably due to adguard home, but after a another manual reboot with first disabling adguard home and back to only bind the system was working. Put adguard home back on and all is running like it should.
Only in the terminal I have an error building up in # with this:
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed
and failures=1,2,3......up to 52 now and still counting up..
others having this also?
-
updated to 23.7 also. Had a little hickup with internet not working, probably due to adguard home, but after a another manual reboot with first disabling adguard home and back to only bind the system was working. Put adguard home back on and all is running like it should.
Only in the terminal I have an error building up in # with this:
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed
and failures=1,2,3......up to 52 now and still counting up..
others having this also?
-
Unbound does not start any longer, now using Mobile backup.
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php.50:in_array(): Argument#2($haystack) must be of type array, int given.
Hope this gets fixed soon. My firewall itself can't get Internet access any longer due to lack of DNS ...
Had the same issue.
The fix for me was here, had to manually update line 47:
https://github.com/opnsense/core/commit/c61ef7a2876880222e09831bdf90f6a137a4f67c
But I have another issue.
I have unbound on port 5335 and adguard on 53 and Primary DNS active.
On reboot wireguard is starting before adguard and is not able to connect to a server with hostname
and is blocking other services from starting (booting the rest of the services).
Only way right now to fix that is through ssh and manual restarting adguard fixes everything. (other services are able to start)
Otherwise the update went super easy and well.
Thank you OPNSense Team
-
Unbound does not start any longer, now using Mobile backup.
/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php.50:in_array(): Argument#2($haystack) must be of type array, int given.
Hope this gets fixed soon. My firewall itself can't get Internet access any longer due to lack of DNS ...
Had the same issue.
The fix for me was here, had to manually update line 47:
https://github.com/opnsense/core/commit/c61ef7a2876880222e09831bdf90f6a137a4f67c
But I have another issue.
I have unbound on port 5335 and adguard on 53 and Primary DNS active.
On reboot wireguard is starting before adguard and is not able to connect to a server with hostname
and is blocking other services from starting (booting the rest of the services).
Only way right now to fix that is through ssh and manual restarting adguard fixes everything. (other services are able to start)
Otherwise the update went super easy and well.
Thank you OPNSense Team
I'm not 100% sure what the what the official position is regarding altering the core configuration of OPNsense.
I consider Unbound a core service - fingers crossed v18 gets released soon - and while I moved all FWs last October to AdguardHome, Unbound still runs on port 53 should it be needed, and or all LANs/VLANs there's a Port Forward rule that takes any DNS traffic outbound and redirects it to where AGH is running/listening - in my case I opted for 127.0.0.1:5353 _only_
This particular configuration word so well that even when there's been small accidents in the past everything worked well and no upgrades resulted in services/FWs being down, and should any future AGH update fail for some reason my FWs will have all other services up and I'll be able to remote in and take corrective actions.
-
updated to 23.7 also. Had a little hickup with internet not working, probably due to adguard home, but after a another manual reboot with first disabling adguard home and back to only bind the system was working. Put adguard home back on and all is running like it should.
Only in the terminal I have an error building up in # with this:
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed
and failures=1,2,3......up to 52 now and still counting up..
others having this also?
In my opinion Adguard is the culprit for not starting several services after an Opnsense restart, when starting Adguard the stopped services start by themselves. In my case I have Unbound disabled and Adguard not only doesn't start but blocks the start of Suricata, Cron and ddclient along with Wireguard.
https://forum.opnsense.org/index.php?topic=35057.0
-
Services that depend on DNS when starting will not start if DNS is not ready. Start e.g. Unbound and AdGuard Home and direct only users to AGH and all service on the firewall to Unbound. BIND also works reliably.
There is no need for WireGuard to have a DNS ad blocker in place.
Also AGH might fail to start if the upstream DNS cannot be reached. So point it at a local Unbound or BIND instead of something external, if your Internet connection takes a while to come up.
-
Services that depend on DNS when starting will not start if DNS is not ready. Start e.g. Unbound and AdGuard Home and direct only users to AGH and all service on the firewall to Unbound. BIND also works reliably.
There is no need for WireGuard to have a DNS ad blocker in place.
Also AGH might fail to start if the upstream DNS cannot be reached. So point it at a local Unbound or BIND instead of something external, if your Internet connection takes a while to come up.
I agree with the excellent explanation, especially the first part but the solution you propose is not valid for me because I don't want to use Unbound and I want to use Adguard with DNS Quic. I have been using Adguard for a long time and what is happening now was not happening before, so something must be happening with the Adguard plugin.
-
The AdGuard Home plugin is not part of the OPNsense distribution. So I suggest you take that issue to the plugin maintainer(s).
BTW: I do use AGH. In combination with BIND. No issues whatsoever.
-
I'm having an issue with firewall groups on 23.7:
- I noticed in the changelog that it was mentioned that the groups system was re-written using the MVC framework. Thinking this *may* be related to that in some way
- The odd part, is that I have a group containing a single interface [wan] containing only floating rules that IS working, while my other two are not.
- This appears to be an issue on the UI side only because firewall rules from the groups are applying correctly, and in the correct order
Behaviour Exhibited
- Interfaces are no longer grouping by firewall group under the interfaces menu in the UI, except for the WAN interface group
- The group interfaces are showing up correctly under the firewall menu, and have the correct rules from my config XML in them
- Within a group interface's individual firewall rules menu, previously the group rules were shown underneath the auto-generated rules. Now they are omitted entirely [yet are working correctly in the background] with the exception of the WAN interface group; hence, I have some interfaces that only inherit from groups that appear completely empty, with no indication that they inherit from an interface group.
Troubleshooting steps already taken
- I've tried creating a new group to see if it would show up, as well but it was omitted entirely from the firewall menu
- I've tried restoring from my configuration XML backups
- Multiple reboots
Next steps
- Considering reinstalling 23.7 fresh on my box, and restoring from config
Before I go down the road of reinstalling, and trying the config restore I wanted to reach out and see if anyone else was experiencing a similar issue first.
all the best,
Vall
Edit:
Hunch I saw looking at my pre-migration config, vs. my post-migration config:
Is it possible somewhere in the ui (like JavaScript somewhere that doesn't affect the workings of the backend) is still expecting space separated ifgroup members instead of comma separated ifgroup members?
This would explain why my single-member interface group shows up correctly (because it's the same in both representations)
i.e ifgroups version="1.0.0":
<members>opt4,opt1,lan</members>
23.1.11:
<members>opt4 opt1 lan</members>
ifgroup with single entry is still working because it has no separators, and would be valid in both i.e.:
ifgroups version="1.0.0":
<members>lan</members>
23.1.11:
<members>lan</members>
Just a hunch that was keeping me awake.
thanks again,
Vall
-
Completed the upgrade from 23.1.11 to 23.1.11_1 with no issues. The upgrade from 23.1.11_1 to 23.7 seemed to proceed with no issues, but after the update was complete internal machines had no internet access. I could no longer access the firewall with the FQDN but could access it directly via IP address. For some reason unbound was not started. Going into the configuration the check box to enable it was not checked and some of the other required settings were missing. Enabled unbound and restarted the service and only other minor issue was a complaint about a logging database missing (I had OPNSense create what it wanted). Has been running fine since.
Setup includes two wan interfaces and two lan interface with a firewall rule for gateway fail over.
-
This update kills all my WireGuard tunnels on startup.
I have to disable and re-enable my WireGuard gateways every time I reboot to get them working again.
Any ideas on a fix or is this a new bug?
Previous version 23.1.11 worked perfectly.
Edit:
So, I can get everything working again just by disabling the WireGuard plugin for a few seconds and re-enabling it.
Did the startup order just change and WireGuard starts too quickly now before it can make a connection?
Is there a way to delay WireGuard from starting by like 10-15 seconds? I think that may fix it.
-
Edit:
Hunch I saw looking at my pre-migration config, vs. my post-migration config:
Is it possible somewhere in the ui (like JavaScript somewhere that doesn't affect the workings of the backend) is still expecting space separated ifgroup members instead of comma separated ifgroup members?
This would explain why my single-member interface group shows up correctly (because it's the same in both representations)
i.e ifgroups version="1.0.0":
<members>opt4,opt1,lan</members>
23.1.11:
<members>opt4 opt1 lan</members>
ifgroup with single entry is still working because it has no separators, and would be valid in both i.e.:
ifgroups version="1.0.0":
<members>lan</members>
23.1.11:
<members>lan</members>
Thanks for debugging. Here is a patch: https://github.com/opnsense/core/commit/b52bf63e9
# opnsense-patch b52bf63e9
Cheers,
Franco
-
This time no luck at all...
No matter if started via gui or console (ssh/serial both) this update does not work for me.
After restart it runs still on 23.1.11_1
Have a hard time to debug this. Cannot find any relevant log.
What i see there is some 23.7 package here, but not up to date.
pkg version | grep opns
opnsense-23.1.11_1 =
opnsense-installer-23.1 =
opnsense-lang-22.7.3 =
opnsense-update-23.7 >
pam_opnsense-19.1.3 =
Yes, i can reinstall, no problem. But i like to know what colud be "special" on my system..
Intel(R) Celeron(R) J4125 CPU @ 2.00GHz (4 cores, 4 threads)
ZFS
-
There is an upgrade log and it will tell you what custom package prevents you from upgrading...
Either System: Firmware: Status -> Run an Audit -> Upgrade
Or on the console:
# opnsense-update -G
Cheers,
Franco
-
Thanks for debugging. Here is a patch: https://github.com/opnsense/core/commit/b52bf63e9
# opnsense-patch b52bf63e9
Plus this one: https://github.com/opnsense/core/commit/0e1aa4bcca6
-
Yup
# opnsense-patch b52bf63e9 0e1aa4bcca6
Cheers,
Franco
-
There is an upgrade log and it will tell you what custom package prevents you from upgrading...
Either System: Firmware: Status -> Run an Audit -> Upgrade
Thanks,
wow did not expect that. Seems to be worse... Kernel is on 23.7 already.. No idea what's happened..
Functionally all is ok. But i think i have to reinstall.
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.11_1 at Tue Aug 1 12:58:09 CEST 2023
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-acme-client 3.17
os-apcupsd 1.1
os-dmidecode 1.1_1
os-hw-probe 1.0_1
os-iperf 1.0_1
os-lldpd 1.1_2
os-net-snmp 1.5_2
os-ntopng 1.2_2
os-redis 1.1_2
os-rfc2136 1.8
os-smart 2.2_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..
ca_root_nss-3.91 version mismatch, expected 3.89.1
Checking packages: ........................
opnsense-update-23.7 version mismatch, expected 23.1.11
Checking packages: .......................
py39-dnspython-2.4.0,1 version mismatch, expected 2.3.0,1
Checking packages: .
py39-duckdb-0.8.1 version mismatch, expected 0.6.1
Checking packages: ..
py39-numpy-1.25.0,1 version mismatch, expected 1.24.1_4,1
Checking packages: .
py39-pandas-2.0.3,1 version mismatch, expected 2.0.2,1
Checking packages: ....
py39-vici-5.9.11 version mismatch, expected 5.9.10
Checking packages: ......
sudo-1.9.14p3 version mismatch, expected 1.9.13p3
Checking packages: .
suricata-6.0.13_1 version mismatch, expected 6.0.13
Checking packages: ..
unbound-1.17.1_3 version mismatch, expected 1.17.1_2
Checking packages: .. done
***DONE***
-
Yup
# opnsense-patch b52bf63e9 0e1aa4bcca6
Cheers,
Franco
Thanks for the quick patch!
have a good one,
Vall
-
Thanks,
wow did not expect that. Seems to be worse... Kernel is on 23.7 already.. No idea what's happened..
Functionally all is ok. But i think i have to reinstall.
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.11_1 at Tue Aug 1 12:58:09 CEST 2023
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-acme-client 3.17
os-apcupsd 1.1
os-dmidecode 1.1_1
os-hw-probe 1.0_1
os-iperf 1.0_1
os-lldpd 1.1_2
os-net-snmp 1.5_2
os-ntopng 1.2_2
os-redis 1.1_2
os-rfc2136 1.8
os-smart 2.2_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..
ca_root_nss-3.91 version mismatch, expected 3.89.1
Checking packages: ........................
opnsense-update-23.7 version mismatch, expected 23.1.11
Checking packages: .......................
py39-dnspython-2.4.0,1 version mismatch, expected 2.3.0,1
Checking packages: .
py39-duckdb-0.8.1 version mismatch, expected 0.6.1
Checking packages: ..
py39-numpy-1.25.0,1 version mismatch, expected 1.24.1_4,1
Checking packages: .
py39-pandas-2.0.3,1 version mismatch, expected 2.0.2,1
Checking packages: ....
py39-vici-5.9.11 version mismatch, expected 5.9.10
Checking packages: ......
sudo-1.9.14p3 version mismatch, expected 1.9.13p3
Checking packages: .
suricata-6.0.13_1 version mismatch, expected 6.0.13
Checking packages: ..
unbound-1.17.1_3 version mismatch, expected 1.17.1_2
Checking packages: .. done
***DONE***
First things first. Yeah I think base and kernel are fine and updated. But your packages are not. FWIW, we still need the "Upgrade" audit, not the "Health" one you presented here. ;)
Cheers,
Franco
-
FWIW, we still need the "Upgrade" audit, not the "Health" one you presented here. ;)
Wish i could... :o
Only presented connectivity,health and security as choice.
-
And if you check for updates it presents packages for 23.7 and it downloads them and reboots? If yes it should produce a log file.
Cheers,
Franco
-
The upgrade worked fine so far, but Zen Armor was not working and I've uninstalled all it's packages but still get this error from the Crash Reporter Status:
PHP Warning: PHP Startup: Unable to load dynamic library 'mongodb.so' (tried: /usr/local/lib/php/20220829/mongodb.so (Cannot open "/usr/local/lib/php/20220829/mongodb.so"), /usr/local/lib/php/20220829/mongodb.so.so (Cannot open "/usr/local/lib/php/20220829/mongodb.so.so")) in Unknown on line 0
Already did a:
opnsense-update -pf
but still get this message at the end:
Beep! Beep!
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: 100%
php81-pecl-mongodb has a missing dependency: php81
>>> Missing package dependencies were detected.
>>> Found 1 issue(s) in the package database.
pkg-static: No packages available to install matching 'php81' have been found in the repositories
>>> Summary of actions performed:
php81 dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
Any ideas what to do?
-
# pkg remove php81-pecl-mongodb
Cheers,
Franco
-
And if you check for updates it presents packages for 23.7 and it downloads them and reboots? If yes it should produce a log file.
Exactly! But no log...
***GOT REQUEST TO UPGRADE***
Currently running OPNsense 23.1.11_1 at Tue Aug 1 17:18:40 CEST 2023
Fetching packages-23.7-amd64.tar: ................ done
Extracting packages-23.7-amd64.tar... done
Please reboot.
***DONE***
but opnsense-update -G gives no output. Checked that before and after reboot.
-
# pkg remove php81-pecl-mongodb
Cheers,
Franco
Thank you Franco. :)
So it would be also safe to delete the content of:
/usr/local/lib/php/
which is:
20210902/ 20220829/ build/
?
Don't know why this php81-pecl-mongodb was installed at allā¦
-
Edit:
Hunch I saw looking at my pre-migration config, vs. my post-migration config:
Is it possible somewhere in the ui (like JavaScript somewhere that doesn't affect the workings of the backend) is still expecting space separated ifgroup members instead of comma separated ifgroup members?
This would explain why my single-member interface group shows up correctly (because it's the same in both representations)
i.e ifgroups version="1.0.0":
<members>opt4,opt1,lan</members>
23.1.11:
<members>opt4 opt1 lan</members>
ifgroup with single entry is still working because it has no separators, and would be valid in both i.e.:
ifgroups version="1.0.0":
<members>lan</members>
23.1.11:
<members>lan</members>
Thanks for debugging. Here is a patch: https://github.com/opnsense/core/commit/b52bf63e9
# opnsense-patch b52bf63e9
Cheers,
Franco
This patch worked to fix the groups on interfaces.
-
# pkg remove php81-pecl-mongodb
Cheers,
Franco
Thank you Franco. :)
So it would be also safe to delete the content of:
/usr/local/lib/php/
which is:
20210902/ 20220829/ build/
?
Don't know why this php81-pecl-mongodb was installed at allā¦
I'd only delete the 20210902 folder if left behind after running the pkg command Franco gave you _and_ completing the 23.7 upgrade.
-
Any word on how to fix this?? It an upgrade log file
Beep! Beep!
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.
pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:
python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
>>> Also make sure to check 'pkg updating' for known issues.
-
A forum search shows it should be remove
pkg remove py37-markupsafe
-
# opnsense-patch b52bf63e9 0e1aa4bcca6
Confirmed, these two patches fix the interface grouping issue.
-
Regarding the Haystack problems and AGH, I just updated the community repo with a fix and the latest binary of AGH. Sorry for the trouble
-
@mimugmail thnx! I updated right away
-
Hi all,
I upgraded to 27.3 via the GUI, but it appears the upgrade is only partially complete. Any help in resolving (as I am a basic user at best) greatly received. I also had some strange behaviour on reboot after upgrade, DHCP v6 and Unbound "flapping" which have since settled. However similar to a previous post:
1. Firmware Status is reporting 23.1.11_1
(https://i.postimg.cc/vcpYG1FG/Opn-Sense-Firmware-Status.png) (https://postimg.cc/vcpYG1FG)
2. Packages list is reporting base as 23.7 but opnsense as 23.1.11_1 and opnsense-update as 23.1.11
(https://i.postimg.cc/McYq0dcG/Opn-Sense-Package-List-1.png) (https://postimg.cc/McYq0dcG)
(https://i.postimg.cc/r0FcfxWN/Opn-Sense-Package-List-2.png) (https://postimg.cc/r0FcfxWN)
(https://i.postimg.cc/QKFD3DfB/Opn-Sense-Package-List-3.png) (https://postimg.cc/QKFD3DfB)
(https://i.postimg.cc/Jt0MJ3R1/Opn-Sense-Package-List-4.png) (https://postimg.cc/Jt0MJ3R1)
(https://i.postimg.cc/2bcYMy7R/Opn-Sense-Package-List-5.png) (https://postimg.cc/2bcYMy7R)
(https://i.postimg.cc/7C4qTpZc/Opn-Sense-Package-List-6.png) (https://postimg.cc/7C4qTpZc)
3. If I then check for updates it reports current version as 23.7 new version as 23.1.11 and required action as upgrade.
(https://i.postimg.cc/sBb9c9bt/Opn-Sense-Upgrade.png) (https://postimg.cc/sBb9c9bt)
Upgrade audit below:
bash-5.2.15: already unlocked
beep-1.0_1: already unlocked
bind-tools-9.18.16: already unlocked
bind918-9.18.16: already unlocked
ca_root_nss-3.89.1: already unlocked
choparp-20150613: already unlocked
cpdup-1.22: already unlocked
cpustats-0.1: already unlocked
curl-8.1.2: already unlocked
cyrus-sasl-2.1.28: already unlocked
cyrus-sasl-gssapi-2.1.28: already unlocked
dhcp6c-20230530: already unlocked
dnsmasq-2.89_1,1: already unlocked
dpinger-3.3: already unlocked
e2fsprogs-libuuid-1.47.0: already unlocked
easy-rsa-3.1.5: already unlocked
expat-2.5.0: already unlocked
expiretable-0.6_2: already unlocked
filterlog-0.7: already unlocked
flock-2.37.2: already unlocked
flowd-0.9.1_3: already unlocked
fstrm-0.6.1: already unlocked
gettext-runtime-0.21.1: already unlocked
glib-2.76.3,2: already unlocked
gmp-6.2.1: already unlocked
groff-1.22.4_4: already unlocked
hidapi-0.14.0: already unlocked
hiredis-1.0.2: already unlocked
hostapd-2.10_5: already unlocked
hyperscan-5.4.0: already unlocked
icu-73.2,1: already unlocked
ifinfo-13.0_1: already unlocked
iftop-1.0.p4: already unlocked
indexinfo-0.3.1: already unlocked
isc-dhcp44-relay-4.4.3P1: already unlocked
isc-dhcp44-server-4.4.3P1: already unlocked
jansson-2.14: already unlocked
json-c-0.16: already unlocked
krb5-1.21: already unlocked
ldns-1.8.3: already unlocked
libargon2-20190702: already unlocked
libcbor-0.10.2: already unlocked
libcjson-1.7.15_1: already unlocked
libedit-3.1.20221030,1: already unlocked
libevent-2.1.12: already unlocked
libffi-3.4.4: already unlocked
libfido2-1.13.0: already unlocked
libgcrypt-1.9.4_1: already unlocked
libgpg-error-1.47: already unlocked
libiconv-1.17: already unlocked
libidn2-2.3.4: already unlocked
libltdl-2.4.7: already unlocked
liblz4-1.9.4,1: already unlocked
libmaxminddb-1.7.1: already unlocked
libmcrypt-2.5.8_3: already unlocked
libnet-1.2,1: already unlocked
libnghttp2-1.53.0: already unlocked
libpaper-1.1.28: already unlocked
libpsl-0.21.2_3: already unlocked
libsodium-1.0.18: already unlocked
libucl-0.8.2: already unlocked
libunistring-1.1: already unlocked
libunwind-20211201_2: already unlocked
libuv-1.45.0: already unlocked
libxml2-2.10.4: already unlocked
libyaml-0.2.5: already unlocked
libzmq4-4.3.4: already unlocked
lighttpd-1.4.71: already unlocked
lmdb-0.9.30,1: already unlocked
lua54-5.4.6: already unlocked
lzo2-2.10_1: already unlocked
monit-5.33.0: already unlocked
mpd5-5.9_16: already unlocked
mpdecimal-2.5.1: already unlocked
mysql80-client-8.0.32_2: already unlocked
ndpi-4.6.d20230510,1: already unlocked
nettle-3.9.1: already unlocked
norm-1.5r6_3: already unlocked
nspr-4.35: already unlocked
nss-3.90: already unlocked
ntopng-5.6.d20230531,1: already unlocked
ntp-4.2.8p17: already unlocked
oniguruma-6.9.8_1: already unlocked
openldap26-client-2.6.4: already unlocked
openpgm-5.2.122_6: already unlocked
openssh-portable-9.3.p2,1: already unlocked
openssl-1.1.1u,1: already unlocked
openvpn-2.6.5: already unlocked
opnsense-23.1.11_1: already unlocked
opnsense-installer-23.1: already unlocked
opnsense-lang-22.7.3: already unlocked
opnsense-update-23.1.11: already unlocked
os-bind-1.26_5: already unlocked
os-ntopng-1.2_2: already unlocked
os-redis-1.1_2: already unlocked
os-wireguard-1.13_5: already unlocked
pam_opnsense-19.1.3: already unlocked
pcre-8.45_3: already unlocked
pcre2-10.42: already unlocked
perl5-5.32.1_3: already unlocked
pftop-0.8_4: already unlocked
php81-8.1.20: already unlocked
php81-ctype-8.1.20: already unlocked
php81-curl-8.1.20: already unlocked
php81-dom-8.1.20: already unlocked
php81-filter-8.1.20: already unlocked
php81-gettext-8.1.20: already unlocked
php81-google-api-php-client-2.4.0: already unlocked
php81-ldap-8.1.20: already unlocked
php81-mbstring-8.1.20: already unlocked
php81-pdo-8.1.20: already unlocked
php81-pear-1.10.13: already unlocked
php81-pear-Crypt_CHAP-1.5.0_1: already unlocked
php81-pecl-mcrypt-1.0.6: already unlocked
php81-pecl-radius-1.4.0b1_2: already unlocked
php81-phalcon-5.2.2: already unlocked
php81-phpseclib-3.0.19: already unlocked
php81-session-8.1.20: already unlocked
php81-simplexml-8.1.20: already unlocked
php81-sockets-8.1.20: already unlocked
php81-sqlite3-8.1.20: already unlocked
php81-xml-8.1.20: already unlocked
php81-zlib-8.1.20: already unlocked
pkcs11-helper-1.29.0: already unlocked
pkg-1.19.1_1: already unlocked
protobuf-3.21.12,1: already unlocked
protobuf-c-1.4.1_1: already unlocked
psutils-1.17_5: already unlocked
py39-Babel-2.12.1: already unlocked
py39-Jinja2-3.1.2: already unlocked
py39-bottleneck-1.3.7_1: already unlocked
py39-certifi-2023.5.7: already unlocked
py39-cffi-1.15.1: already unlocked
py39-charset-normalizer-3.1.0: already unlocked
py39-cryptography-3.4.8_1,1: already unlocked
py39-cython-0.29.35: already unlocked
py39-dateutil-2.8.2: already unlocked
py39-dnspython-2.3.0,1: already unlocked
py39-duckdb-0.6.1: already unlocked
py39-idna-3.4_1: already unlocked
py39-markupsafe-2.1.3: already unlocked
py39-netaddr-0.8.0: already unlocked
py39-numexpr-2.8.4_1: already unlocked
py39-numpy-1.24.1_4,1: already unlocked
py39-openssl-20.0.1,1: already unlocked
py39-pandas-2.0.2,1: already unlocked
py39-pycparser-2.21: already unlocked
py39-pysocks-1.7.1: already unlocked
py39-pytz-2022.7,1: already unlocked
py39-requests-2.31.0: already unlocked
py39-setuptools-63.1.0_1: already unlocked
py39-six-1.16.0: already unlocked
py39-sqlite3-3.9.17_7: already unlocked
py39-tzdata-2023.3_1: already unlocked
py39-ujson-5.8.0: already unlocked
py39-urllib3-1.26.16,1: already unlocked
py39-vici-5.9.10: already unlocked
py39-yaml-6.0: already unlocked
python39-3.9.17: already unlocked
radvd-2.19_2: already unlocked
readline-8.2.1: already unlocked
redis-7.0.11: already unlocked
rrdtool-1.8.0_2: already unlocked
samplicator-1.3.8.r1_1: already unlocked
sqlite3-3.42.0,1: already unlocked
squid-5.9: already unlocked
strongswan-5.9.10_2: already unlocked
sudo-1.9.13p3: already unlocked
suricata-6.0.13: already unlocked
syslog-ng-4.2.0: already unlocked
uchardet-0.0.8: already unlocked
unbound-1.17.1_2: already unlocked
wireguard-kmod-0.0.20220615_1: already unlocked
wireguard-tools-1.0.20210914_1: already unlocked
wpa_supplicant-2.10_6: already unlocked
zip-3.0_1: already unlocked
zstd-1.5.5: already unlocked
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 848 packages processed.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (177 candidates): .......... done
Processing candidates (177 candidates): ......... done
Checking integrity... done (22 conflicting)
- php82-session-8.2.8 [OPNsense] conflicts with php81-session-8.1.20 [installed] on /usr/local/etc/php/ext-18-session.ini
- php82-pear-Crypt_CHAP-1.5.0_1 [OPNsense] conflicts with php81-pear-Crypt_CHAP-1.5.0_1 [installed] on /usr/local/share/pear/Crypt/CHAP.php
- php82-zlib-8.2.8 [OPNsense] conflicts with php81-zlib-8.1.20 [installed] on /usr/local/etc/php/ext-20-zlib.ini
- php82-dom-8.2.8 [OPNsense] conflicts with php81-dom-8.1.20 [installed] on /usr/local/etc/php/ext-20-dom.ini
- php82-simplexml-8.2.8 [OPNsense] conflicts with php81-simplexml-8.1.20 [installed] on /usr/local/etc/php/ext-20-simplexml.ini
- php82-pdo-8.2.8 [OPNsense] conflicts with php81-pdo-8.1.20 [installed] on /usr/local/etc/php/ext-20-pdo.ini
- php82-curl-8.2.8 [OPNsense] conflicts with php81-curl-8.1.20 [installed] on /usr/local/etc/php/ext-20-curl.ini
- php82-pecl-radius-1.4.0b1_2 [OPNsense] conflicts with php81-pecl-radius-1.4.0b1_2 [installed] on /usr/local/etc/php/ext-20-radius.ini
- php82-phalcon-5.2.3 [OPNsense] conflicts with php81-phalcon-5.2.2 [installed] on /usr/local/etc/php/ext-30-phalcon.ini
- php82-mbstring-8.2.8 [OPNsense] conflicts with php81-mbstring-8.1.20 [installed] on /usr/local/etc/php/ext-20-mbstring.ini
- php82-ldap-8.2.8 [OPNsense] conflicts with php81-ldap-8.1.20 [installed] on /usr/local/etc/php/ext-20-ldap.ini
- php82-google-api-php-client-2.4.0 [OPNsense] conflicts with php81-google-api-php-client-2.4.0 [installed] on /usr/local/share/google-api-php-client/CODE_OF_CONDUCT.md
- php82-sockets-8.2.8 [OPNsense] conflicts with php81-sockets-8.1.20 [installed] on /usr/local/etc/php/ext-20-sockets.ini
- php82-8.2.8 [OPNsense] conflicts with php81-8.1.20 [installed] on /usr/local/bin/php
- php82-sqlite3-8.2.8 [OPNsense] conflicts with php81-sqlite3-8.1.20 [installed] on /usr/local/etc/php/ext-20-sqlite3.ini
- php82-xml-8.2.8 [OPNsense] conflicts with php81-xml-8.1.20 [installed] on /usr/local/etc/php/ext-20-xml.ini
- php82-phpseclib-3.0.19 [OPNsense] conflicts with php81-phpseclib-3.0.19 [installed] on /usr/local/share/phpseclib/Common/Functions/Strings.php
- php82-gettext-8.2.8 [OPNsense] conflicts with php81-gettext-8.1.20 [installed] on /usr/local/etc/php/ext-20-gettext.ini
- php82-pecl-mcrypt-1.0.6 [OPNsense] conflicts with php81-pecl-mcrypt-1.0.6 [installed] on /usr/local/etc/php/ext-20-mcrypt.ini
- php82-ctype-8.2.8 [OPNsense] conflicts with php81-ctype-8.1.20 [installed] on /usr/local/etc/php/ext-20-ctype.ini
- php82-pear-1.10.13 [OPNsense] conflicts with php81-pear-1.10.13 [installed] on /usr/local/bin/pear
- php82-filter-8.2.8 [OPNsense] conflicts with php81-filter-8.1.20 [installed] on /usr/local/etc/php/ext-20-filter.ini
Checking integrity... done (0 conflicting)
The following 215 package(s) will be affected (of 0 checked):
Installed packages to be REMOVED:
php81: 8.1.20
php81-ctype: 8.1.20
php81-curl: 8.1.20
php81-dom: 8.1.20
php81-filter: 8.1.20
php81-gettext: 8.1.20
php81-google-api-php-client: 2.4.0
php81-ldap: 8.1.20
php81-mbstring: 8.1.20
php81-pdo: 8.1.20
php81-pear: 1.10.13
php81-pear-Crypt_CHAP: 1.5.0_1
php81-pecl-mcrypt: 1.0.6
php81-pecl-radius: 1.4.0b1_2
php81-phalcon: 5.2.2
php81-phpseclib: 3.0.19
php81-session: 8.1.20
php81-simplexml: 8.1.20
php81-sockets: 8.1.20
php81-sqlite3: 8.1.20
php81-xml: 8.1.20
php81-zlib: 8.1.20
New packages to be INSTALLED:
php82: 8.2.8 [OPNsense]
php82-ctype: 8.2.8 [OPNsense]
php82-curl: 8.2.8 [OPNsense]
php82-dom: 8.2.8 [OPNsense]
php82-filter: 8.2.8 [OPNsense]
php82-gettext: 8.2.8 [OPNsense]
php82-google-api-php-client: 2.4.0 [OPNsense]
php82-ldap: 8.2.8 [OPNsense]
php82-mbstring: 8.2.8 [OPNsense]
php82-pdo: 8.2.8 [OPNsense]
php82-pear: 1.10.13 [OPNsense]
php82-pear-Crypt_CHAP: 1.5.0_1 [OPNsense]
php82-pecl-mcrypt: 1.0.6 [OPNsense]
php82-pecl-radius: 1.4.0b1_2 [OPNsense]
php82-phalcon: 5.2.3 [OPNsense]
php82-phpseclib: 3.0.19 [OPNsense]
php82-session: 8.2.8 [OPNsense]
php82-simplexml: 8.2.8 [OPNsense]
php82-sockets: 8.2.8 [OPNsense]
php82-sqlite3: 8.2.8 [OPNsense]
php82-xml: 8.2.8 [OPNsense]
php82-zlib: 8.2.8 [OPNsense]
py39-aioquic: 0.9.21 [OPNsense]
py39-anyio: 3.7.1 [OPNsense]
py39-async_generator: 1.10 [OPNsense]
py39-attrs: 23.1.0 [OPNsense]
py39-exceptiongroup: 1.1.2 [OPNsense]
py39-h11: 0.14.0 [OPNsense]
py39-h2: 4.0.0 [OPNsense]
py39-hpack: 4.0.0 [OPNsense]
py39-httpcore: 0.17.3 [OPNsense]
py39-httpx: 0.24.1 [OPNsense]
py39-hyperframe: 6.0.0 [OPNsense]
py39-outcome: 1.2.0 [OPNsense]
py39-pylsqpack: 0.3.17 [OPNsense]
py39-sniffio: 1.3.0 [OPNsense]
py39-sortedcontainers: 2.4.0 [OPNsense]
py39-trio: 0.22.2 [OPNsense]
Installed packages to be UPGRADED:
ca_root_nss: 3.89.1 -> 3.91 [OPNsense]
gettext-runtime: 0.21.1 -> 0.22_1 [OPNsense]
glib: 2.76.3,2 -> 2.76.4,2 [OPNsense]
krb5: 1.21 -> 1.21.1 [OPNsense]
libcjson: 1.7.15_1 -> 1.7.16 [OPNsense]
libgcrypt: 1.9.4_1 -> 1.10.2 [OPNsense]
libnghttp2: 1.53.0 -> 1.54.0 [OPNsense]
libuv: 1.45.0 -> 1.46.0 [OPNsense]
lmdb: 0.9.30,1 -> 0.9.31,1 [OPNsense]
mysql80-client: 8.0.32_2 -> 8.0.33_3 [OPNsense]
nss: 3.90 -> 3.91 [OPNsense]
openldap26-client: 2.6.4 -> 2.6.5 [OPNsense]
opnsense: 23.1.11_1 -> 23.7 [OPNsense]
opnsense-update: 23.1.11 -> 23.7 [OPNsense]
os-bind: 1.26_5 -> 1.27 [OPNsense]
os-wireguard: 1.13_5 -> 1.13_6 [OPNsense]
perl5: 5.32.1_3 -> 5.32.1_4 [OPNsense]
py39-charset-normalizer: 3.1.0 -> 3.2.0 [OPNsense]
py39-cython: 0.29.35 -> 0.29.36 [OPNsense]
py39-dnspython: 2.3.0,1 -> 2.4.0,1 [OPNsense]
py39-duckdb: 0.6.1 -> 0.8.1 [OPNsense]
py39-numpy: 1.24.1_4,1 -> 1.25.0,1 [OPNsense]
py39-openssl: 20.0.1,1 -> 21.0.0,1 [OPNsense]
py39-pandas: 2.0.2,1 -> 2.0.3,1 [OPNsense]
py39-pytz: 2022.7,1 -> 2023.3,1 [OPNsense]
py39-vici: 5.9.10 -> 5.9.11 [OPNsense]
redis: 7.0.11 -> 7.0.12 [OPNsense]
sudo: 1.9.13p3 -> 1.9.14p3 [OPNsense]
suricata: 6.0.13 -> 6.0.13_1 [OPNsense]
unbound: 1.17.1_2 -> 1.17.1_3 [OPNsense]
Installed packages to be REINSTALLED:
bash-5.2.15 [OPNsense]
beep-1.0_1 [OPNsense]
bind-tools-9.18.16 [OPNsense]
bind918-9.18.16 [OPNsense]
choparp-20150613 [OPNsense]
cpdup-1.22 [OPNsense]
cpustats-0.1 [OPNsense]
curl-8.1.2 [OPNsense]
cyrus-sasl-2.1.28 [OPNsense]
cyrus-sasl-gssapi-2.1.28 [OPNsense]
dhcp6c-20230530 [OPNsense]
dnsmasq-2.89_1,1 [OPNsense]
dpinger-3.3 [OPNsense]
e2fsprogs-libuuid-1.47.0 [OPNsense]
easy-rsa-3.1.5 [OPNsense]
expat-2.5.0 [OPNsense]
expiretable-0.6_2 [OPNsense]
filterlog-0.7 [OPNsense]
flock-2.37.2 [OPNsense]
flowd-0.9.1_3 [OPNsense]
fstrm-0.6.1 [OPNsense]
gmp-6.2.1 [OPNsense]
groff-1.22.4_4 [OPNsense]
hidapi-0.14.0 [OPNsense]
hiredis-1.0.2 [OPNsense]
hostapd-2.10_5 [OPNsense]
hyperscan-5.4.0 [OPNsense]
icu-73.2,1 [OPNsense]
ifinfo-13.0_1 [OPNsense]
iftop-1.0.p4 [OPNsense]
indexinfo-0.3.1 [OPNsense]
isc-dhcp44-relay-4.4.3P1 [OPNsense]
isc-dhcp44-server-4.4.3P1 [OPNsense]
jansson-2.14 [OPNsense]
json-c-0.16 [OPNsense]
ldns-1.8.3 [OPNsense]
libargon2-20190702 [OPNsense]
libcbor-0.10.2 [OPNsense]
libedit-3.1.20221030,1 [OPNsense]
libevent-2.1.12 [OPNsense]
libffi-3.4.4 [OPNsense]
libfido2-1.13.0 [OPNsense]
libgpg-error-1.47 [OPNsense]
libiconv-1.17 [OPNsense]
libidn2-2.3.4 [OPNsense]
libltdl-2.4.7 [OPNsense]
liblz4-1.9.4,1 [OPNsense]
libmaxminddb-1.7.1 [OPNsense]
libmcrypt-2.5.8_3 [OPNsense]
libnet-1.2,1 [OPNsense]
libpaper-1.1.28 [OPNsense]
libpsl-0.21.2_3 [OPNsense]
libsodium-1.0.18 [OPNsense]
libucl-0.8.2 [OPNsense]
libunistring-1.1 [OPNsense]
libunwind-20211201_2 [OPNsense]
libxml2-2.10.4 [OPNsense]
libyaml-0.2.5 [OPNsense]
libzmq4-4.3.4 [OPNsense]
lighttpd-1.4.71 [OPNsense]
lua54-5.4.6 [OPNsense]
lzo2-2.10_1 [OPNsense]
monit-5.33.0 [OPNsense]
mpd5-5.9_16 [OPNsense]
mpdecimal-2.5.1 [OPNsense]
ndpi-4.6.d20230510,1 [OPNsense]
nettle-3.9.1 [OPNsense]
norm-1.5r6_3 [OPNsense]
nspr-4.35 [OPNsense]
ntopng-5.6.d20230531,1 [OPNsense]
ntp-4.2.8p17 [OPNsense]
oniguruma-6.9.8_1 [OPNsense]
openpgm-5.2.122_6 [OPNsense]
openssh-portable-9.3.p2,1 [OPNsense]
openssl-1.1.1u,1 [OPNsense]
openvpn-2.6.5 [OPNsense]
opnsense-installer-23.1 [OPNsense]
opnsense-lang-22.7.3 [OPNsense]
os-ntopng-1.2_2 [OPNsense]
os-redis-1.1_2 [OPNsense]
pam_opnsense-19.1.3 [OPNsense]
pcre-8.45_3 [OPNsense]
pcre2-10.42 [OPNsense]
pftop-0.8_4 [OPNsense]
pkcs11-helper-1.29.0 [OPNsense]
pkg-1.19.1_1 [OPNsense]
protobuf-3.21.12,1 [OPNsense]
protobuf-c-1.4.1_1 [OPNsense]
psutils-1.17_5 [OPNsense]
py39-Babel-2.12.1 [OPNsense]
py39-Jinja2-3.1.2 [OPNsense]
py39-bottleneck-1.3.7_1 [OPNsense]
py39-certifi-2023.5.7 [OPNsense]
py39-cffi-1.15.1 [OPNsense]
py39-cryptography-3.4.8_1,1 [OPNsense]
py39-dateutil-2.8.2 [OPNsense]
py39-idna-3.4_1 [OPNsense]
py39-markupsafe-2.1.3 [OPNsense]
py39-netaddr-0.8.0 [OPNsense]
py39-numexpr-2.8.4_1 [OPNsense]
py39-pycparser-2.21 [OPNsense]
py39-pysocks-1.7.1 [OPNsense]
py39-requests-2.31.0 [OPNsense]
py39-setuptools-63.1.0_1 [OPNsense]
py39-six-1.16.0 [OPNsense]
py39-sqlite3-3.9.17_7 [OPNsense]
py39-tzdata-2023.3_1 [OPNsense]
py39-ujson-5.8.0 [OPNsense]
py39-urllib3-1.26.16,1 [OPNsense]
py39-yaml-6.0 [OPNsense]
python39-3.9.17 [OPNsense]
radvd-2.19_2 [OPNsense]
readline-8.2.1 [OPNsense]
rrdtool-1.8.0_2 [OPNsense]
samplicator-1.3.8.r1_1 [OPNsense]
sqlite3-3.42.0,1 [OPNsense]
squid-5.9 [OPNsense]
strongswan-5.9.10_2 [OPNsense]
syslog-ng-4.2.0 [OPNsense]
uchardet-0.0.8 [OPNsense]
wireguard-kmod-0.0.20220615_1 [OPNsense]
wireguard-tools-1.0.20210914_1 [OPNsense]
wpa_supplicant-2.10_6 [OPNsense]
zip-3.0_1 [OPNsense]
zstd-1.5.5 [OPNsense]
Number of packages to be removed: 22
Number of packages to be installed: 38
Number of packages to be upgraded: 30
Number of packages to be reinstalled: 125
The process will require 25 MiB more space.
[1/215] Reinstalling indexinfo-0.3.1...
[1/215] Extracting indexinfo-0.3.1: .... done
[2/215] Reinstalling mpdecimal-2.5.1...
[2/215] Extracting mpdecimal-2.5.1: .......... done
[3/215] Reinstalling openssl-1.1.1u,1...
[3/215] Extracting openssl-1.1.1u,1: .......... done
[4/215] Reinstalling readline-8.2.1...
[4/215] Extracting readline-8.2.1: .......... done
[5/215] Reinstalling libffi-3.4.4...
[5/215] Extracting libffi-3.4.4: .......... done
[6/215] Reinstalling python39-3.9.17...
[6/215] Extracting python39-3.9.17: .......... done
[7/215] Reinstalling py39-setuptools-63.1.0_1...
[7/215] Extracting py39-setuptools-63.1.0_1: .......... done
[8/215] Reinstalling py39-pycparser-2.21...
[8/215] Extracting py39-pycparser-2.21: .......... done
[9/215] Installing py39-exceptiongroup-1.1.2...
[9/215] Extracting py39-exceptiongroup-1.1.2: .......... done
[10/215] Reinstalling libunistring-1.1...
[10/215] Extracting libunistring-1.1: .......... done
[11/215] Installing py39-hpack-4.0.0...
[11/215] Extracting py39-hpack-4.0.0: .......... done
[12/215] Installing py39-hyperframe-6.0.0...
[12/215] Extracting py39-hyperframe-6.0.0: .......... done
[13/215] Reinstalling libedit-3.1.20221030,1...
[13/215] Extracting libedit-3.1.20221030,1: .......... done
[14/215] Upgrading gettext-runtime from 0.21.1 to 0.22_1...
[14/215] Extracting gettext-runtime-0.22_1: .......... done
[15/215] Reinstalling py39-cffi-1.15.1...
[15/215] Extracting py39-cffi-1.15.1: .......... done
[16/215] Installing py39-sniffio-1.3.0...
[16/215] Extracting py39-sniffio-1.3.0: .......... done
[17/215] Reinstalling py39-idna-3.4_1...
[17/215] Extracting py39-idna-3.4_1: .......... done
[18/215] Installing py39-attrs-23.1.0...
[18/215] Extracting py39-attrs-23.1.0: .......... done
[19/215] Reinstalling libidn2-2.3.4...
[19/215] Extracting libidn2-2.3.4: .......... done
[20/215] Reinstalling py39-cryptography-3.4.8_1,1...
[20/215] Extracting py39-cryptography-3.4.8_1,1: .......... done
[21/215] Upgrading py39-numpy from 1.24.1_4,1 to 1.25.0,1...
[21/215] Extracting py39-numpy-1.25.0,1: ......
-
I don't see what's wrong. Upgrade started and "stopped" at 21/215. It either was going very slow or stalled or someone pulled the plug.
Cheers,
Franco
-
Hi Franco,
Thanks for the reply - as a total newbie here my question I guess is how do i continue the upgrade now?
-
Check for updates again? I should try to offer it as long as it's not fully done.
Cheers,
Franco
-
Hi Franco,
When I do that via the GUI I am offered 23.1.11... will this downgrade if I continue and if so will it cause any problems? Do I need to do a manual upgrade instead?
-
Screenshot please.
-
Hi Franco,
It was in my first post sir - here's a copy (https://i.postimg.cc/sBb9c9bt/Opn-Sense-Upgrade.png) (https://postimg.cc/sBb9c9bt)
-
Ok fair enough... it wants you to revert to the current version because the upgrade was partial... try this from the console:
# opnsense-update -u
# opnsense-shell reboot
If you have a way to watch the console I'd recommend that. In case it takes a very long time (like disk write slow) you really need to know if it stops or errors or just tries to go through with it bit by bit.
Cheers,
Franco
-
Hi Franco,
Appreciate the support thank you.
I take it SSH wont be viable as I'll need to see stuff at reboot, i.e. need to plug in a monitor and keyboard?
-
You can try again without it... give it up to 30 minutes. Otherwise you will have to force a reboot to get back to where you started.
Cheers,
Franco
-
I'll plug a keyboard and mouse in Franco - thank you again for your help.
Just to be clear:
1. Run the "downgrade" to 23.11.1 via console
2. Once complete run the upgrade to 23.7 again via console
-
1. is not necessary in this case.
Cheers,
Franco
-
ah ok thanks Franco, so these commands from the Shell will re-run the 23.7 upgrade?
# opnsense-update -u
# opnsense-shell reboot
(sorry for the newbie questions - feel I owe you some beer / wine / a fine dining five course meal!)
-
No need...
"opnsense-update -u" will perform the upgrade steps that are still pending so only packages should be fetched and stored and then it wants to reboot. This is where "opnsense-shell reboot" comes into play.
Cheers,
Franco
-
Awesome - I will let you know how I get on!
-
Hi!
Add my experience here. I did a new install and restored config from 22.1 (latest).
Hade some problem with wan connection initially but that was because of a new MAC-address and the ISP. Resolved it self after a moment.
ALIASES
Though! Restored alias behaved very strange. They refused to populate with content, this was "URL Table (IPs)" which i had some of: geoip, bad-list.
I edited and resaved but they wouldn't load their data, logs indicated that they couldn't be found.
Made a copy of said aliases and saved them. Now they worked.
The restored aliases had a renewal period of 7 days, maybe it wasn't time to reload them? But shouldn't they reload when resaved?
Url used: https://iplists.firehol.org/files/geolite2_country/country_se.netset and https://iplists.firehol.org/files/firehol_level3.netset
Logged looked like this for the restored aliases
2023-08-02T11:19:51 Error firewall alias resolve error netGeoSwedenGeoIP2LiteFireHole (error fetching alias url https://iplists.firehol.org/files/geolite2_country/country_se.netset)
Edit a moment after I finished the above comment.
I disabled and enabled the restored aliases and after that they reloaded their data.
Just my 2c! And KUDOS to all awesome developers in this project!
-
All,
just updated to 23.7 without any problems, all services up again after about 12 min upgrade time, great work and and a big big thank you to the entire OPNsense team for another flawless major update. Great job.
One small cosmetic remark: The Wireguard widget on the dashboard seems not to be able to line break the public key resp. format the columns appropriately so the widget looks somewhat odd.
Another topic I would like to come back is the ddclient OPNsense backend and the extension of the supported standard service providers as eg proposed here:
https://forum.opnsense.org/index.php?topic=34388.0 (https://forum.opnsense.org/index.php?topic=34388.0)
I had the provider desec running stable for a couple of weeks in 23.1.11 and I am wondering whether the expansion could find its way into mainstream or is there missing something? I changed the code for me also in 23.7 and it works also here.
Br br
-
@franco - just wanted to say thanks for the advise, the updgrade worked.
-
Upgrade went perfectly well.
Took the opportunity to update my boot drives from 120gb to 250gb SSDs and move from UFS to ZFS.
Popped the old disks out, put the new drives in, installed 23.7, restored my config, and back in business.
Fantastic job. Only issue I ran into was reconfiguring Tailscale, but that was my fault - I was too lazy to pull the config from the 23.1 boot disks.
-
on a DEC850 ran the update and was not able to connect to WAN getting:
arprequest_internal: cannot find matching address
I had to stop suricata and reboot to fix. Once I enabled, I would lose the WAN and the same messages would pop.
I am currently running it without suricata.
I had tailscale running and thought that was the issue but seems not to be the case.
added:
ran a sec update and saw this:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.7 at Thu Aug 3 07:07:47 EDT 2023
Fetching vuln.xml.xz: .......... done
openssl-1.1.1u,1 is vulnerable:
OpenSSL -- Excessive time spent checking DH q parameter value
CVE: CVE-2023-3817
WWW: https://vuxml.FreeBSD.org/freebsd/bad6588e-2fe0-11ee-a0d1-84a93843eb75.html
libX11-1.7.2,1 is vulnerable:
libX11 -- Sub-object overflows
CVE: CVE-2023-3138
WWW: https://vuxml.FreeBSD.org/freebsd/734b8f46-773d-4fef-bed3-61114fe8e4c5.html
2 problem(s) in 2 installed package(s) found.
***DONE***
-
Hello together,
after updated to 23.7 the "Advanced option" under "VPN - OpenVPN - Client Specific Overrides" is not available any more. I used this to push static IPs to different OpenVPN User. In 23.1.11 i used "ifconfig-push 172.16.0.x 255.255.255.0" in the Advanced Field to do this.
This is the only problem after this Update for me.
Do you have an idea how can i set a static IP for different OpenVPN user in 23.7?
Thanks for your help.
-
It's the "Tunnel Network" option you are looking for.
Cheers,
Franco
-
Perfect, thank you, it works. :)
-
A forum search shows it should be remove pkg remove py37-markupsafe
Not a pro on doing this, any guide to remove it? Thanks
-
Just run the command from the shell.
Cheers,
Franco
-
I started getting these messages:
HW_PROBE/ growfs*
what are these?
-
Just thought I'd add, I've upgraded 3 firewalls from 23.1.11 to 23.7 and absolutely no issues at all.
Well done @Franco and the team.
1 x AliExpress N5105 jobber
2 x R86S jobbers.
I literally use them as Firewalls though, no extra chuff like Suricata etc....(But do use Wireguard :) )
-
Since my upgrade I lose the WAN every 6 hours.
What's causing these arprequest_internal: cannot find matching address
I do not have unbound/AGH on this device. :'(
Can someone validate that the below message is related to PHP bug:
[fib_algo] inet.0 (bsearch4#20) rebuild_fd_flm: switching algo to radix4_lockless
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=1
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
-
Any undesirable interaction between the new version and AdGuard to be aware of?
-
no AdGuard Service on this device.
-
Looks like that after the upgrade the suricata does not work and found the link below that may be why.
https://forum.opnsense.org/index.php?topic=35130.0
can someone let me know...
-
Is there a way to roll back from 23.7 back to 23.1... :'(
Can I use this to roll back: https://docs.opnsense.org/manual/opnsense_tools.html
-
Any undesirable interaction between the new version and AdGuard to be aware of?
None
-
Looks like that after the upgrade the suricata does not work and found the link below that may be why.
https://forum.opnsense.org/index.php?topic=35130.0
can someone let me know...
They were on suricata-devel and you're probably not. You can try disabling it and see i it helps.
Best to open a dedicated thread for your issue.
Reverting won't work, I'd recommend waiting or 23.7.1 next week instead while discussing on the new thread
-
Hello
The upgrade appears to be failing / not working for me.
I am running
OPNsense 23.1.11_1-amd64
FreeBSD 13.2-RELEASE-p1
OpenSSL 1.1.1u 30 May 2023
System is a Dell Wyze 5070 with a Mellanox Connect-X 3 card and i'm using a router on a stick approach. Multiple WAN links. The system appears to download and extract files, the says please reboot, so I reboot, but the system still reports itself as being on 23.1.11_1 and tells me an upgrade to 23.7 is available. I have also performed the upgrade via the CLI and I don't see any errors.
However when doing an audit I see tons of errors relating to PHP. The error log is too large for me to paste into pastebin or attach it. (It's 1.02MB) the only errors i see though are like this
opnsense has a missing dependency: php81-session
opnsense has a missing dependency: php81-phalcon
opnsense has a missing dependency: php81-xml
opnsense has a missing dependency: php81-simplexml
opnsense has a missing dependency: php81-dom
opnsense has a missing dependency: php81-ctype
opnsense has a missing dependency: php81-filter
opnsense has a missing dependency: php81-pear-Crypt_CHAP
opnsense has a missing dependency: php81-phpseclib
opnsense has a missing dependency: php81-google-api-php-client
opnsense has a missing dependency: php81-sockets
opnsense has a missing dependency: php81-ldap
opnsense has a missing dependency: php81-pecl-radius
opnsense has a missing dependency: php81-curl
opnsense has a missing dependency: php81-gettext
opnsense has a missing dependency: php81-sqlite3
opnsense has a missing dependency: php81-pdo
opnsense has a missing dependency: php81-zlib
there are dozens and dozens of errors about something "google" related too ?
e.g.
php82-google-api-php-client-2.4.0: missing file /usr/local/share/google-api-php-client/vendor/google/apiclient-services/src/Google/Service/DLP/Resource/InfoTypes.php
php82-google-api-php-client-2.4.0: missing file /usr/local/share/google-api-php-client/vendor/google/apiclient-services/src/Google/Service/DLP/Resource/Locations.php
php82-google-api-php-client-2.4.0: missing file /usr/local/share/google-api-php-client/vendor/google/apiclient-services/src/Google/Service/DLP/Resource/Organizations.php
Everything is working fine on 23.1.11 though.
Please be gently, I am a OPNsense noob , but I do have reasonable/good IT knowledge and networking knowledge. I would appreciate any suggestions on how to upgrade, I'd rather not have to wipe and re-install.
I've tried this four times now and each time it returns to 23.1.11_1 after downloading. However the audit DOES say that the kernel version is 23.7 ?
Currently running OPNsense 23.1.11_1 at Fri Aug 4 17:43:33 UTC 2023
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct
if anyone would like me to send / email the complete log file from the audit please let me know where to send it.
Thanks.
-
Log in via ssh and try this command, post the output if it doesn't complete the upgrade. You're half way there already.
opnsense-update -u
-
Hi @newsense
Thanks very much for your assistance.
I'm not sure what was different this time, but it appears to have worked :)
The system is now reporting
OPNsense 23.7-amd64
FreeBSD 13.2-RELEASE-p1
OpenSSL 1.1.1u 30 May 2023
Thank you!!
-
Wanted to add my success status to the thread, upgraded from the last 23.1 to 23.7 without a problem. The only thing I did to prepare was to reconfigure Bind to listen on an IP (with ACLs) instead of 127.0.0.1 so that I could remove the "allow localhost" override in Unbound that was done through the 3rd party plugin to give me customised commands. Thought it would be much better to try to stick to built-in options when possible.
-
HP T620 4gb ram
Upgrade went fine, just took a while ~15min. Patience is needed.
-
I had an unfortunate issue with DNS not working properly locally after 23.1.11_1 > 23.7.
Notably it's virtualised on Proxmox (kernel 6.2.16-6). OpenvSwitch bridging with VLAN interfaces on *sense.
ISP is static with public DNS upstreams (eg 1.0.0.1, 1.1.1.1, 8.8.8.8 and ip6 equivalents).
Had to rollback, so didn't take the time to tshoot sorry. Just wondering if anyone else experienced something similar?
Cannot rule out config deviation of course, or some introduced quirk like MTU, but I played through Unbound a bit and the behaviour persisted (not that it appeared very rational in the first place). Also disabled ip6 entirely to rule out stack behaviour.
Have it running separately on a dedicated device with no issues to speak of... however that was fresh stock and not an upgrade install, so it's yet another variable. Might test again this weekend if no leads here.
-
23.7.1 should be released in the next 72 hours if I'm not mistaken and the upgrade path adjusted for it. The release notes might offer more insight once it is published.
-
Hi all,
anyone else had problems upgrading from 23.1 to 23.7 via SSH? I upgraded past Saturday.
I have logged in successfully via SSH and selected the menu option for updating. Afterwards I have typed in "23.7" and nothing happend. Tried again after rebooting. The only thing that happend was listing the release notes.
Upgrading via Web-GUI was flawless as always. Is this a common (known) problem?
Cyberturtle
-
Confirming the release notes after reading(scrolling) via "q" then the upgrade starts. The console is a little tricky since it was asked for to show the release notes too.
Cheers,
Franco
-
Good to know, thx! :)
-
Version 23.7.1 is avaibe, but It dosn`t fix the Groups-Bug.
-
Hello all,
I recently upgraded two 23.7 firewalls to 23.7.1 and I am now seeing this message in the log of the upgrade:
Configuring system logging...Error opening plugin module; module='examples', error='/usr/local/lib/syslog-ng/libexamples.so: Undefined symbol "random_choice_generator_parser"'
done.
Wanted to bring this to everyone's attention, in case this is an error.
Thanks,
Steve
-
> Configuring system logging...Error opening plugin module; module='examples', error='/usr/local/lib/syslog-ng/libexamples.so: Undefined symbol "random_choice_generator_parser"'
done.
I've seen this during testing. Seems to be a syslog-ng update error, but none that has any effect on operation so I've left it as is.
> Version 23.7.1 is avaibe, but It dosn`t fix the Groups-Bug.
It does fix 3 group-related bugs so the question is which bug are you still seeing?
Cheers,
Franco
-
This update kills all my WireGuard tunnels on startup.
I have to disable and re-enable my WireGuard gateways every time I reboot to get them working again.
Any ideas on a fix or is this a new bug?
Previous version 23.1.11 worked perfectly.
Edit:
So, I can get everything working again just by disabling the WireGuard plugin for a few seconds and re-enabling it.
Did the startup order just change and WireGuard starts too quickly now before it can make a connection?
Is there a way to delay WireGuard from starting by like 10-15 seconds? I think that may fix it.
WireGuard is still broken for me after the 23.7.1 update. Everything else is fine, but all the WireGuard tunnels are down when OPNSense first starts up. I need to disable the WG plugin and re-enable it for the tunnels to reconnect and start working again. It's a minor inconvenience, but it would be nice if this bug could be fixed. Please.
-
Any idea how to fix this?
My VLANs are vlan0.666 and vlan0.667
Configuring WAN2 interface.
..done.
Generating /etc/resolv.conf...eval: $(vlan0@....): Bad substitution export: vlan0.666 nameserver: bad variable name eval: ${vlan0@....}: Bad substitution export: vlan0.666_searchdomain: bad variable name
done.
Generating /etc/hosts...done.
Configuring firewall.
done.
-
This update kills all my WireGuard tunnels on startup.
I have to disable and re-enable my WireGuard gateways every time I reboot to get them working again.
Any ideas on a fix or is this a new bug?
Previous version 23.1.11 worked perfectly.
Edit:
So, I can get everything working again just by disabling the WireGuard plugin for a few seconds and re-enabling it.
Did the startup order just change and WireGuard starts too quickly now before it can make a connection?
Is there a way to delay WireGuard from starting by like 10-15 seconds? I think that may fix it.
WireGuard is still broken for me after the 23.7.1 update. Everything else is fine, but all the WireGuard tunnels are down when OPNSense first starts up. I need to disable the WG plugin and re-enable it for the tunnels to reconnect and start working again. It's a minor inconvenience, but it would be nice if this bug could be fixed. Please.
Sounds like wireguard is starting before dns works and you use fqdn as peers?
-
Any idea how to fix this?
My VLANs are vlan0.666 and vlan0.667
Configuring WAN2 interface.
..done.
Generating /etc/resolv.conf...eval: $(vlan0@....): Bad substitution export: vlan0.666 nameserver: bad variable name eval: ${vlan0@....}: Bad substitution export: vlan0.666_searchdomain: bad variable name
done.
Generating /etc/hosts...done.
Configuring firewall.
done.
I can reproduce. Will fix today.
-
Awesome, thanks!
-
> Configuring system logging...Error opening plugin module; module='examples', error='/usr/local/lib/syslog-ng/libexamples.so: Undefined symbol "random_choice_generator_parser"'
done.
I've seen this during testing. Seems to be a syslog-ng update error, but none that has any effect on operation so I've left it as is.
> Version 23.7.1 is avaibe, but It dosn`t fix the Groups-Bug.
It does fix 3 group-related bugs so the question is which bug are you still seeing?
Cheers,
Franco
This still occured during the update from 23.7.1 to 23.7.1_3, but the syslog_ng service started and - in my configuration - also pushes logs to an external syslog server. So, no real problem, just FYI ...
Thanks for the great work on 23.7!
-
Hey, I start the upgrade yesterday and it is still in process. Is this normal?
***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.9 at Tue Aug 8 11:38:34 CEST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (82 candidates): .......... done
Processing candidates (82 candidates): ..... done
The following 42 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
libltdl: 2.4.7
libmcrypt: 2.5.8_3
php81-pear: 1.10.13
php81-pear-Crypt_CHAP: 1.5.0_1
php81-pecl-mcrypt: 1.0.6
Installed packages to be UPGRADED:
curl: 8.1.1 -> 8.1.2
easy-rsa: 3.1.4 -> 3.1.5
krb5: 1.20.1 -> 1.21
nettle: 3.9 -> 3.9.1
nss: 3.89.1 -> 3.90
ntp: 4.2.8p15_5 -> 4.2.8p17
openssh-portable: 9.3.p1,1 -> 9.3.p2,1
openssl: 1.1.1t_2,1 -> 1.1.1u,1
openvpn: 2.6.4 -> 2.6.5
opnsense: 23.1.9 -> 23.1.11_1
opnsense-update: 23.1.8 -> 23.1.11
pftop: 0.8_2 -> 0.8_4
php81: 8.1.19 -> 8.1.20
php81-ctype: 8.1.19 -> 8.1.20
php81-curl: 8.1.19 -> 8.1.20
php81-dom: 8.1.19 -> 8.1.20
php81-filter: 8.1.19 -> 8.1.20
php81-gettext: 8.1.19 -> 8.1.20
php81-ldap: 8.1.19 -> 8.1.20
php81-mbstring: 8.1.19 -> 8.1.20
php81-pdo: 8.1.19 -> 8.1.20
php81-phalcon: 5.2.1 -> 5.2.2
php81-session: 8.1.19 -> 8.1.20
php81-simplexml: 8.1.19 -> 8.1.20
php81-sockets: 8.1.19 -> 8.1.20
php81-sqlite3: 8.1.19 -> 8.1.20
php81-xml: 8.1.19 -> 8.1.20
php81-zlib: 8.1.19 -> 8.1.20
py39-markupsafe: 2.1.2 -> 2.1.3
py39-pandas: 2.0.1_1,1 -> 2.0.2,1
py39-setuptools: 63.1.0 -> 63.1.0_1
py39-sqlite3: 3.9.16_7 -> 3.9.17_7
py39-ujson: 5.7.0 -> 5.8.0
python39: 3.9.16_2 -> 3.9.17
squid: 5.8 -> 5.9
strongswan: 5.9.10_1 -> 5.9.10_2
suricata: 6.0.12 -> 6.0.13
Number of packages to be installed: 5
Number of packages to be upgraded: 37
The process will require 5 MiB more space.
57 MiB to be downloaded.
[1/42] Fetching php81-sqlite3-8.1.20.pkg: ... done
[2/42] Fetching php81-sockets-8.1.20.pkg: ..... done
[3/42] Fetching opnsense-update-23.1.11.pkg: ..... done
[4/42] Fetching openssl-1.1.1u,1.pkg: .......... done
[5/42] Fetching nettle-3.9.1.pkg: .......... done
[6/42] Fetching php81-pear-1.10.13.pkg: .......... done
[7/42] Fetching nss-3.90.pkg: .......... done
[8/42] Fetching py39-markupsafe-2.1.3.pkg: .. done
[9/42] Fetching easy-rsa-3.1.5.pkg: ....... done
[10/42] Fetching openvpn-2.6.5.pkg: .......... done
[11/42] Fetching krb5-1.21.pkg: .......... done
[12/42] Fetching php81-filter-8.1.20.pkg: ... done
[13/42] Fetching php81-8.1.20.pkg: .......... done
[14/42] Fetching py39-pandas-2.0.2,1.pkg: .......... done
[15/42] Fetching python39-3.9.17.pkg: .......... done
[16/42] Fetching libmcrypt-2.5.8_3.pkg: .......... done
[17/42] Fetching py39-sqlite3-3.9.17_7.pkg: .... done
[18/42] Fetching ntp-4.2.8p17.pkg: .......... done
[19/42] Fetching py39-ujson-5.8.0.pkg: ...... done
[20/42] Fetching php81-ctype-8.1.20.pkg: . done
[21/42] Fetching php81-simplexml-8.1.20.pkg: ... done
[22/42] Fetching php81-session-8.1.20.pkg: ..... done
[23/42] Fetching curl-8.1.2.pkg: .......... done
[24/42] Fetching php81-zlib-8.1.20.pkg: ... done
[25/42] Fetching php81-phalcon-5.2.2.pkg: .......... done
[26/42] Fetching py39-setuptools-63.1.0_1.pkg: .......... done
[27/42] Fetching openssh-portable-9.3.p2,1.pkg: .......... done
[28/42] Fetching libltdl-2.4.7.pkg: ..... done
[29/42] Fetching php81-dom-8.1.20.pkg: ........ done
[30/42] Fetching suricata-6.0.13.pkg: .......... done
[31/42] Fetching php81-pear-Crypt_CHAP-1.5.0_1.pkg: . done
[32/42] Fetching php81-ldap-8.1.20.pkg: ..... done
[33/42] Fetching php81-xml-8.1.20.pkg: ... done
[34/42] Fetching php81-pdo-8.1.20.pkg: ....... done
[35/42] Fetching php81-curl-8.1.20.pkg: ..... done
[36/42] Fetching php81-mbstring-8.1.20.pkg: .......... done
[37/42] Fetching opnsense-23.1.11_1.pkg: .......... done
[38/42] Fetching squid-5.9.pkg: .......... done
[39/42] Fetching strongswan-5.9.10_2.pkg: .......... done
[40/42] Fetching php81-gettext-8.1.20.pkg: . done
[41/42] Fetching php81-pecl-mcrypt-1.0.6.pkg: .. done
[42/42] Fetching pftop-0.8_4.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/42] Upgrading openssl from 1.1.1t_2,1 to 1.1.1u,1...
[1/42] Extracting openssl-1.1.1u,1: .......... done
[2/42] Upgrading python39 from 3.9.16_2 to 3.9.17...
[2/42] Extracting python39-3.9.17: .......... done
[3/42] Upgrading py39-setuptools from 63.1.0 to 63.1.0_1...
[3/42] Extracting py39-setuptools-63.1.0_1: .......... done
[4/42] Upgrading krb5 from 1.20.1 to 1.21...
[4/42] Extracting krb5-1.21: .......... done
[5/42] Upgrading php81 from 8.1.19 to 8.1.20...
[5/42] Extracting php81-8.1.20: .......... done
[6/42] Installing libmcrypt-2.5.8_3...
[6/42] Extracting libmcrypt-2.5.8_3: .......... done
[7/42] Upgrading py39-sqlite3 from 3.9.16_7 to 3.9.17_7...
[7/42] Extracting py39-sqlite3-3.9.17_7: ........ done
[8/42] Upgrading php81-zlib from 8.1.19 to 8.1.20...
[8/42] Extracting php81-zlib-8.1.20: ........ done
[9/42] Installing libltdl-2.4.7...
[9/42] Extracting libltdl-2.4.7: .......... done
[10/42] Upgrading php81-xml from 8.1.19 to 8.1.20...
[10/42] Extracting php81-xml-8.1.20: ......... done
[11/42] Upgrading nettle from 3.9 to 3.9.1...
[11/42] Extracting nettle-3.9.1: .......... done
[12/42] Installing php81-pear-1.10.13...
[12/42] Extracting php81-pear-1.10.13: .......... done
[13/42] Upgrading nss from 3.89.1 to 3.90...
[13/42] Extracting nss-3.90: .......... done
[14/42] Upgrading py39-markupsafe from 2.1.2 to 2.1.3...
[14/42] Extracting py39-markupsafe-2.1.3: .......... done
[15/42] Upgrading easy-rsa from 3.1.4 to 3.1.5...
[15/42] Extracting easy-rsa-3.1.5: .......... done
[16/42] Upgrading py39-pandas from 2.0.1_1,1 to 2.0.2,1...
[16/42] Extracting py39-pandas-2.0.2,1: .......... done
[17/42] Upgrading php81-session from 8.1.19 to 8.1.20...
[17/42] Extracting php81-session-8.1.20: .......... done
[18/42] Upgrading curl from 8.1.1 to 8.1.2...
[18/42] Extracting curl-8.1.2: .......... done
[19/42] Upgrading php81-pdo from 8.1.19 to 8.1.20...
[19/42] Extracting php81-pdo-8.1.20: .......... done
[20/42] Upgrading php81-mbstring from 8.1.19 to 8.1.20...
[20/42] Extracting php81-mbstring-8.1.20: .......... done
[21/42] Installing php81-pecl-mcrypt-1.0.6...
[21/42] Extracting php81-pecl-mcrypt-1.0.6: ........ done
[22/42] Upgrading php81-sqlite3 from 8.1.19 to 8.1.20...
[22/42] Extracting php81-sqlite3-8.1.20: ......... done
[23/42] Upgrading php81-sockets from 8.1.19 to 8.1.20...
[23/42] Extracting php81-sockets-8.1.20: .......... done
[24/42] Upgrading opnsense-update from 23.1.8 to 23.1.11...
[24/42] Extracting opnsense-update-23.1.11: .......... done
[25/42] Upgrading openvpn from 2.6.4 to 2.6.5...
===> Creating groups.
Using existing group 'openvpn'.
===> Creating users
Using existing user 'openvpn'.
[25/42] Extracting openvpn-2.6.5: .......... done
[26/42] Upgrading php81-filter from 8.1.19 to 8.1.20...
[26/42] Extracting php81-filter-8.1.20: ......... done
[27/42] Upgrading ntp from 4.2.8p15_5 to 4.2.8p17...
[27/42] Extracting ntp-4.2.8p17: .......... done
[28/42] Upgrading py39-ujson from 5.7.0 to 5.8.0...
[28/42] Extracting py39-ujson-5.8.0: ......... done
[29/42] Upgrading php81-ctype from 8.1.19 to 8.1.20...
[29/42] Extracting php81-ctype-8.1.20: ........ done
[30/42] Upgrading php81-simplexml from 8.1.19 to 8.1.20...
[30/42] Extracting php81-simplexml-8.1.20: ......... done
[31/42] Upgrading php81-phalcon from 5.2.1 to 5.2.2...
[31/42] Extracting php81-phalcon-5.2.2: ........ done
[32/42] Upgrading openssh-portable from 9.3.p1,1 to 9.3.p2,1...
[32/42] Extracting openssh-portable-9.3.p2,1: .......... done
[33/42] Upgrading php81-dom from 8.1.19 to 8.1.20...
[33/42] Extracting php81-dom-8.1.20: .......... done
[34/42] Upgrading suricata from 6.0.12 to 6.0.13...
[34/42] Extracting suricata-6.0.13: .......... done
[35/42] Installing php81-pear-Crypt_CHAP-1.5.0_1...
[35/42] Extracting php81-pear-Crypt_CHAP-1.5.0_1: ... done
install ok: channel://pear.php.net/Crypt_CHAP-1.5.0
[36/42] Upgrading php81-ldap from 8.1.19 to 8.1.20...
[36/42] Extracting php81-ldap-8.1.20: ........ done
[37/42] Upgrading php81-curl from 8.1.19 to 8.1.20...
[37/42] Extracting php81-curl-8.1.20: .......... done
[38/42] Upgrading squid from 5.8 to 5.9...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-5.9
[38/42] Extracting squid-5.9: .......... done
[39/42] Upgrading strongswan from 5.9.10_1 to 5.9.10_2...
[39/42] Extracting strongswan-5.9.10_2: .......... done
[40/42] Upgrading php81-gettext from 8.1.19 to 8.1.20...
[40/42] Extracting php81-gettext-8.1.20: ........ done
[41/42] Upgrading pftop from 0.8_2 to 0.8_4...
[41/42] Extracting pftop-0.8_4: ..... done
[42/42] Upgrading opnsense from 23.1.9 to 23.1.11_1...
[42/42] Extracting opnsense-23.1.11_1: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from php81-pecl-mcrypt-1.0.6:
--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-mcrypt.ini
=====
Message from openvpn-2.6.5:
--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.
It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/squid/squid.conf if it is no longer needed.
=====
Message from strongswan-5.9.10_2:
--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from opnsense-23.1.11_1:
--
I'm no chicken
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/php81-sqlite3-8.1.20~268aa25c14.pkg
/var/cache/pkg/openssl-1.1.1u,1~1af52f3ae1.pkg
/var/cache/pkg/php81-sqlite3-8.1.20.pkg
/var/cache/pkg/php81-sockets-8.1.20~67ac1b380d.pkg
/var/cache/pkg/php81-sockets-8.1.20.pkg
/var/cache/pkg/opnsense-update-23.1.11~be0d7994fc.pkg
/var/cache/pkg/opnsense-update-23.1.11.pkg
/var/cache/pkg/nettle-3.9.1~dc2bd05af6.pkg
/var/cache/pkg/openssl-1.1.1u,1.pkg
/var/cache/pkg/nettle-3.9.1.pkg
/var/cache/pkg/php81-pear-1.10.13~b5d4c49528.pkg
/var/cache/pkg/nss-3.90~b460b07f03.pkg
/var/cache/pkg/php81-filter-8.1.20.pkg
/var/cache/pkg/php81-pear-1.10.13.pkg
/var/cache/pkg/nss-3.90.pkg
/var/cache/pkg/py39-markupsafe-2.1.3~7350a0e3c0.pkg
/var/cache/pkg/easy-rsa-3.1.5~e89f7ea2f1.pkg
/var/cache/pkg/py39-markupsafe-2.1.3.pkg
/var/cache/pkg/easy-rsa-3.1.5.pkg
/var/cache/pkg/openvpn-2.6.5~ec608e53dd.pkg
/var/cache/pkg/openvpn-2.6.5.pkg
/var/cache/pkg/krb5-1.21~9b283f078f.pkg
/var/cache/pkg/krb5-1.21.pkg
/var/cache/pkg/php81-filter-8.1.20~c2ac38ab8f.pkg
/var/cache/pkg/php81-8.1.20~c92f8420ed.pkg
/var/cache/pkg/php81-8.1.20.pkg
/var/cache/pkg/py39-pandas-2.0.2,1~42f88b520b.pkg
/var/cache/pkg/curl-8.1.2.pkg
/var/cache/pkg/py39-sqlite3-3.9.17_7.pkg
/var/cache/pkg/py39-pandas-2.0.2,1.pkg
/var/cache/pkg/python39-3.9.17~8beccbe2a6.pkg
/var/cache/pkg/python39-3.9.17.pkg
/var/cache/pkg/libmcrypt-2.5.8_3~2af8cb0f52.pkg
/var/cache/pkg/libmcrypt-2.5.8_3.pkg
/var/cache/pkg/py39-sqlite3-3.9.17_7~9ae70d4822.pkg
/var/cache/pkg/ntp-4.2.8p17~555b3b4035.pkg
/var/cache/pkg/py39-ujson-5.8.0.pkg
/var/cache/pkg/ntp-4.2.8p17.pkg
/var/cache/pkg/py39-ujson-5.8.0~c498f77d44.pkg
/var/cache/pkg/php81-ctype-8.1.20~07533bd474.pkg
/var/cache/pkg/php81-simplexml-8.1.20.pkg
/var/cache/pkg/php81-ctype-8.1.20.pkg
/var/cache/pkg/php81-simplexml-8.1.20~d346d4a3d6.pkg
/var/cache/pkg/php81-session-8.1.20~bbbe67cc4d.pkg
/var/cache/pkg/curl-8.1.2~8f8da611bc.pkg
/var/cache/pkg/php81-session-8.1.20.pkg
/var/cache/pkg/php81-zlib-8.1.20~69c3cad62d.pkg
/var/cache/pkg/php81-zlib-8.1.20.pkg
/var/cache/pkg/php81-phalcon-5.2.2~e7a1e5964f.pkg
/var/cache/pkg/php81-phalcon-5.2.2.pkg
/var/cache/pkg/py39-setuptools-63.1.0_1~a689cb8827.pkg
/var/cache/pkg/openssh-portable-9.3.p2,1~c40ca9611d.pkg
/var/cache/pkg/py39-setuptools-63.1.0_1.pkg
/var/cache/pkg/libltdl-2.4.7~f812017b66.pkg
/var/cache/pkg/openssh-portable-9.3.p2,1.pkg
/var/cache/pkg/libltdl-2.4.7.pkg
/var/cache/pkg/php81-dom-8.1.20~9c152dbc28.pkg
/var/cache/pkg/php81-dom-8.1.20.pkg
/var/cache/pkg/suricata-6.0.13~cc549dbb70.pkg
/var/cache/pkg/suricata-6.0.13.pkg
/var/cache/pkg/php81-pear-Crypt_CHAP-1.5.0_1~aba54a1597.pkg
/var/cache/pkg/php81-ldap-8.1.20~ffc7245bc6.pkg
/var/cache/pkg/php81-pear-Crypt_CHAP-1.5.0_1.pkg
/var/cache/pkg/php81-ldap-8.1.20.pkg
/var/cache/pkg/php81-xml-8.1.20~afb43a99ec.pkg
/var/cache/pkg/php81-xml-8.1.20.pkg
/var/cache/pkg/php81-pdo-8.1.20~d9f84e1b36.pkg
/var/cache/pkg/php81-pdo-8.1.20.pkg
/var/cache/pkg/php81-curl-8.1.20~0b3dccbc47.pkg
/var/cache/pkg/php81-curl-8.1.20.pkg
/var/cache/pkg/php81-mbstring-8.1.20~4d7425cbbd.pkg
/var/cache/pkg/php81-mbstring-8.1.20.pkg
/var/cache/pkg/opnsense-23.1.11_1~98d4aca2e7.pkg
/var/cache/pkg/squid-5.9~7ff7ab92d9.pkg
/var/cache/pkg/opnsense-23.1.11_1.pkg
/var/cache/pkg/squid-5.9.pkg
/var/cache/pkg/strongswan-5.9.10_2~a41dbad962.pkg
/var/cache/pkg/strongswan-5.9.10_2.pkg
/var/cache/pkg/php81-gettext-8.1.20~20bc4fab2e.pkg
/var/cache/pkg/php81-pecl-mcrypt-1.0.6~515f90443c.pkg
/var/cache/pkg/php81-gettext-8.1.20.pkg
/var/cache/pkg/pftop-0.8_4~47af6af592.pkg
/var/cache/pkg/php81-pecl-mcrypt-1.0.6.pkg
/var/cache/pkg/pftop-0.8_4.pkg
The cleanup will free 57 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-23.1.11-amd64.txz: ...[...]
opnsense is running in a vm and the ressources are fine... I don not understand this...
(https://abload.de/thumb/proxmoxv3evz.png) (https://abload.de/image.php?img=proxmoxv3evz.png)
Is this normal?
-
Awesome, thanks!
https://github.com/opnsense/core/commit/13389c823ec
# opnsense-patch 13389c823ec
Cheers,
Franco
-
Awesome, thanks!
https://github.com/opnsense/core/commit/13389c823ec
# opnsense-patch 13389c823ec
Cheers,
Franco
The patch fixed it for me, thank you very much!
-
Upgraded to 23.7.1 from 23.1.1. The initial upgrade had a few bumps. For some reason it appears it did not complete all of the necessary reboots. From the console, all areas seemed to carry over without an issue but for some reason it was not allowing traffic from the vlans or dhcp even though it was showing as configured and available. I had to force several reboots from the console/terminal to get it fully functional. The issue that I seem to be experiencing now is the system seems to be running very hot in comparison to the previous version. The CPU and core temps are at least 20 degrees warmer than previous and with that see a large number of critical temp alerts.
#####UPDATE#####
System Information:
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0
FreeBSD 13.2-RELEASE-p2 stable/23.7-n254746-cdad4e9df7f SMP amd64
OPNsense 23.7.1_3 239f8d1f8
Plugins os-crowdsec-1.0.6 os-ddclient-1.14 os-dmidecode-1.1_1 os-dyndns-1.27_3 os-etpro-telemetry-1.6_1 os-intrusion-detection-content-et-open-1.0.1 os-intrusion-detection-content-et-pro-1.0.2_1 os-intrusion-detection-content-pt-open-1.0_1 os-intrusion-detection-content-snort-vrt-1.1_1 os-iperf-1.0_1 os-maltrail-1.10 os-netdata-1.2_1 os-nginx-1.32.1_3 os-sensei-1.14.2 os-sensei-agent-1.14 os-sensei-updater-1.14 os-sunnyvalley-1.2_3 os-telegraf-1.12.8 os-theme-cicada-1.34 os-theme-rebellion-1.8.8 os-vnstat-1.3_1 os-wireguard-1.13_7
Time Wed, 09 Aug 2023 13:26:41 +0000
OpenSSL 1.1.1v 1 Aug 2023
Python 3.9.17
PHP 8.2.8
PHP Errors:
[09-Aug-2023 12:27:09 Etc/UTC] Error: Call to undefined function lock() in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc:158
Stack trace:
#0 /usr/local/etc/inc/plugins.inc.d/dyndns.inc(169): updatedns->__construct('dyndns', 'gambit.dnsdojo....', 'secdoc', 'b6f0e74070da11e...', NULL, '', 'wan', NULL, NULL, NULL, '', NULL, '', '', '', '', 'wan', '0', false, false, false)
#1 /usr/local/etc/inc/plugins.inc.d/dyndns.inc(212): dyndns_configure_client(Array)
#2 /usr/local/etc/inc/plugins.inc(304): dyndns_configure_do(true)
#3 /usr/local/etc/rc.bootup(104): plugins_configure('bootup', true)
#4 {main}
[09-Aug-2023 12:27:10 Etc/UTC] Error: Call to undefined function lock() in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc:158
Stack trace:
#0 /usr/local/etc/inc/plugins.inc.d/dyndns.inc(169): updatedns->__construct('dyndns', 'gambit.dnsdojo....', 'secdoc', 'b6f0e74070da11e...', NULL, '', 'wan', NULL, NULL, NULL, '', NULL, '', '', '', '', 'wan', '0', false, false, false)
#1 /usr/local/etc/inc/plugins.inc.d/dyndns.inc(212): dyndns_configure_client(Array)
#2 /usr/local/etc/inc/plugins.inc(304): dyndns_configure_do(false, 'wan')
#3 /usr/local/etc/rc.newwanip(174): plugins_configure('newwanip', false, Array)
#4 {main}
dmesg.boot:
Copyright (c) 1992-2021 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 13.2-RELEASE-p2 stable/23.7-n254746-cdad4e9df7f SMP amd64
FreeBSD clang version 14.0.5 (https://github.com/llvm/llvm-project.git llvmorg-14.0.5-0-gc12386ae247c)
VT(efifb): resolution 1366x768
CPU: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz (2803.20-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x806c1 Family=0x6 Model=0x8c Stepping=1
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0x7ffafbbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
AMD Features2=0x121<LAHF,ABM,Prefetch>
Structured Extended Features=0xf3bfa7eb<FSGSBASE,TSCADJ,BMI1,AVX2,FDPEXC,SMEP,BMI2,ERMS,INVPCID,NFPUSG,PQE,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,AVX512IFMA,CLFLUSHOPT,CLWB,PROCTRACE,AVX512CD,SHA,AVX512BW,AVX512VL>
Structured Extended Features2=0x18c05fde<AVX512VBMI,UMIP,PKU,OSPKE,AVX512VBMI2,GFNI,VAES,VPCLMULQDQ,AVX512VNNI,AVX512BITALG,AVX512VPOPCNTDQ,RDPID,MOVDIRI,MOVDIR64B>
Structured Extended Features3=0xfc100510<FSRM,AVX512VP2INTERSECT,MD_CLEAR,IBT,IBPB,STIBP,L1DFL,ARCH_CAP,CORE_CAP,SSBD>
XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
IA32_ARCH_CAPS=0x6b<RDCL_NO,IBRS_ALL,SKIP_L1DFL_VME,MDS_NO>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
TSC: P-state invariant, performance statistics
real memory = 34359738368 (32768 MB)
avail memory = 33032052736 (31501 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <ALASKA A M I >
FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-119
Launching APs: 1 5 4 6 7 2 3
random: entropy device external interface
wlan: mac acl policy registered
kbd1 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 14.0.
efirtc0: <EFI Realtime Clock>
efirtc0: registered as a time-of-day clock, resolution 1.000000s
smbios0: <System Management BIOS> at iomem 0x43ca5000-0x43ca501e
smbios0: Version: 3.3, BCD Revision: 3.3
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>
acpi0: <ALASKA A M I >
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^SPI1.SPFD.CVFD (20201113/dspkginit-605)
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^SPI1.SPFD.CVFD (20201113/dspkginit-605)
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^XHCI.RHUB.HS04.VI2C (20201113/dspkginit-605)
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^XHCI.RHUB.HS04.VI2C (20201113/dspkginit-605)
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 19200000 Hz quality 950
Event timer "HPET" frequency 19200000 Hz quality 550
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x3000-0x303f mem 0x6000000000-0x6000ffffff,0x4000000000-0x400fffffff irq 16 at device 2.0 on pci0
vgapci0: Boot video device
pcib1: <ACPI PCI-PCI bridge> irq 19 at device 6.0 on pci0
pci1: <ACPI PCI bus> on pcib1
nvme0: <Generic NVMe Device> mem 0x51600000-0x51603fff,0x51604000-0x516040ff irq 16 at device 0.0 on pci1
xhci0: <Intel Tiger Lake-LP Thunderbolt 4 USB controller> mem 0x6001110000-0x600111ffff at device 13.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
xhci1: <Intel Tiger Lake-LP USB 3.2 controller> mem 0x6001100000-0x600110ffff irq 16 at device 20.0 on pci0
xhci1: 32 bytes context size, 64-bit DMA
usbus1 on xhci1
usbus1: 5.0Gbps Super Speed USB v3.0
pci0: <memory, RAM> at device 20.2 (no driver attached)
pci0: <simple comms> at device 22.0 (no driver attached)
ahci0: <AHCI SATA controller> port 0x3090-0x3097,0x3080-0x3083,0x3060-0x307f mem 0x51700000-0x51701fff,0x51703000-0x517030ff,0x51702000-0x517027ff irq 16 at device 23.0 on pci0
ahci0: AHCI v1.31 with 2 6Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 16 at device 0.0 on pci2
pci3: <ACPI PCI bus> on pcib3
pcib4: <PCI-PCI bridge> irq 19 at device 3.0 on pci3
pci4: <PCI bus> on pcib4
igc0: <Intel(R) Ethernet Controller I226-V> mem 0x51400000-0x514fffff,0x51500000-0x51503fff irq 19 at device 0.0 on pci4
igc0: Using 1024 TX descriptors and 1024 RX descriptors
igc0: Using 4 RX queues 4 TX queues
igc0: Using MSI-X interrupts with 5 vectors
igc0: Ethernet address: 00:90:27:e8:33:1f
igc0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <PCI-PCI bridge> irq 19 at device 7.0 on pci3
pci5: <PCI bus> on pcib5
pcib6: <ACPI PCI-PCI bridge> irq 17 at device 28.5 on pci0
pci6: <ACPI PCI bus> on pcib6
igc1: <Intel(R) Ethernet Controller I226-V> mem 0x51100000-0x511fffff,0x51200000-0x51203fff irq 17 at device 0.0 on pci6
igc1: Using 1024 TX descriptors and 1024 RX descriptors
igc1: Using 4 RX queues 4 TX queues
igc1: Using MSI-X interrupts with 5 vectors
igc1: Ethernet address: 00:90:27:e8:33:20
igc1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib7: <ACPI PCI-PCI bridge> irq 18 at device 28.6 on pci0
pci7: <ACPI PCI bus> on pcib7
igc2: <Intel(R) Ethernet Controller I226-V> mem 0x50e00000-0x50efffff,0x50f00000-0x50f03fff irq 18 at device 0.0 on pci7
igc2: Using 1024 TX descriptors and 1024 RX descriptors
igc2: Using 4 RX queues 4 TX queues
igc2: Using MSI-X interrupts with 5 vectors
igc2: Ethernet address: 00:90:27:e8:33:21
igc2: netmap queues/slots: TX 4/1024, RX 4/1024
pcib8: <ACPI PCI-PCI bridge> irq 19 at device 28.7 on pci0
pci8: <ACPI PCI bus> on pcib8
igc3: <Intel(R) Ethernet Controller I226-V> mem 0x50b00000-0x50bfffff,0x50c00000-0x50c03fff irq 19 at device 0.0 on pci8
igc3: Using 1024 TX descriptors and 1024 RX descriptors
igc3: Using 4 RX queues 4 TX queues
igc3: Using MSI-X interrupts with 5 vectors
igc3: Ethernet address: 00:90:27:e8:33:22
igc3: netmap queues/slots: TX 4/1024, RX 4/1024
pcib9: <ACPI PCI-PCI bridge> irq 16 at device 29.0 on pci0
pci9: <ACPI PCI bus> on pcib9
igc4: <Intel(R) Ethernet Controller I226-V> mem 0x50800000-0x508fffff,0x50900000-0x50903fff irq 16 at device 0.0 on pci9
igc4: Using 1024 TX descriptors and 1024 RX descriptors
igc4: Using 4 RX queues 4 TX queues
igc4: Using MSI-X interrupts with 5 vectors
igc4: Ethernet address: 00:90:27:e8:33:23
igc4: netmap queues/slots: TX 4/1024, RX 4/1024
pcib10: <ACPI PCI-PCI bridge> irq 17 at device 29.1 on pci0
pci10: <ACPI PCI bus> on pcib10
igc5: <Intel(R) Ethernet Controller I226-V> mem 0x50500000-0x505fffff,0x50600000-0x50603fff irq 17 at device 0.0 on pci10
igc5: Using 1024 TX descriptors and 1024 RX descriptors
igc5: Using 4 RX queues 4 TX queues
igc5: Using MSI-X interrupts with 5 vectors
igc5: Ethernet address: 00:90:27:e8:33:24
igc5: netmap queues/slots: TX 4/1024, RX 4/1024
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
hdac0: <Intel Tiger Lake HDA Controller> mem 0x6001128000-0x600112bfff,0x6001000000-0x60010fffff irq 16 at device 31.3 on pci0
pci0: <serial bus> at device 31.5 (no driver attached)
acpi_button0: <Sleep Button> on acpi0
acpi_button1: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
acpi_syscontainer0: <System Container> on acpi0
acpi_syscontainer1: <System Container> on acpi0
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3
hwpstate_intel4: <Intel Speed Shift> on cpu4
hwpstate_intel5: <Intel Speed Shift> on cpu5
hwpstate_intel6: <Intel Speed Shift> on cpu6
hwpstate_intel7: <Intel Speed Shift> on cpu7
Timecounter "TSC-low" frequency 1401613928 Hz quality 1000
Timecounters tick every 1.000 msec
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
ugen0.1: <Intel XHCI root HUB> at usbus0
ugen1.1: <Intel XHCI root HUB> at usbus1
uhub0 on usbus0
uhub0: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
uhub1 on usbus1
uhub1: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus1
nvme0: Allocated 200MB host memory buffer
nvd0: <WD Blue SN570 1TB> NVMe namespace
nvme0: async event occurred (type 0x1, info 0x01, page 0x02)
nvd0: 953869MB (1953525168 512 byte sectors)
hdacc0: <Intel Tiger Lake HDA CODEC> at cad 2 on hdac0
hdaa0: <Intel Tiger Lake Audio Function Group> at nid 1 on hdacc0
nvme0: temperature above threshold
pcm0: <Intel Tiger Lake (HDMI/DP 8ch)> at nid 4 on hdaa0
Trying to mount root from zfs:zroot/ROOT/default []...
uhub0: 5 ports with 5 removable, self powered
uhub1: 16 ports with 16 removable, self powered
ugen1.2: <Telink Wireless Receiver> at usbus1
ukbd0 on uhub1
ukbd0: <Telink Wireless Receiver, class 0/0, rev 1.10/1.04, addr 1> on usbus1
kbd2 at ukbd0
igc0: link state changed to UP
igc1: link state changed to UP
ichsmb0: <Intel Tiger Lake SMBus controller> port 0xefa0-0xefbf mem 0x6001130000-0x60011300ff irq 16 at device 31.4 on pci0
smbus0: <System Management Bus> on ichsmb0
acpi_wmi0: <ACPI-WMI mapping> on acpi0
acpi_wmi0: cannot find EC device
acpi_wmi0: Embedded MOF found
ACPI: \134_SB.WFDE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20201113/nsarguments-361)
acpi_wmi1: <ACPI-WMI mapping> on acpi0
acpi_wmi1: cannot find EC device
acpi_wmi1: Embedded MOF found
ACPI: \134_SB.WFTE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20201113/nsarguments-361)
ums0 on uhub1
ums0: <Telink Wireless Receiver, class 0/0, rev 1.10/1.04, addr 1> on usbus1
ums0: 5 buttons and [XYZ] coordinates ID=1
lo0: link state changed to UP
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
pflog0: permanently promiscuous mode enabled
igc1: link state changed to DOWN
vlan0: changing name to 'vlan01'
vlan1: changing name to 'vlan02'
vlan2: changing name to 'vlan04'
vlan3: changing name to 'vlan040'
vlan4: changing name to 'vlan05'
vlan5: changing name to 'vlan06'
vlan6: changing name to 'vlan07'
vlan7: changing name to 'vlan08'
vlan8: changing name to 'vlan09'
[fib_algo] inet.0 (bsearch4#16) rebuild_fd_flm: switching algo to radix4_lockless
igc0: link state changed to DOWN
igc1: link state changed to UP
vlan09: link state changed to UP
vlan08: link state changed to UP
vlan01: link state changed to UP
vlan040: link state changed to UP
vlan04: link state changed to UP
vlan02: link state changed to UP
igc0: link state changed to UP
WARNING: attempt to domain_add(netgraph) after domainfinalize()
935.338437 [1173] generic_netmap_attach Emulated adapter for vlan09 created (prev was NULL)
935.338458 [1078] generic_netmap_dtor Emulated netmap adapter for vlan09 destroyed
935.338546 [1173] generic_netmap_attach Emulated adapter for vlan09 created (prev was NULL)
935.666059 [ 321] generic_netmap_register Emulated adapter for vlan09 activated
935.666146 [ 851] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
935.666274 [ 851] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
935.801747 [1173] generic_netmap_attach Emulated adapter for vlan040 created (prev was NULL)
935.801766 [1078] generic_netmap_dtor Emulated netmap adapter for vlan040 destroyed
935.801857 [1173] generic_netmap_attach Emulated adapter for vlan040 created (prev was NULL)
935.801954 [ 321] generic_netmap_register Emulated adapter for vlan040 activated
935.808541 [1173] generic_netmap_attach Emulated adapter for vlan05 created (prev was NULL)
935.808562 [1078] generic_netmap_dtor Emulated netmap adapter for vlan05 destroyed
935.808651 [1173] generic_netmap_attach Emulated adapter for vlan05 created (prev was NULL)
935.808737 [ 321] generic_netmap_register Emulated adapter for vlan05 activated
935.813452 [1173] generic_netmap_attach Emulated adapter for vlan07 created (prev was NULL)
935.813470 [1078] generic_netmap_dtor Emulated netmap adapter for vlan07 destroyed
935.813558 [1173] generic_netmap_attach Emulated adapter for vlan07 created (prev was NULL)
935.813648 [ 321] generic_netmap_register Emulated adapter for vlan07 activated
935.820242 [ 851] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
935.820332 [ 851] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
935.958708 [1173] generic_netmap_attach Emulated adapter for vlan06 created (prev was NULL)
935.958728 [1078] generic_netmap_dtor Emulated netmap adapter for vlan06 destroyed
935.958821 [1173] generic_netmap_attach Emulated adapter for vlan06 created (prev was NULL)
935.958918 [ 321] generic_netmap_register Emulated adapter for vlan06 activated
935.963221 [1173] generic_netmap_attach Emulated adapter for vlan02 created (prev was NULL)
935.963241 [1078] generic_netmap_dtor Emulated netmap adapter for vlan02 destroyed
935.963332 [1173] generic_netmap_attach Emulated adapter for vlan02 created (prev was NULL)
935.963427 [ 321] generic_netmap_register Emulated adapter for vlan02 activated
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
igc0: promiscuous mode enabled
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp1: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp0: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp0: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp1: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp5: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp6: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp7: critical temperature detected, suggest system shutdown
coretemp3: critical temperature detected, suggest system shutdown
coretemp0: critical temperature detected, suggest system shutdown
959.843286 [ 296] generic_netmap_unregister Emulated adapter for vlan06 deactivated
959.847697 [1078] generic_netmap_dtor Emulated netmap adapter for vlan06 destroyed
959.849756 [ 296] generic_netmap_unregister Emulated adapter for vlan040 deactivated
959.849818 [1078] generic_netmap_dtor Emulated netmap adapter for vlan040 destroyed
959.954261 [ 296] generic_netmap_unregister Emulated adapter for vlan05 deactivated
959.954313 [1078] generic_netmap_dtor Emulated netmap adapter for vlan05 destroyed
959.956177 [ 296] generic_netmap_unregister Emulated adapter for vlan07 deactivated
959.956235 [1078] generic_netmap_dtor Emulated netmap adapter for vlan07 destroyed
959.958255 [ 296] generic_netmap_unregister Emulated adapter for vlan02 deactivated
959.958321 [1078] generic_netmap_dtor Emulated netmap adapter for vlan02 destroyed
959.960420 [ 296] generic_netmap_unregister Emulated adapter for vlan09 deactivated
959.961771 [1078] generic_netmap_dtor Emulated netmap adapter for vlan09 destroyed
igc0: promiscuous mode disabled
Waiting (max 60 seconds) for system process `vnlru' to stop... done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining... 2 0 0 0 0 0 done
All buffers synced.
Uptime: 20h34m46s
ACPI APIC Table: <ALASKA A M I >
FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-119
Launching APs: 1 3 2 7 6 5 4
random: entropy device external interface
wlan: mac acl policy registered
kbd1 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 14.0.
efirtc0: <EFI Realtime Clock>
efirtc0: registered as a time-of-day clock, resolution 1.000000s
smbios0: <System Management BIOS> at iomem 0x43ca5000-0x43ca501e
smbios0: Version: 3.3, BCD Revision: 3.3
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>
acpi0: <ALASKA A M I >
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^SPI1.SPFD.CVFD (20201113/dspkginit-605)
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^SPI1.SPFD.CVFD (20201113/dspkginit-605)
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^XHCI.RHUB.HS04.VI2C (20201113/dspkginit-605)
ACPI Error: AE_NOT_FOUND, While resolving a named reference package element - ^XHCI.RHUB.HS04.VI2C (20201113/dspkginit-605)
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 19200000 Hz quality 950
Event timer "HPET" frequency 19200000 Hz quality 550
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x3000-0x303f mem 0x6000000000-0x6000ffffff,0x4000000000-0x400fffffff irq 16 at device 2.0 on pci0
vgapci0: Boot video device
pcib1: <ACPI PCI-PCI bridge> irq 19 at device 6.0 on pci0
pci1: <ACPI PCI bus> on pcib1
nvme0: <Generic NVMe Device> mem 0x51600000-0x51603fff,0x51604000-0x516040ff irq 16 at device 0.0 on pci1
xhci0: <Intel Tiger Lake-LP Thunderbolt 4 USB controller> mem 0x6001110000-0x600111ffff at device 13.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
xhci1: <Intel Tiger Lake-LP USB 3.2 controller> mem 0x6001100000-0x600110ffff irq 16 at device 20.0 on pci0
xhci1: 32 bytes context size, 64-bit DMA
usbus1 on xhci1
usbus1: 5.0Gbps Super Speed USB v3.0
pci0: <memory, RAM> at device 20.2 (no driver attached)
pci0: <simple comms> at device 22.0 (no driver attached)
ahci0: <AHCI SATA controller> port 0x3090-0x3097,0x3080-0x3083,0x3060-0x307f mem 0x51700000-0x51701fff,0x51703000-0x517030ff,0x51702000-0x517027ff irq 16 at device 23.0 on pci0
ahci0: AHCI v1.31 with 2 6Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 16 at device 0.0 on pci2
pci3: <ACPI PCI bus> on pcib3
pcib4: <PCI-PCI bridge> irq 19 at device 3.0 on pci3
pci4: <PCI bus> on pcib4
igc0: <Intel(R) Ethernet Controller I226-V> mem 0x51400000-0x514fffff,0x51500000-0x51503fff irq 19 at device 0.0 on pci4
igc0: Using 1024 TX descriptors and 1024 RX descriptors
igc0: Using 4 RX queues 4 TX queues
igc0: Using MSI-X interrupts with 5 vectors
igc0: Ethernet address: 00:90:27:e8:33:1f
igc0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <PCI-PCI bridge> irq 19 at device 7.0 on pci3
pci5: <PCI bus> on pcib5
pcib6: <ACPI PCI-PCI bridge> irq 17 at device 28.5 on pci0
pci6: <ACPI PCI bus> on pcib6
igc1: <Intel(R) Ethernet Controller I226-V> mem 0x51100000-0x511fffff,0x51200000-0x51203fff irq 17 at device 0.0 on pci6
igc1: Using 1024 TX descriptors and 1024 RX descriptors
igc1: Using 4 RX queues 4 TX queues
igc1: Using MSI-X interrupts with 5 vectors
igc1: Ethernet address: 00:90:27:e8:33:20
igc1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib7: <ACPI PCI-PCI bridge> irq 18 at device 28.6 on pci0
pci7: <ACPI PCI bus> on pcib7
igc2: <Intel(R) Ethernet Controller I226-V> mem 0x50e00000-0x50efffff,0x50f00000-0x50f03fff irq 18 at device 0.0 on pci7
igc2: Using 1024 TX descriptors and 1024 RX descriptors
igc2: Using 4 RX queues 4 TX queues
igc2: Using MSI-X interrupts with 5 vectors
igc2: Ethernet address: 00:90:27:e8:33:21
igc2: netmap queues/slots: TX 4/1024, RX 4/1024
pcib8: <ACPI PCI-PCI bridge> irq 19 at device 28.7 on pci0
pci8: <ACPI PCI bus> on pcib8
igc3: <Intel(R) Ethernet Controller I226-V> mem 0x50b00000-0x50bfffff,0x50c00000-0x50c03fff irq 19 at device 0.0 on pci8
igc3: Using 1024 TX descriptors and 1024 RX descriptors
igc3: Using 4 RX queues 4 TX queues
igc3: Using MSI-X interrupts with 5 vectors
igc3: Ethernet address: 00:90:27:e8:33:22
igc3: netmap queues/slots: TX 4/1024, RX 4/1024
pcib9: <ACPI PCI-PCI bridge> irq 16 at device 29.0 on pci0
pci9: <ACPI PCI bus> on pcib9
igc4: <Intel(R) Ethernet Controller I226-V> mem 0x50800000-0x508fffff,0x50900000-0x50903fff irq 16 at device 0.0 on pci9
igc4: Using 1024 TX descriptors and 1024 RX descriptors
igc4: Using 4 RX queues 4 TX queues
igc4: Using MSI-X interrupts with 5 vectors
igc4: Ethernet address: 00:90:27:e8:33:23
igc4: netmap queues/slots: TX 4/1024, RX 4/1024
pcib10: <ACPI PCI-PCI bridge> irq 17 at device 29.1 on pci0
pci10: <ACPI PCI bus> on pcib10
igc5: <Intel(R) Ethernet Controller I226-V> mem 0x50500000-0x505fffff,0x50600000-0x50603fff irq 17 at device 0.0 on pci10
igc5: Using 1024 TX descriptors and 1024 RX descriptors
igc5: Using 4 RX queues 4 TX queues
igc5: Using MSI-X interrupts with 5 vectors
igc5: Ethernet address: 00:90:27:e8:33:24
igc5: netmap queues/slots: TX 4/1024, RX 4/1024
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
hdac0: <Intel Tiger Lake HDA Controller> mem 0x6001128000-0x600112bfff,0x6001000000-0x60010fffff irq 16 at device 31.3 on pci0
pci0: <serial bus> at device 31.5 (no driver attached)
acpi_button0: <Sleep Button> on acpi0
acpi_button1: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
acpi_syscontainer0: <System Container> on acpi0
acpi_syscontainer1: <System Container> on acpi0
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3
hwpstate_intel4: <Intel Speed Shift> on cpu4
hwpstate_intel5: <Intel Speed Shift> on cpu5
hwpstate_intel6: <Intel Speed Shift> on cpu6
hwpstate_intel7: <Intel Speed Shift> on cpu7
Timecounter "TSC-low" frequency 1401614042 Hz quality 1000
Timecounters tick every 1.000 msec
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
Anyone else experiencing an increase in core temps after the upgrade?
-
Upgraded yesterday and I must say: superb job! I've been up almost 24 hours and it's smooth sailing so far.
-
> [09-Aug-2023 12:27:09 Etc/UTC] Error: Call to undefined function lock() in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc:158
Stack trace:
Ah great now we will have to deal with supporting dead plugins for an indefinite amount of time. This is truly horrible even after removal.
EDIT: this should bring it back for you for now:
# opnsense-patch 7333f37ed0 1130442142
Cheers,
Franco
-
This update kills all my WireGuard tunnels on startup.
I have to disable and re-enable my WireGuard gateways every time I reboot to get them working again.
Any ideas on a fix or is this a new bug?
Previous version 23.1.11 worked perfectly.
Edit:
So, I can get everything working again just by disabling the WireGuard plugin for a few seconds and re-enabling it.
Did the startup order just change and WireGuard starts too quickly now before it can make a connection?
Is there a way to delay WireGuard from starting by like 10-15 seconds? I think that may fix it.
WireGuard is still broken for me after the 23.7.1 update. Everything else is fine, but all the WireGuard tunnels are down when OPNSense first starts up. I need to disable the WG plugin and re-enable it for the tunnels to reconnect and start working again. It's a minor inconvenience, but it would be nice if this bug could be fixed. Please.
Sounds like wireguard is starting before dns works and you use fqdn as peers?
Thanks for your input, but I don't use domains or dns for my WireGuard setup. They are all strictly IP based.
It definitely seems like WireGuard is starting too early though, just not dns.
Any idea on how I can delay WireGuard startup by 15-30 seconds?
Appreciate anyone who can help.
@franco any chance you can look into this bug? I've been using OPNSense for years and this weird thing just started with the 23.7 update. I know it could be the WireGuard plugin and not OPNSense itself, but I'd appreciate your input as well.
Thanks.
-
Since you mentioned the keyword "gateways" check if this patch works or you.
https://forum.opnsense.org/index.php?topic=35363.0 (https://forum.opnsense.org/index.php?topic=35363.0)
If not it would be best to open a ticket on Github and be more specific - otherwise to all that you said in this thread I can answer with "Nope, works fine here on multiple firewalls" - so clearly there's something else in your particular setup that hasn't surfaced yet.
-
nm.
-
OK. So, I rebuilt my OPNsense from scratch and switched over to ZFS.
on 23.7 version I saw no issues with the Surricata running in IPS mode.
edit: I meant 23.1.11 ... I seem to have this issue with Suricata on WAN interface even after 23.7.6.
-
Update seemed to relatively smooth. It did get stuck the first time I was able to log back into the web UI with a message that the router was still booting up, tho it did report traffic, some services were not running (tho I was able to start them manually), and was not able to access the repos (reported no internet connection). I nervously rebooted, and everything came back up perfectly, including VPN clients.