Messages

I've upgraded APU4D4 without any issue.

Can you post the healthcheck results before attempting the upgrade ?

What is the output of this command ?

Code Select Expand

pkg info |grep mongo

Logs seem full of these errors:
error in configd communication Traceback (most recent call last): File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ ConnectionResetError: [Errno 54] Connection reset by peer

This appears to be Zen resetting your connection for whatever reason

Logs seems to be full of errors relating to various processes failing or being killed too. See extract from log here: pastebin

I don't think pastebin indicates an issue, I would think it is more likely to be an artefact of the connectivity issue.

There's no problematic install, reinstallation was not needed here There's a pppoe / IPv6 issue that is apparent on Zen UK network with a known mitigation.

If Franco doesn't see this thread by Monday it is best to open an issue on Github opnsense/core and see what's the path forward here or if it stays as is with the known mitigation until Zen UK changes things on their end.

Virtualbox settings for OPNsense VM - on the bridged interface you'll have to allow Promiscuous Mode

pfctl -t tablename -T show

Ran this multiple times on 750 and other FWs - against the largest table I have - and can't get it to crash.

This is easier to do in Adguardhome, unbound can't help much with DoH.

Also, your devices with fixed DNS most likely can be maipulated, and even though they have DoH by default they must have a fallback to regular DNS.

My recommendation is this:

Install AdguardHome, whether directly on the FW or somewhere else.

Redirect regular TCP/UDP53 from any (v)lan to the port AGH is listening on.

From AGH, use the list that blocks DoH/DoT traffic.

Leave Unbound unchanged running on the FW. You'll be doing a redirect for all DNS traffic to AGH anyway, however in case you lose AGH sometime in the future, until you restore the service the FW would still be operational with unbound.


P.S. Use your chosen DoH,DoT,DoQ servers as upstream for AGH

Probably the fastest way to have this solved would be by installing FreeBSD 14.2 and report any issues to FreeBSD directly.

If the issue is resolved upstream we can confirm the required changes have been applied in the OPNsense kernel and then we can help you jump from OPNsense 24.7 to 25.1.


Working with the FreeBSD people - _if_ you get any traction on the ticket that is - would still be time consuming.

The best path forward would be to get rid of it on Ebay or similar, get a Topton/CWWK from Ali Express with a N100 CPU and Intel 226V 2.5Gbe NICs or a Dec 740/750 from Deciso, import your config and never look back.

Lastly, check reddit, it appears units from the same manufacturer have been shipped with faulty eMMCs for at least ~3 years ? You may be beating a dead or soon to be dead horse by trying to force a fix on these and other similar units

No such reports either here or on Github about 25.1.x

You can play it safe, take a snapshot. If not on ZFS and on bare metal this is a perfect opportunity to do a fresh install importing the config on the fly. (Have a copy of the config file nevertheless)

Log in with SSH, press 8 and post the output from this command

Code Select Expand

opnsense-update -pA 25.1

Extracting packages-25.1-amd64.tar... done
Please reboot.

An automatic reboot should have happened there, rebooting to the 25.1 kernel, installing the packages offline and rebooting one more time to 25.1.

For some reason your upgrade seems to have been interrupted and you have a mix of 24.7 and 25.1 packages.


Can you post the full output either from GUI or from SSH when checking for updates ?

Remove mimugmail repo and try without it, should not be required for what you have installed

And you confirmed OPNsense is with priority 4 ?

Edit /usr/local/etc/pkg/repos/OPNsense.conf and change OPNsense priority to 4, then check for updates again and you'll see 25.1