Sorry if this is a stupid question, but if I try to update my 19.7.10 in the OPNsense software, hitting the "check for updates" there is no updates available, but I can see that 20.1 is out now?
Is it not possible to update via update in OPNSense with this version?
Quote from: https://forum.opnsense.org/index.php?topic=15631.0
Remember that when 20.1 is available it will take up to a day before we release the hotfix with the major upgrade path enabled. Please be patient as we simply want to ensure that upgrades will not be bumpy affair.
iam <3
It will probably take just a one or two more hours. We would like to test so you don't have to. ;)
Cheers,
Franco
Is it recommended to do a fresh install of 20.1 (and restore our settings) or will the update via GUI be fine?
Update via GUI should be fine. I've just updated a PCEngines APU and a APU2 and haven't observed any issues so far. Contrariwise on the APU2 I reach the full download speed (300Mbit/s, PPPoE) now although the upgrade to HardenedBSD 12.1 was skipped :)
for i386 version everything is fine, updated from console.
Thank opnsense team for smooth upgrade.
I feel stupid asking this question. For those that upgraded, are you switching to development or leaving it as production in the settings? I'm not seeing the upgrade unless I switch to development.
Update: I figured it out.
mine is downloading to long, based on the download graph not much is being downloaded...
or maybe the download is slow since everyone is downloading...
its been running for more than 2 hours downloading...
I am having probably the same issue as @tong2x: upgrading a 4GB storage system in-place from the web GUI is not possible as it fills up the whole storage (about 110% in my case) and then freaks out. (It was working for the major upgrades before.)
I am trying to investigate this issue further, will get back if I found something.
--update--
CLI manual upgrade with opnsense-update -sn "20.1\/latest" works as intended.
I fresh installed 20.1 on my pc. I downloaded the img from the download page.
I'm new Opnsense and have a question, what is a "Production Series"? Is this not meant for regular home users?
I looked but could not find the answer.
Quote from: szty0pa on January 31, 2020, 10:03:52 AM
--update--
CLI manual upgrade with opnsense-update -sn "20.1\/latest" works as intended.
This will break on major upgrades that require a new kernel and base system that is incompatible with older version. You don't have enough space to upgrade. The sanest approach is to abort until enough free space has been made available.
meazz1: "production" means ready for production environments and our older versions are out of support / have no more updates.
Cheers,
Franco
"Production series" is meant to be stable enough to be used under production conditions. The nightly builts are experimental... ;-)
Thanks guys, I just updated to 20.1 and it went smooth :-)
Upgraded my installation without any problems so far.
Thx guys for your great work!
Quote from: franco on January 31, 2020, 02:48:41 PM
This will break on major upgrades that require a new kernel and base system that is incompatible with older version. You don't have enough space to upgrade. The sanest approach is to abort until enough free space has been made available.
Hi Franco,
Sadly on a 4GB system I am roughly 62% full constantly (OPNSense takes up 1.9GB of the usable 3.4GB), that does not really change over time (I have /tmp and /var as ramdisks).
During this update something went sideways for me from the GUI: the files in /root/var/cache/opnsense-update took up roughly 1.2GB according to 'du -chP'! (Which was all the space I had then.) I used the RageNetwork mirror to update on two separate instances simultaneously, they both run into the same wall. (Checking out the mirror now I see the kernel+base+packages sets should not have taken up more than 670ish MB! Could it have been a download issue the files not receiving an EOF and curl/wget not checking/enforcing file sizes?)
Would that be a viable option for systems with smaller storage to only update the kernel and base in the first round, and only then the packages using 'pkg update' instead of extracting them from the 560ish MB packages-*.tar archive to mitigate storage limitation?
Previous major upgrades went smoothly for me on these boxes for the last ~three years, and as I see the kernel+base+packages sets size was mostly the same, I was using a different mirror though(!), so that might have been the issue this time, and everything is working as intended.
UPDATE:
I tried to revert and update again one of the firewalls. This time it went smoothly using the Dutch OPNSense mirror. So the issue might have been a one off download error, anyway I will be using the official Dutch mirror from now on.
Upgraded two boxes and everything is OK.
The two boxes are virtualized with VMWare ESXi 6.0.
One more to come soon...
Thank you Franco and team for the great work.
@szty0pa: if the opnsense-update cache is not empty it points to previous bad upgrade attempts /stale downloads indeed. The easiest way to clear the cache is:
# opnsense-update -e
Cheers,
Franco
Hello together,
Great Job.
There was no problems during upgrade on my Alix APU System.
Everthing is running correct directly after upgrade.
Thanks a lot.
Cheers Robert
Worked perfectly on PC Engines APU.1D4
Thanks a lot. :D
All looking good here, took around 80 minutes to upgrade on my HP T610
Thanks to all involved.
Hi there
Upgrade runs fine on Supermicro X11SBA-LN4F.
Perfect! Thanks to all who made this happen again!
Br br
upgrade on a ZOTOC zbox CI323 also worked very fine a few hours ago!
a big thanks to the developers!
@franco: Thanks!
Upgraded via the GUI on a Fitlet2. No problems.
Upgraded via GUI on an HP Slimline 290 Celeron G4900 (Coffee Lake 3.10Ghz, 2 cores), no problems at all.
The upgrade went great! Thank You OpnSense for a very smooth upgrade!
The only thing that I noticed regarding the upgrade is that the Plugins I have installed all say "orphaned" and there isn't a list with uninstalled plugins on the Plugins page.
Check for updates should fix that as there no local package database right after upgrade.
Cheers,
Franco
The upgrade to 20.1 went smoothly. A big thanks to the OPNsense team.
miroco
I'm unable to update from 19.7.10 to 20.1
I used commands with results:
root@GW_FW:~ # opnsense-update -e
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
pkg-static: No trusted public keys found
repository OPNsense has no meta file, using default settings
Fetching packagesite.txz: 100% 177 KiB 181.6kB/s 00:01
pkg-static: No trusted public keys found
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Error updating repositories!
I tried more installation sources from GUI for example default, Amsterdam, Deciso with the same result.
I have OpenSSL variant - production release channel.
This command opnsense-update -sn "20.1\/latest" ran over two hours, without result. Any help please?
Quote from: franco on February 06, 2020, 01:08:47 PM
Check for updates should fix that as there no local package database right after upgrade.
Cheers,
Franco
I tried checking for updates and it didn't fix the problem.
I also noticed things in the logs when I did the upgrade:
2020-02-05T17:02:54 kernel: pkg-static: Repository OPNsense cannot be opened. 'pkg update' required
2020-02-05T17:02:54 kernel: pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
2020-02-05T17:02:54 pkg-static: opnsense upgraded: 19.7.10_1 -> 20.1
2020-02-05T17:02:38 pkg-static: os-api-backup reinstalled: 1.0 -> 1.0
2020-02-05T17:02:37 pkg-static: os-clamav reinstalled: 1.7 -> 1.7
2020-02-05T17:02:35 pkg-static: os-dyndns upgraded: 1.18_1 -> 1.19
2020-02-05T17:02:33 pkg-static: os-etpro-telemetry reinstalled: 1.4_1 -> 1.4_1
2020-02-05T17:02:31 pkg-static: os-maltrail reinstalled: 1.3 -> 1.3
2020-02-05T17:02:29 pkg-static: os-netdata reinstalled: 1.0 -> 1.0
2020-02-05T17:02:27 pkg-static: os-nut reinstalled: 1.6_2 -> 1.6_2
2020-02-05T17:02:25 pkg-static: os-smart reinstalled: 2.1 -> 2.1
2020-02-05T17:02:22 pkg-static: os-theme-rebellion reinstalled: 1.8.3 -> 1.8.3
2020-02-05T17:02:21 pkg-static: os-wol reinstalled: 2.2 -> 2.2
2020-02-05T17:02:21 kernel: pkg-static: POST-INSTALL script failed
2020-02-05T17:02:21 kernel: pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
2020-02-05T16:48:33 pkg-static: libuv upgraded: 1.34.0 -> 1.34.1
2020-02-05T16:48:33 pkg-static: opnsense upgraded: 19.7.9_1 -> 19.7.10_1
2020-02-05T16:48:20 pkg-static: os-theme-rebellion upgraded: 1.8.2 -> 1.8.3
2020-02-05T16:48:20 pkg-static: py27-setuptools upgraded: 41.4.0_1 -> 44.0.0
2020-02-05T16:48:19 pkg-static: isc-dhcp44-relay upgraded: 4.4.1 -> 4.4.2
2020-02-05T16:48:19 pkg-static: isc-dhcp44-server upgraded: 4.4.1_4 -> 4.4.2
2020-02-05T16:48:19 pkg-static: strongswan upgraded: 5.8.2 -> 5.8.2_1
2020-02-05T16:48:18 pkg-static: wpa_supplicant reinstalled: 2.9 -> 2.9
2020-02-05T16:48:17 pkg-static: curl upgraded: 7.67.0 -> 7.68.0
2020-02-05T16:48:16 pkg-static: e2fsprogs-libuuid upgraded: 1.45.4 -> 1.45.5
2020-02-05T16:48:16 pkg-static: liblz4 upgraded: 1.9.2,1 -> 1.9.2_1,1
2020-02-05T16:48:16 pkg-static: py37-urllib3 upgraded: 1.25.6,1 -> 1.25.7,1
2020-02-05T16:48:15 pkg-static: ca_root_nss upgraded: 3.48 -> 3.49.1
2020-02-05T16:48:15 pkg-static: cyrus-sasl upgraded: 2.1.27 -> 2.1.27_1
2020-02-05T16:48:14 pkg-static: py37-six upgraded: 1.12.0 -> 1.13.0
2020-02-05T16:48:14 pkg-static: py37-setuptools upgraded: 41.4.0_1 -> 44.0.0
Migration from 19.7 to 20.1 went smooth on a Proxmox VM with VirtIO adapter, configured with:
1 LTE and 1 ADSL with failover/fallback
1 OpenVPN to another 19.7 Opnsense machine
1 LAN with Unbound DNS
Thank you again for this very good firewall.
Massimo
Upgrade from 19.7.10 to 20.1.1 works without any problem on a Lexcom 3I525 with 8GB Cf Card (Nano-Image).
Time for the upgrade 40 min.
***GOT REQUEST TO UPGRADE: maj***
Fetching packages-20.1-LibreSSL-amd64.tar: ............................... failed, no signature found
***DONE***
So this is all I get when I unlock and upgrade... and that's it.. just DONE..
??
Show us your firmware mirror settings then.
Cheers,
Franco
I just updated my Deciso DEC600 and faced a serious issue.
TL;DR:
Everything went smooth except for the unit powered off, instead of rebooting. Thats can lead to serious downtime on remote sites.
Full version:
I received my DEC600 with 19.7 pre-installed. I made all available package-Updates and then unlocked the 20.1 Update via the GUI. I then started the update via the GUI.
It installed the kernel and told me it was going down for reboot.
But it never came back. When I looked at it, the PWR-LED was off. So I left it some time (about 30min) as I was expecting it to power on by itself.
After that time period I got a bit nervous and pulled the power cord and put it back in. It booted and continued the update without any further issues and now is running 20.1
Luckily the unit was not shipped to it's site and sitting on my desk.
I also have a DEC610 sitting about 200km away, running 19.7. Any hints on how to upgrade this unit without facing this issue?
I also want to mention that this is my first and only issue with OPNSense, everything else went totally fine and I really appreciate your efforts.
Hi,
> Everything went smooth except for the unit powered off, instead of rebooting. Thats can lead to serious downtime on remote sites.
This may be a hardware or BIOS issue. We do always reboot from a software perspective.
Cheers,
Franco
Hello franco,
thank you for your quick reply. Any hints on how tu investigate/circumvent this issue on a Deciso DEC600/DEC610.
I purchased this units as I was expecting to have the least trouble with OPNSense.
Is there an option to upgrade the BIOS on this machines?
regards
Matthias
Edit:
Maybe the issue is related to that of moware, referenced in another thread:
https://forum.opnsense.org/index.php?topic=13749.msg63309
Hi Matthias,
I can't tell, sorry. Should have directly suggested to contact Deciso with these questions: contact@deciso.com
Cheers,
Franco
Hello Franco,
thank you very much. I did as you recommended and wrote an Email to Deciso.
I was in belive that Deciso and OPNSense are related. If thats not the case, are there any appliances OPNSense is heavily tested with? Something like the reference-OPNSense-Hardware?
regards
Matthias
Hi Matthias,
We can't support hardware through open source channels and so we always recommend using proper business channels to manufacturer / reseller.
From personal experience I know this issue from various operating systems on different hardware (never VMs).
Cheers,
Franco
I was on NYCBug before; no dice. Then I switched to "default" and let it pick; no dice. I picked Amsterdam, still no dice.
I've tried multiple mirrors.. I'd like to stick to LibreSSL if possible without defaulting to OpenSSL.
Any help appreciated. Thx
Quote from: franco on February 17, 2020, 11:02:17 AM
Show us your firmware mirror settings then.
Cheers,
Franco
Tried the SF mirror; same thing. No joy.
Super frustrated..
Hello,
Quick question...
Can I do a new install of v20.x on a new i386 box and then restore the config from a 19.x install from a nano build?
Or do I need to upgrade the nano build first to v20.x and then do the new install and restore from the nano v20.x build?
@twoblink: does your WAN have IPv6 enabled? It's probably defunct so better disable IPv6 configuration. System: Settings: General may also work when setting "Prefer IPv4".
@simpic: either way works :)
Cheers,
Franco
Thanks Franco
Turned off ipv6 and it worked like a charm! Thank you Franco! I think this also got rid of intermittent lag...
Quote from: franco on February 18, 2020, 10:07:12 AM
@twoblink: does your WAN have IPv6 enabled? It's probably defunct so better disable IPv6 configuration. System: Settings: General may also work when setting "Prefer IPv4".
@simpic: either way works :)
Cheers,
Franco
Quote from: simpic on February 18, 2020, 04:38:19 AM
Hello,
Quick question...
Can I do a new install of v20.x on a new i386 box and then restore the config from a 19.x install from a nano build?
Or do I need to upgrade the nano build first to v20.x and then do the new install and restore from the nano v20.x build?
Upgrade complete.
Small note, had to manually edit the backup xml to the new network interface names.
Hi all,
I just upgraded from the latest version of 19.7 to 20.1 but ran into issues. I'm posting as it took me a good two hours to figure out and maybe it'll help someone.
I have OPNsense running in VMware 6.7. I was upgrading from the GUI but my upgrade failed. I tried multiple times, I even tried a fresh 19.7 install and uploaded my older config before trying again. I could see via the console that the upgrade to 20.1 completed but it would try to boot then get caught in an infinite loop.
It turns out I had the 19.7 ISO mounted to my virtual CDROM drive in VMware. As soon as I removed the ISO and tried the upgrade again, it succeeded. What's weird was that the boot order for the CDROM was after the HDD but it still caused an issue. Lesson learned!