Hi All,
With the release of 16.7 we will use this forum post to keep you informed about issues that have been reported and fixes / workarounds.
[1] if IPS is not working, disable it temporarily or switch to IDS mode.
For intel cards there's a temporary fix available, we working on putting it into our standard release.
Please execute:
opnsense-update -khr 16.7-em
Then reboot, and after reboot enable IPS again.
[2] some people using imported configurations, experience missing interfaces in the firewall section.
This is caused by a different interpretation of the configuration data underneath it, a fix is simple.
* Save each missing interface configuration under Interfaces: [IF], apply and finally reboot
Stay safe,
Your OPNsense team
After the update is done, I can't get any options on my home lobby dashboard.
even I tried to re-add them they won't appear.
tried it with google chrome, IE, Edge,Firewall.... none of them has works.
I have empty the cookies, deleted the browse history , nothing helps
after I noticed there is no VMware tools installed,
installed VMware tools and rebooted the box.
et voila everything is back to normal .
Suricata still crashes for me when IPS mode is disabed.
Upgrade to OPNsense 17.1.a_19-i386 without problems so far.
Performed the latest upgrade from web interface and update froze
Checked the router and numerous write errors reported (using nano image)
Checked the media - fine; media reader was dead/killed
Fresh install of OPNsense-16.7-OpenSSL-nano-amd64.img
Prolonged pause still present at boot (flashing cursor for about 70secs then boot continues; detection pause NOT present with pfsense builds)
Set up VLANs via console; DHCP server working; DHCP addressed received on test computer
Test computer unable to access router via web or by ping
Restore to factory defaults
Set up VLANs through web interface
DHCP address received on test computer
Unable to access router via web or by ping
Restore to factory defaults
Restore configuration from config file
VLANs working, DHCP working, web/ping working
Update via web interface
Screen states updating but no text of packages being received/updating reported (blank report window)
Update via console
Update proceeds uneventfully and system fully updated
I've set up VLANs numerous times with OPNsense/pfsense and had no issues previously
I keep this opnsense unit updated regularly - this most recent update was a tedious process
After upgrading to 16.7 all the site-to-site VPNs from the router stopped working. The status does indicate that the tunnel is connected, however no traffic gets through. I had to replace the device with a backup device with 16.1.20. Is it possible to revert 16.7 to 16.1.20 and how? Or if you have any idea how to fix them on the 16.7 I would be grateful. I have Multi-WAN if it matters.
Hi Yordan,
Yes it matters. VPN does not skip your Multi-WAN policies anymore. You need to add them manually or exclude VPN traffic. From the notes:
"The Disable Negate rule on policy routing rules option is no longer available as automatic VPN skip rules for policy-based routing have been removed. If you want to skip your VPN, please add an explicit rule."
I think your IPSec traffic is redirected here when it shouldn't.
Cheers,
Franco
Thanks Franco. Can you tell me in which section I should create the rule and how it looks like? Do I need one for each IPsec tunnel?
Hi Yordan,
What this old stuff did was for each Mutli-WAN rule there was a "pass" exception generated for the VPN destinations so those won't be policy-routed.
I didn't work on this so I cannot say for sure, but I'd start with adding a pass rule for the desired IPSec networks (one rule per IPSec it seems or use an alias for all...) before each policy routing rule in the interface firewall rule tabs.
Cheers,
Franco
hi
i installed 16.7.1
and IDS theme is not loading ...
please put your commnet
tnx
hi
I have such a problem too.Just in IDS panel.(CSS doesn't load correctly)
We've had one report of this on a fresh install, but it was unsubstantial and fixed itself after the box/browser had access to the Internet.
Does this happen for the Proxy Server and Firmware Updates pages too?
thanks franco.
IDS and proxy server had problems and both of them are solved.But I didn't understand what the problem was and how it was solved???
We aren't sure either, but we'll keep looking out for this.
Is the IPS still a problem possibly with new installs? For me it seemed to be working at first but I needed to disable it for a while to overcome some issues, but I haven't been able to get it working again since no matter what I try. I posted a separate thread about it here (https://forum.opnsense.org/index.php?topic=3630.0).
I just got the 16.7.6 update and still can't keep Intrusion Detection alive. And it seems to have spread to RADVD so now I don't get my ipv6 announcements and thus lost ipv6 to the web.
trying to keep it factual :(
Check https://github.com/opnsense/core/issues/1273 for radvd issue. I think you mean 16.7.9?
Hello,
I use to update quite often and last update to last 16.7.x failed and I had to revert to previous vm snapshot which is:
OPNsense 16.1.20-amd64
FreeBSD 10.2-RELEASE-p19
OpenSSL 1.0.2h 3 May 2016
If I try to update again to 16.7, the process both from webpage and shell end with no success.
When I did by console it stops after migrating traffic shaper as you can see in the picture.
If I did by web manager it seems reboot but lock on mounting the root disk.
Now I'm forced to stay on 16.1: any suggestion?
Do you need some kind of log to let you help me?
Please any help would be very appreciated.
SR
Would you mind sending us the <TrafficShaper/> section of the /conf/config.xml file? Looks like an incompatible migration path we need to fix.
project AT opnsense DOT org
Thank you,
Franco
Hello franco,
Tha problem is in the actual 1.6.20 /conf/config.xml I have not that section, and if I try the upgrade the system froze and I cannot see if it is present.
The only think I hope can be usable is the upgrade->try to boot -> try to boot in single user mode to see what happens, but let me know what do you think about.
Thanks for your answer.
SR
I think it all works, but locks the console when it's done. Can you access the web interface after the upgrade? If yes, go to System: Settings: Administration and reconfigure "primary console" and save.
I'm updating from console aving an ssh session opened: I'll let you know after the process end if I'm able to reboot and even to connect to webpage.
SR
Ok, here I'm: the upgrade from console locked as previous shown in the bitmap, and the section about traffic shaper is like this:
<TrafficShaper version="1.0.1">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
</OPNsense>
</opnsense>
then the xml file is closed.
I configured the primary console as vga and now I have again the login prompt:
Thwe web page say version is:
OPNsense 16.7.11_1-amd64
FreeBSD 10.2-RELEASE-p19
OpenSSL 1.0.2j 26 Sep 2016
Then I check and completed the upgrade via web interface and the fw rebooted successfully.
Now version is:
OPNsense 16.7.11_1-amd64
FreeBSD 10.3-RELEASE-p14
OpenSSL 1.0.2j 26 Sep 2016
Thanks a lot and let me know if you need any other details.
SR
This looks like you're all done, great. Don't forget to snapshot. 8)
You got it bro!
Now I have two snapshot: the old one and the new one after the successful upgrade.
Both of them will be forgotten (not deleted) until next upgrade will fail :)
Thanks for your support!
Hello. Just made a clean install and then upgraded to 16.7.13 through SSH. After reboot a console freezes right after displaying interface binding, but all services and ssh are ok. You can see in attached pictures. How I can fix a console?
Hello,
from the web interface ( System ---Administration ) have you already tried to set Primary Console to VGA console?
Quote from: thebraz on January 11, 2017, 11:01:05 AM
from the web interface ( System ---Administration ) have you already tried to set Primary Console to VGA console?
Worked, thanks! It was set to serial. But, upgrade procedure shouldn't change primary console, isn't it?
This was a latent bug in the GUI for years. It would save "serial" by default, even though the default in FreeBSD is "vga". I recently removed safe-guards around it for a cleaner primary/secondary console workflow and then this surfaced.
Note that factory resets or reinstalls are not affected by this at all. :)
Cheers,
Franco