The GUI upgrade to 24.1 states that it is safe to upgrade. It is not, its failed on one bare metal device and VMWare virtual. The only time it hasn't failed is when the router only has two interfaces. If you have 3+ including vlans it gets confused and doesn't build all the interfaces back again.
I've had to default and reload from backup. If you complete this upgrade do it while your physically next to the equipment or consider having a High Availability set up.
Disagree. I have a half dozen VLANs, a set of LAGGs and no issues. Upgrade was easy.
Also disagree. I have updated 6 port and 4 port connected devices with no hitch. Granting that I have no VLANs, where are the many others with the same problem? They should exist.
If your upgrades have problems and they are continuing better to describe configuration and issues sufficiently to get help with diagnosis.
Hi,
i did the GUI update from working 23.7.12_5 to 24.1.1. successful and without any error message, but Port Forwarding and HAProxy had not worked. Services and Servers had not been accessible from WAN. After complete restore to 23.7.12_5 all is working again fine. I will not update that fast again.
This is not that useful - have you opened issues for the problems you had?
Without any diagnosis what do you expect will happen when you eventually upgrade to 24.1.4 or 24.1.5 ...? My prediction: exactly the same. The malfunction is particular to your individual system and the root cause needs to be identified and resolved. Problems like this do not magically disappear three versions later - because nobody but you has encountered this exact problem.
I invite you to take it as it is, making aware having a backup is not that bad.
It's since years my first time having issues upgrading OPNsense
I'm not asking for help just making aware that there can be a Issue with ACME/HAProxy and Port Forwarding
Having a configuration backup is always a good idea. As is having a ZFS snapshot/boot environment to perform a quick and smooth rollback ;)
No issues with upgrade to 24.1 on 3 completely different machines with 6+ ports and tons of VLANs and VPN tunnels. Moderators should really do something about people that start topics like these. Its borderline misleading.
You'd be surprised how obnoxious these topics get when you engage people posting blank warnings about updates / upgrades.
That's how /r/opnsense and /r/opnsensefirewall had their fallout.
I tend to ignore unsubstantial reports, because usually I do 20 - 50 upgrade tests for each major iteration depending on their scope.
This dies down more quickly without responses or more detailed responses come to a refined bug report that can be fixed. Either way I'm fine with that.
And there have also been a lot of questions asked and resolved, some of them multiple times... :)
Cheers,
Franco
I admire your patience and composure.
I see lots of haters, but I think it has to do with the individual setups. I too borked two systems.
I am still struggling to get my new image working correctly. Things are not properly migrated to the new setup. Fortunately, I have a spare box with the older image until I get it all sorted out.
Blankets statements will get you hate, but to the haters, just because your particular configuration is fine, doesn't mean a different setup is. Just my 2 cents.
Quote from: lshantz on February 13, 2024, 04:51:49 PM
I too borked two systems.
Me too. But, if im unable to resolve the issue, i wont come to this forum and create a thread with subject "Upgraders beware". Title like that is suggesting that there is something very wrong with opnsense and that you should not upgrade.
Quote from: lshantz on February 13, 2024, 04:51:49 PMjust because your particular configuration is fine, doesn't mean a different setup is.
That statement goes both ways.
Quote from: lshantz on February 13, 2024, 04:51:49 PM
... just because your particular configuration is fine, doesn't mean a different setup is.
That is rather the point. Obvious reasons for stating you have a working configuration while noting the degree of [dis]similarity are to reassure someone who appears to be panicking or giving up, and to provide some characterisation so they can see where their system might differ, where a problem might lie.
First time I have seen modest helping called "hating". ??? It's about the problem, not the person.
> First time I have seen modest helping called "hating". ??? It's about the problem, not the person.
Who said "hating". Did I miss something?
I'm ready to try the upgrade but would like to know if there is a way to prepare so that I can do a full roll-back in case I have issues that are difficult to solve? I am running OPNSense on an APU2E4.
Are you running on ZFS?
Quote from: Patrick M. Hausen on February 14, 2024, 04:17:32 PM
Are you running on ZFS?
No. When I installed this a couple of years ago, I had no idea about ZFS. From what I have just Googled, it seems it is possible to install with ZFS on the APU but I am not sure I am up for the hassle of somehow mirroring the current install to a backup device, reformatting the device with ZFS and restoring the installation...
I deduct from your question that without ZFS, there is no easy way to roll back?
You can always perform a fresh install and import a saved configuration. If to roll back or to migrate to ZFS doesn't matter, it's rather painless and fast. Only downside: you will be offline for 30-60 minutes and you need physical access to the system.
Then, yes, with ZFS you can roll back a live system without a reinstall.
Quote from: Patrick M. Hausen on February 14, 2024, 05:49:30 PM
You can always perform a fresh install and import a saved configuration.
Thanks Patrick, I found your guide on ZFS and roll-back (https://forum.opnsense.org/index.php?topic=25540). Just one question: I am on 23.7.10_1. The only install I can download on 23.7 is...23.7. Will importing a configuration backed up from 23.7.10_1 to a 23.7 install cause issues?
Not to my knowledge. At least basic Internet access should work so you can update to 23.7-latest first.
BTW: I run APU4D4 with ZFS and OPNsense - the performance and memory of the device itself is definitely sufficient.
OK, I will try when I get a moment. On the APU, how does one choose a boot environment after creating multiple ones using bectl? Is that done via the serial console?
If the system is fundamentally running and you can login via SSH, then just "bectl acticate <name>; shutdown -r now".
If it isn't, yes, at the console.
I 100% Agree. I have had terrible issues since the latest upgrades.
- IPSec Firewall Rules no longer get created for IP Alias or secondary interfaces.
Firewall State table is unusable; search doesn't seem to work at all.
Making changes to any interface resets them all.
Things in opnsense have usually just worked for me without a hitch, now everything is going haywire!
Quote from: cttechcorp on February 15, 2024, 06:06:53 PM
I 100% Agree. I have had terrible issues since the latest upgrades.
And this, ladies and gentleman, is what happens if you keep such topics rolling with replies.
"Weird" issues often have "weird" reasons is all I can say from a software standpoint. I'm always happy about qualified reports for individual issues either on GitHub or as a separate forum post.
Let's not pile on this thread...
Cheers,
Franco
should add a way to remove kara from posters who are full of ....
just lock the thread @franco with a note as the reason i.e what you just wrote.
Although, I do agree with Franco and Patrick I disagree with cookiemonster.
As myself been frustrated with various releases due to the underlying changes in the FreeBSD. It's hard to pin point things when you have to rebuild the router every time from scratch to identify what check box caused the major issues after the upgrade.
No doubt that the FreeBSD is the most solid OS. And No one can expect Franco and Patrick or anyone else for that matter do a free one on one, either.
So when it comes to OPNsense, it's far better than PFsense support.
I am on the side of let this thread run for ever so folks can place all their frustrations. Maybe when there's time folks in OPNsesnse can read up and maybe they find "nuggets" to improve the User Experience or add features.
just my 0.00000000000000001USD
Ok I get the want to have a thread to vent. I don't see it as productive but we all have opinions and I respect yours.
What I see is that just posting a venting, oneliner to say the upgrade is flawed is counterproductive. But yes, maybe if it was accepted as a place to vent but not to expect assistance it could be of use to someone.
Then it would ideally be explicit that no help will be given there, for that, the usual requirements would apply: the failing service, the relevant settings and some initial diagnostic. What any user forum wants to be able to assist.
I think what would be useful would be to have a "Report 24.1 upgrade issues here" thread. This would not be for just venting, it should specifically contain issues encountered as a result of the nominated upgrade – and offer a place for support with such issues.
Perhaps the naming "Upgraders beware" in itself is slightly charged, leading to venting...
Quote from: Patrick M. Hausen on February 12, 2024, 11:23:23 AM
Having a configuration backup is always a good idea. As is having a ZFS snapshot/boot environment to perform a quick and smooth rollback ;)
Patrick thanks to your post i used the chance and installed OPNsense fresh with ZFS.
I found the issue i had upgrading from 23.7.12 to 24.1, in my case something happened during the upgrade with my gateways. I have WAN, LAN, OPT1 and OPT2. OPT2 has his own Gateway and with the upgrade the default gateway was set to that which was wrong. After correcting the Gateways all went well, also HAProxy works now fine. First time this happened.
At the end all good, thx
Quote from: Patrick M. Hausen on February 14, 2024, 06:01:49 PM
Not to my knowledge. At least basic Internet access should work so you can update to 23.7-latest first.
BTW: I run APU4D4 with ZFS and OPNsense - the performance and memory of the device itself is definitely sufficient.
I just wanted to say thanks to Patrick – I took the plunge, reinstalled my APU2E4 with ZFS and 24.7, and not only did I get everything to work (including the rollback availability) but the system boots up noticeably faster as well. Great stuff! 👏👏🙏