I finally got around to unboxing and setting up my DEC850. I have a valid BE license and it is input into the GUI.
As the first step I attemp to update via GUI. I get that an update is availible but when it tries to apply it fails.
***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.10 at Tue Jul 16 00:24:29 CDT 2024
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Checking for upgrades (145 candidates): .......... done
Processing candidates (145 candidates): ....... done
The following 95 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
libpfctl: 0.8
openssl111: 1.1.1w
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20240307
Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
choparp: 20150613 -> 20150613_1
curl: 8.3.0 -> 8.6.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.6 -> 3.1.7
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.78.0,2 -> 2.78.3,2
ivykis: 0.42.4 -> 0.42.4_1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.56.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4_1 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.93 -> 3.95
oniguruma: 6.9.8_1 -> 6.9.9
openssh-portable: 9.3.p2_1,1 -> 9.6.p1_1,1
openvpn: 2.6.6 -> 2.6.8_1
opnsense-business: 23.10 -> 23.10.3_1
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 23.7.4 -> 23.7.11
opnsense-update: 23.7.4 -> 23.7.10_1
os-OPNBEcore: 1.2 -> 1.3
perl5: 5.34.1_3 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.11 -> 8.2.14
php82-ctype: 8.2.11 -> 8.2.14
php82-curl: 8.2.11 -> 8.2.14
php82-dom: 8.2.11 -> 8.2.14
php82-filter: 8.2.11 -> 8.2.14
php82-gettext: 8.2.11 -> 8.2.14
php82-ldap: 8.2.11 -> 8.2.14
php82-mbstring: 8.2.11 -> 8.2.14
php82-pcntl: 8.2.11 -> 8.2.14
php82-pdo: 8.2.11 -> 8.2.14
php82-phpseclib: 3.0.23 -> 3.0.34
php82-session: 8.2.11 -> 8.2.14
php82-simplexml: 8.2.11 -> 8.2.14
php82-sockets: 8.2.11 -> 8.2.14
php82-sqlite3: 8.2.11 -> 8.2.14
php82-xml: 8.2.11 -> 8.2.14
php82-zlib: 8.2.11 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.13.0 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 4.0.0 -> 4.2.0
py39-certifi: 2023.7.22 -> 2023.11.17
py39-charset-normalizer: 3.3.0 -> 3.3.2
py39-cryptography: 41.0.4,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-exceptiongroup: 1.1.3 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.18.0 -> 1.0.2
py39-httpx: 0.25.0 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.9.0 -> 0.10.1
py39-numexpr: 2.8.7 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.17,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.43.1,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.11_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.14 -> 6.0.17
unbound: 1.18.0 -> 1.19.3
wpa_supplicant: 2.10_9 -> 2.10_10
Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
gmp-6.3.0 (option added: INFO)
hostapd-2.10_8 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
python39-3.9.18 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
Number of packages to be installed: 7
Number of packages to be upgraded: 75
Number of packages to be reinstalled: 13
The process will require 19 MiB more space.
36 MiB to be downloaded.
[1/22] Fetching py39-Babel-2.14.0.pkg: .......... done
pkg-static: cached package py39-Babel-2.14.0: missing or size mismatch, fetching from remote
[2/22] Fetching py39-Babel-2.14.0.pkg: .......... done
pkg-static: cached package py39-Babel-2.14.0: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***
When I connect via serial using the provided cable it also fails when using option 12:
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
This update requires a reboot.
Proceed with this action? [y/N]: y
This business release is based on the OPNsense 23.7.12 community version
with additional reliability improvements.
Here are the full patch notes:
o system: fix handling of empty "serialusb" node set during import
o system: fix assorted PHP deprecation warnings
o system: add issuer and logo to OTP link
o system: prevent empty "user" node to crash during boot
o system: allow 0 length voucher passwords in authentication server
o reporting: update traffic graph colors to be contrast and consistent (contributed by brotherla)
o interfaces: add missing ACL entries for ARP/NDP tables
o interfaces: prevent modal x-axis overflow on packet capture page
o firewall: add optional advanced property "State policy" to influence state creation on a per rule base
o firewall: change default traffic normalization behavior and choose "in" as standard direction for manual rules
o firewall: refactor schedule matching and fix an end-of-the-month bug
o firewall: fix incorrect packet counters statistics collection
o firewall: fix virtual IP API use with subnet/subnet_bits usage
o firewall: fix floating rule display (contributed by lin-xianming)
o firewall: fix display of ICMP tooltip (contributed by lin-xianming)
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Checking for upgrades (145 candidates): .......... done
Processing candidates (145 candidates): ....... done
The following 95 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
libpfctl: 0.8
openssl111: 1.1.1w
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20240307
Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
choparp: 20150613 -> 20150613_1
curl: 8.3.0 -> 8.6.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.6 -> 3.1.7
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.78.0,2 -> 2.78.3,2
ivykis: 0.42.4 -> 0.42.4_1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.56.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4_1 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.93 -> 3.95
oniguruma: 6.9.8_1 -> 6.9.9
openssh-portable: 9.3.p2_1,1 -> 9.6.p1_1,1
openvpn: 2.6.6 -> 2.6.8_1
opnsense-business: 23.10 -> 23.10.3_1
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 23.7.4 -> 23.7.11
opnsense-update: 23.7.4 -> 23.7.10_1
os-OPNBEcore: 1.2 -> 1.3
perl5: 5.34.1_3 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.11 -> 8.2.14
php82-ctype: 8.2.11 -> 8.2.14
php82-curl: 8.2.11 -> 8.2.14
php82-dom: 8.2.11 -> 8.2.14
php82-filter: 8.2.11 -> 8.2.14
php82-gettext: 8.2.11 -> 8.2.14
php82-ldap: 8.2.11 -> 8.2.14
php82-mbstring: 8.2.11 -> 8.2.14
php82-pcntl: 8.2.11 -> 8.2.14
php82-pdo: 8.2.11 -> 8.2.14
php82-phpseclib: 3.0.23 -> 3.0.34
php82-session: 8.2.11 -> 8.2.14
php82-simplexml: 8.2.11 -> 8.2.14
php82-sockets: 8.2.11 -> 8.2.14
php82-sqlite3: 8.2.11 -> 8.2.14
php82-xml: 8.2.11 -> 8.2.14
php82-zlib: 8.2.11 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.13.0 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 4.0.0 -> 4.2.0
py39-certifi: 2023.7.22 -> 2023.11.17
py39-charset-normalizer: 3.3.0 -> 3.3.2
py39-cryptography: 41.0.4,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-exceptiongroup: 1.1.3 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.18.0 -> 1.0.2
py39-httpx: 0.25.0 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.9.0 -> 0.10.1
py39-numexpr: 2.8.7 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.17,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.43.1,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.11_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.14 -> 6.0.17
unbound: 1.18.0 -> 1.19.3
wpa_supplicant: 2.10_9 -> 2.10_10
Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
gmp-6.3.0 (option added: INFO)
hostapd-2.10_8 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
python39-3.9.18 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
Number of packages to be installed: 7
Number of packages to be upgraded: 75
Number of packages to be reinstalled: 13
The process will require 19 MiB more space.
36 MiB to be downloaded.
[1/22] Fetching py39-Babel-2.14.0.pkg: .......... done
pkg-static: cached package py39-Babel-2.14.0: missing or size mismatch, fetching from remote
[2/22] Fetching py39-Babel-2.14.0.pkg: .......... done
pkg-static: cached package py39-Babel-2.14.0: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Starting web GUI...done.
Generating RRD graphs...done.
Not sure how to proceed from here to update the DEC580. This forum seems to be the closest version number of what is installed (23.10) but please move the thread if this is incorrect.
Can you try to issue this from the console:
# pkg clean -ya
And try again? it will get rid of the cached packages so that it would continue under normal circumstances.
Cheers,
Franco
I performed pkg clean -ya:
root@*****:~ # pkg clean -ya
The following package files will be deleted:
/var/cache/pkg/gmp-6.3.0~498c46bd67.pkg
/var/cache/pkg/mpd5-5.9_17.pkg
/var/cache/pkg/krb5-1.21.2.pkg
/var/cache/pkg/openssh-portable-9.6.p1_1,1~915372e451.pkg
/var/cache/pkg/php82-8.2.14~a9e752868c.pkg
/var/cache/pkg/choparp-20150613_1~b7435fd133.pkg
/var/cache/pkg/wpa_supplicant-2.10_10~a6a3a2a7d6.pkg
/var/cache/pkg/py39-httpcore-1.0.2~241a7e2716.pkg
/var/cache/pkg/py39-pyasn1-modules-0.3.0.pkg
/var/cache/pkg/py39-bottleneck-1.3.7_1.pkg
/var/cache/pkg/libxml2-2.10.4_2.pkg
/var/cache/pkg/py39-yaml-6.0.1~d90923b817.pkg
/var/cache/pkg/gettext-runtime-0.22.3~2a9aa1778b.pkg
/var/cache/pkg/php82-xml-8.2.14~5ace09e2f4.pkg
/var/cache/pkg/libpsl-0.21.2_4~f017d9aca1.pkg
/var/cache/pkg/syslog-ng-4.4.0.pkg
/var/cache/pkg/openssh-portable-9.6.p1_1,1.pkg
/var/cache/pkg/flock-2.37.2~4cfd284702.pkg
/var/cache/pkg/cpdup-1.22.pkg
/var/cache/pkg/php82-dom-8.2.14~ef3eeaffa8.pkg
/var/cache/pkg/php82-ldap-8.2.14.pkg
/var/cache/pkg/php82-pear-Crypt_CHAP-1.5.0_1~0234255663.pkg
/var/cache/pkg/cyrus-sasl-gssapi-2.1.28~8da4c6bfea.pkg
/var/cache/pkg/libnghttp2-1.58.0~295b183de8.pkg
/var/cache/pkg/libyaml-0.2.5~8b2610ba49.pkg
/var/cache/pkg/py39-tzdata-2023.4.pkg
/var/cache/pkg/libfido2-1.14.0~789220b9e5.pkg
/var/cache/pkg/php82-curl-8.2.14.pkg
/var/cache/pkg/python39-3.9.18.pkg
/var/cache/pkg/py39-openssl-23.2.0,1~422778608c.pkg
/var/cache/pkg/openvpn-2.6.8_1.pkg
/var/cache/pkg/unbound-1.19.3.pkg
/var/cache/pkg/libevent-2.1.12.pkg
/var/cache/pkg/py39-pylsqpack-0.3.18.pkg
/var/cache/pkg/choparp-20150613_1.pkg
/var/cache/pkg/py39-urllib3-1.26.18,1.pkg
/var/cache/pkg/beep-1.0_2~c44ab54fc1.pkg
/var/cache/pkg/py39-ujson-5.9.0.pkg
/var/cache/pkg/py39-bottleneck-1.3.7_1~e7245666a1.pkg
/var/cache/pkg/py39-pylsqpack-0.3.18~5182f12312.pkg
/var/cache/pkg/py39-httpx-0.26.0.pkg
/var/cache/pkg/php82-phpseclib-3.0.34~a7626a0f35.pkg
/var/cache/pkg/pkg-1.19.2_1~6c501f4b59.pkg
/var/cache/pkg/php82-phpseclib-3.0.34.pkg
/var/cache/pkg/ivykis-0.42.4_1.pkg
/var/cache/pkg/py39-ujson-5.9.0~a65018d20c.pkg
/var/cache/pkg/py39-pyasn1-modules-0.3.0~3b2ab1d0b5.pkg
/var/cache/pkg/opnsense-business-23.10.3_1~38d2cccd3b.pkg
/var/cache/pkg/py39-numpy-1.25.0_4,1.pkg
/var/cache/pkg/php82-sockets-8.2.14~415651dda4.pkg
/var/cache/pkg/cyrus-sasl-2.1.28_1.pkg
/var/cache/pkg/mpdecimal-2.5.1.pkg
/var/cache/pkg/py39-pyasn1-0.5.0~f8c88a2a02.pkg
/var/cache/pkg/e2fsprogs-libuuid-1.47.0.pkg
/var/cache/pkg/os-OPNBEcore-1.3.pkg
/var/cache/pkg/nss-3.95~880a5e56ac.pkg
/var/cache/pkg/php82-session-8.2.14~9419a6427f.pkg
/var/cache/pkg/lighttpd-1.4.73~71d52bdc88.pkg
/var/cache/pkg/nettle-3.9.1~9dba8a9b0d.pkg
/var/cache/pkg/php82-session-8.2.14.pkg
/var/cache/pkg/php82-pdo-8.2.14~5bb563bc4c.pkg
/var/cache/pkg/py39-exceptiongroup-1.2.0~acf1915a9c.pkg
/var/cache/pkg/ivykis-0.42.4_1~4605b98c8c.pkg
/var/cache/pkg/py39-numpy-1.25.0_4,1~e964a4d6b8.pkg
/var/cache/pkg/py39-aioquic-0.9.24.pkg
/var/cache/pkg/py39-trio-0.24.0~8f5a78e036.pkg
/var/cache/pkg/py39-exceptiongroup-1.2.0.pkg
/var/cache/pkg/py39-hpack-4.0.0.pkg
/var/cache/pkg/py39-anyio-4.2.0~861f85e097.pkg
/var/cache/pkg/py39-urllib3-1.26.18,1~5af8fe4113.pkg
/var/cache/pkg/php82-zlib-8.2.14.pkg
/var/cache/pkg/mpdecimal-2.5.1~a15461a395.pkg
/var/cache/pkg/php82-pcntl-8.2.14.pkg
/var/cache/pkg/suricata-6.0.17~56cd58d053.pkg
/var/cache/pkg/py39-Jinja2-3.1.2~0b8de42f0f.pkg
/var/cache/pkg/opnsense-update-23.7.10_1.pkg
/var/cache/pkg/dpinger-3.3.pkg
/var/cache/pkg/libpfctl-0.8.pkg
/var/cache/pkg/krb5-1.21.2~a73ffbceb1.pkg
/var/cache/pkg/libfido2-1.14.0.pkg
/var/cache/pkg/easy-rsa-3.1.7~ecfad91a2c.pkg
/var/cache/pkg/filterlog-0.7_1.pkg
/var/cache/pkg/suricata-6.0.17.pkg
/var/cache/pkg/php82-sqlite3-8.2.14.pkg
/var/cache/pkg/syslog-ng-4.4.0~8f6ac558d5.pkg
/var/cache/pkg/php82-mbstring-8.2.14.pkg
/var/cache/pkg/ntp-4.2.8p17_1.pkg
/var/cache/pkg/php82-simplexml-8.2.14~0a0fc78812.pkg
/var/cache/pkg/py39-pyasn1-0.5.0.pkg
/var/cache/pkg/php82-curl-8.2.14~a09d1f968d.pkg
/var/cache/pkg/rrdtool-1.8.0_3~10892ade99.pkg
/var/cache/pkg/py39-cython-0.29.37~ea6328ec67.pkg
/var/cache/pkg/monit-5.33.0~5db92ebf18.pkg
/var/cache/pkg/libpfctl-0.8~7cb09d349f.pkg
/var/cache/pkg/php82-mbstring-8.2.14~aa2edad8b2.pkg
/var/cache/pkg/libiconv-1.17.pkg
/var/cache/pkg/py39-attrs-23.1.0.pkg
/var/cache/pkg/openvpn-2.6.8_1~17de3f0550.pkg
/var/cache/pkg/cyrus-sasl-gssapi-2.1.28.pkg
/var/cache/pkg/php82-8.2.14.pkg
/var/cache/pkg/curl-8.6.0.pkg
/var/cache/pkg/py39-service-identity-23.1.0~8a76a148bb.pkg
/var/cache/pkg/php82-pdo-8.2.14.pkg
/var/cache/pkg/ntp-4.2.8p17_1~31baa87896.pkg
/var/cache/pkg/flowd-0.9.1_3.pkg
/var/cache/pkg/ldns-1.8.3~74135574ac.pkg
/var/cache/pkg/libyaml-0.2.5.pkg
/var/cache/pkg/py39-outcome-1.3.0_1~3ca96c0bc6.pkg
/var/cache/pkg/php82-dom-8.2.14.pkg
/var/cache/pkg/lighttpd-1.4.73.pkg
/var/cache/pkg/gmp-6.3.0.pkg
/var/cache/pkg/php82-pear-Crypt_CHAP-1.5.0_1.pkg
/var/cache/pkg/libnet-1.3,1.pkg
/var/cache/pkg/wpa_supplicant-2.10_10.pkg
/var/cache/pkg/py39-anyio-4.2.0.pkg
/var/cache/pkg/lzo2-2.10_1.pkg
/var/cache/pkg/filterlog-0.7_1~28275c9141.pkg
/var/cache/pkg/dpinger-3.3~cb882cb4c4.pkg
/var/cache/pkg/py39-tzdata-2023.4~b93d3a1f46.pkg
/var/cache/pkg/libcbor-0.10.2.pkg
/var/cache/pkg/isc-dhcp44-server-4.4.3P1~53a17125e1.pkg
/var/cache/pkg/php82-pcntl-8.2.14~db10631da0.pkg
/var/cache/pkg/py39-aioquic-0.9.24~dc80f97719.pkg
/var/cache/pkg/py39-openssl-23.2.0,1.pkg
/var/cache/pkg/sqlite3-3.44.0_1,1.pkg
/var/cache/pkg/hostapd-2.10_8~38c4635b58.pkg
/var/cache/pkg/libnghttp2-1.58.0.pkg
/var/cache/pkg/py39-cryptography-41.0.7_2,1~36e2b7bb37.pkg
/var/cache/pkg/json-c-0.17.pkg
/var/cache/pkg/cpustats-0.1~3a7decf5dd.pkg
/var/cache/pkg/gettext-runtime-0.22.3.pkg
/var/cache/pkg/cpustats-0.1.pkg
/var/cache/pkg/py39-async_generator-1.10~b4a08f05a2.pkg
/var/cache/pkg/libcbor-0.10.2~6e81150bb0.pkg
/var/cache/pkg/py39-cryptography-41.0.7_2,1.pkg
/var/cache/pkg/easy-rsa-3.1.7.pkg
/var/cache/pkg/opnsense-business-23.10.3_1.pkg
/var/cache/pkg/pkcs11-helper-1.29.0_1.pkg
/var/cache/pkg/py39-hpack-4.0.0~ad6381df73.pkg
/var/cache/pkg/lzo2-2.10_1~66d9551b8b.pkg
/var/cache/pkg/php82-zlib-8.2.14~5f9fe2ca50.pkg
/var/cache/pkg/py39-charset-normalizer-3.3.2.pkg
/var/cache/pkg/py39-httpx-0.26.0~14c45022a2.pkg
/var/cache/pkg/py39-async_generator-1.10.pkg
/var/cache/pkg/py39-charset-normalizer-3.3.2~5ac4daa215.pkg
/var/cache/pkg/opnsense-update-23.7.10_1~9a0dcef969.pkg
/var/cache/pkg/py39-numexpr-2.8.8~361e8d2c92.pkg
/var/cache/pkg/py39-service-identity-23.1.0.pkg
/var/cache/pkg/php82-ldap-8.2.14~142ab4d1b1.pkg
/var/cache/pkg/hostapd-2.10_8.pkg
/var/cache/pkg/py39-yaml-6.0.1.pkg
/var/cache/pkg/mpd5-5.9_17~b9dd64940a.pkg
/var/cache/pkg/os-OPNBEcore-1.3~f17f84973e.pkg
/var/cache/pkg/json-c-0.17~e13cd2337d.pkg
/var/cache/pkg/libunistring-1.1.pkg
/var/cache/pkg/nss-3.95.pkg
/var/cache/pkg/py39-markupsafe-2.1.3.pkg
/var/cache/pkg/php82-xml-8.2.14.pkg
/var/cache/pkg/php82-simplexml-8.2.14.pkg
/var/cache/pkg/isc-dhcp44-server-4.4.3P1.pkg
/var/cache/pkg/curl-8.6.0~76dc6cf4f1.pkg
/var/cache/pkg/pkcs11-helper-1.29.0_1~0a69a9cb9d.pkg
/var/cache/pkg/beep-1.0_2.pkg
/var/cache/pkg/nettle-3.9.1.pkg
/var/cache/pkg/libpsl-0.21.2_4.pkg
/var/cache/pkg/libevent-2.1.12~19700e67f7.pkg
/var/cache/pkg/py39-markupsafe-2.1.3~510d9ec2b9.pkg
/var/cache/pkg/ldns-1.8.3.pkg
/var/cache/pkg/py39-Jinja2-3.1.2.pkg
/var/cache/pkg/rrdtool-1.8.0_3.pkg
/var/cache/pkg/libiconv-1.17~099609728f.pkg
/var/cache/pkg/py39-attrs-23.1.0~1f3496f0de.pkg
/var/cache/pkg/php82-sockets-8.2.14.pkg
/var/cache/pkg/pkg-1.19.2_1.pkg
/var/cache/pkg/flowd-0.9.1_3~8e7a76d467.pkg
/var/cache/pkg/cyrus-sasl-2.1.28_1~11d351a0a9.pkg
/var/cache/pkg/py39-cython-0.29.37.pkg
/var/cache/pkg/e2fsprogs-libuuid-1.47.0~df18e592ce.pkg
/var/cache/pkg/libnet-1.3,1~4572c8653d.pkg
/var/cache/pkg/flock-2.37.2.pkg
/var/cache/pkg/py39-outcome-1.3.0_1.pkg
/var/cache/pkg/php82-sqlite3-8.2.14~0366ba07db.pkg
/var/cache/pkg/unbound-1.19.3~b16863e84c.pkg
/var/cache/pkg/cpdup-1.22~24ac9d04c1.pkg
/var/cache/pkg/libidn2-2.3.4~3829f2c82a.pkg
/var/cache/pkg/monit-5.33.0.pkg
/var/cache/pkg/py39-httpcore-1.0.2.pkg
/var/cache/pkg/libidn2-2.3.4.pkg
/var/cache/pkg/sqlite3-3.44.0_1,1~e59677153f.pkg
/var/cache/pkg/libxml2-2.10.4_2~87f240d317.pkg
/var/cache/pkg/libunistring-1.1~2de6bdcac8.pkg
/var/cache/pkg/python39-3.9.18~66962bb4e2.pkg
/var/cache/pkg/py39-trio-0.24.0.pkg
/var/cache/pkg/py39-numexpr-2.8.8.pkg
The cleanup will free 64 MiB
Deleting files: 100%
All done
and tried updating from the console again:
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
This update requires a reboot.
Proceed with this action? [y/N]: y
This business release is based on the OPNsense 23.7.12 community version
with additional reliability improvements.
Here are the full patch notes:
o system: fix handling of empty "serialusb" node set during import
o system: fix assorted PHP deprecation warnings
o system: add issuer and logo to OTP link
o system: prevent empty "user" node to crash during boot
o system: allow 0 length voucher passwords in authentication server
o reporting: update traffic graph colors to be contrast and consistent (contributed by brotherla)
o interfaces: add missing ACL entries for ARP/NDP tables
o interfaces: prevent modal x-axis overflow on packet capture page
o firewall: add optional advanced property "State policy" to influence state creation on a per rule base
o firewall: change default traffic normalization behavior and choose "in" as standard direction for manual rules
o firewall: refactor schedule matching and fix an end-of-the-month bug
o firewall: fix incorrect packet counters statistics collection
o firewall: fix virtual IP API use with subnet/subnet_bits usage
o firewall: fix floating rule display (contributed by lin-xianming)
o firewall: fix display of ICMP tooltip (contributed by lin-xianming)
on
o ipsec: show EAP-RADIUS settings only when legacy tunnels are being used
hon module
artup problems
o unbound: fix missing /lib nullfs mount in chroot
o unbound: add aggressive-nsec option toggle (contributed by kulikov-a)
o mvc: fix PHP_FLOAT_MIN being unreliable
ming)
o ui: fix epoch support as number in bootgrid
o plugins: os-OPNProxy 1.0.4 removes ident support
o plugins: os-OPNWAF 1.3 adds SSLVerifyDepth
o ports: curl 8.6.0[1]
o ports: suricata 6.0.17[2]
o ports: unbound 1.19.3[3]
A hotfix release was issued as 23.10.3_1:
o firmware: add fingerprint, migration notes and upgrade hint for 24.4
Stay safe,
Your OPNsense team
--
[1] https://curl.se/changes.html#8_6_0
[2] https://suricata.io/2024/03/19/suricata-7-0-4-and-6-0-17-released/
[3] https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-3
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Checking for upgrades (145 candidates): .......... done
Processing candidates (145 candidates): ....... done
The following 95 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
libpfctl: 0.8
openssl111: 1.1.1w
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20240307
Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
choparp: 20150613 -> 20150613_1
curl: 8.3.0 -> 8.6.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.6 -> 3.1.7
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.78.0,2 -> 2.78.3,2
ivykis: 0.42.4 -> 0.42.4_1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.56.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4_1 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.93 -> 3.95
oniguruma: 6.9.8_1 -> 6.9.9
openssh-portable: 9.3.p2_1,1 -> 9.6.p1_1,1
openvpn: 2.6.6 -> 2.6.8_1
opnsense-business: 23.10 -> 23.10.3_1
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 23.7.4 -> 23.7.11
opnsense-update: 23.7.4 -> 23.7.10_1
os-OPNBEcore: 1.2 -> 1.3
perl5: 5.34.1_3 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.11 -> 8.2.14
php82-ctype: 8.2.11 -> 8.2.14
php82-curl: 8.2.11 -> 8.2.14
php82-dom: 8.2.11 -> 8.2.14
php82-filter: 8.2.11 -> 8.2.14
php82-gettext: 8.2.11 -> 8.2.14
php82-ldap: 8.2.11 -> 8.2.14
php82-mbstring: 8.2.11 -> 8.2.14
php82-pcntl: 8.2.11 -> 8.2.14
php82-pdo: 8.2.11 -> 8.2.14
php82-phpseclib: 3.0.23 -> 3.0.34
php82-session: 8.2.11 -> 8.2.14
php82-simplexml: 8.2.11 -> 8.2.14
php82-sockets: 8.2.11 -> 8.2.14
php82-sqlite3: 8.2.11 -> 8.2.14
php82-xml: 8.2.11 -> 8.2.14
php82-zlib: 8.2.11 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.13.0 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 4.0.0 -> 4.2.0
py39-certifi: 2023.7.22 -> 2023.11.17
py39-charset-normalizer: 3.3.0 -> 3.3.2
py39-cryptography: 41.0.4,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-exceptiongroup: 1.1.3 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.18.0 -> 1.0.2
py39-httpx: 0.25.0 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.9.0 -> 0.10.1
py39-numexpr: 2.8.7 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.17,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.43.1,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.11_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.14 -> 6.0.17
unbound: 1.18.0 -> 1.19.3
wpa_supplicant: 2.10_9 -> 2.10_10
Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
gmp-6.3.0 (option added: INFO)
hostapd-2.10_8 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
python39-3.9.18 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
Number of packages to be installed: 7
Number of packages to be upgraded: 75
Number of packages to be reinstalled: 13
The process will require 19 MiB more space.
93 MiB to be downloaded.
[1/95] Fetching py39-httpx-0.26.0.pkg: .......... done
[2/95] Fetching unbound-1.19.3.pkg: .......... done
[3/95] Fetching php82-session-8.2.14.pkg: ..... done
[4/95] Fetching wpa_supplicant-2.10_10.pkg: .......... done
[5/95] Fetching opnsense-business-23.10.3_1.pkg: .......... done
[6/95] Fetching lighttpd-1.4.73.pkg: .......... done
[7/95] Fetching py39-pyasn1-0.5.0.pkg: .......... done
[8/95] Fetching py39-exceptiongroup-1.2.0.pkg: ... done
[9/95] Fetching opnsense-update-23.7.10_1.pkg: ..... done
[10/95] Fetching hostapd-2.10_8.pkg: .......... done
[11/95] Fetching py39-httpcore-1.0.2.pkg: .......... done
[12/95] Fetching py39-cryptography-41.0.7_2,1.pkg: .......... done
[13/95] Fetching monit-5.33.0.pkg: .......... done
[14/95] Fetching py39-service-identity-23.1.0.pkg: ... done
[15/95] Fetching nss-3.95.pkg: .......... done
[16/95] Fetching cpdup-1.22.pkg: .... done
[17/95] Fetching py39-pyasn1-modules-0.3.0.pkg: .......... done
[18/95] Fetching php82-zlib-8.2.14.pkg: ... done
[19/95] Fetching php82-dom-8.2.14.pkg: ......... done
[20/95] Fetching php82-simplexml-8.2.14.pkg: ... done
[21/95] Fetching py39-numpy-1.25.0_4,1.pkg: .......... done
pkg-static: cached package py39-numpy-1.25.0_4,1: missing or size mismatch, fetching from remote
[22/95] Fetching py39-numpy-1.25.0_4,1.pkg: .......... done
pkg-static: cached package py39-numpy-1.25.0_4,1: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Starting web GUI...done.
Generating RRD graphs...done.
It did more packages but still failed.
What can I try next?
How does a connectivity check look like ?
Not what I asked really
Quote from: newsense on July 17, 2024, 03:35:41 AM
Not what I asked really
If you can be more specific in your question I would be happy to provide exactly what you seek.
Please post the whole output from the connectivity check
Quote from: newsense on July 17, 2024, 03:40:49 AM
Please post the whole output from the connectivity check
Where do I find that feature? It does not show in the serial console and I haven't spotted it in the WebGUI.
Over SSH/console
Select option 12, answer with c to the y/n prompt.
In the GUI
System -Firmware - Status
Run an Audit - Connectivity
Disk full?
Cheers,
Franco
Quote from: newsense on July 17, 2024, 06:45:44 AM
Over SSH/console
Select option 12, answer with c to the y/n prompt.
In the GUI
System -Firmware - Status
Run an Audit - Connectivity
So before I ran the test below I tried option 12 again and it completed the upgrade to the latest 23.10 branch. However, when trying again to upgrade to 24.4 it is giving the same failure as the start of the thread.
The DEC850 is fresh from OPNSense shop. I hope it doesn't have a full disk!
As requested from the serial console:
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
This update requires a reboot.
Proceed with this action? [y/N]: c
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Press any key to return to menu.
However, right before this and right after it (after performing a pkg clean -ya) it gets at least part way through the upgrade process. I am also able to access the internet to post to this form and perform searches via DuckDuckGo while this connection audit is running.
The DEC850 is connected directly to a Netgear Nighthawk M6 Pro that is configured to output a direct public IP via it's ethernet port in power cord only mode (this is how FirstNet directs using it in a fixed configuration as a modem only)
IPv6 is causing the issue there.
QuoteChecking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Go to System-Settings-General and make sure
Prefer to use IPv4 even if IPv6 is available is checked. Save settings and try to update again.
https://<Your IP here>/system_general.php
Sorry, I had to go into the posts to scrub the subscription key from the URL.
package py39-numpy-1.25.0_4,1 is definitely there, but let me try to replay an update there to see what happens. BRB.
Cheers,
Franco
My bad, tunnel vision and forgot the key would show up
So I tried the upgrade from a fresh 23.10 install and it ran fine to 23.10.3 and health audit is ok. I'm sure it's not the mirror either so there has to be a local issue of some sort but I have no idea what it could be.
for some reason I still suspect a disk-related issue and it would be useful to post the usage stats (df -h).
Cheers,
Franco
Quote from: newsense on July 18, 2024, 03:39:05 AM
IPv6 is causing the issue there.
QuoteChecking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Go to System-Settings-General and make sure Prefer to use IPv4 even if IPv6 is available is checked. Save settings and try to update again.
https://<Your IP here>/system_general.php
Just checked and that check box was already checked before I started this thread.
I have been repeatedly using "pkg clean -ya" and then option 12 in the serial console and have managed to get it to 24.4 branch with enough persistence.
(https://i.ibb.co/KqN5Cf1/image.png) (https://ibb.co/KqN5Cf1)
*** *********.*****,**** : OPNsense 24.4.1_3 ***
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: **.***.**.**/30
HTTPS: SHA256 *****
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
Proceed with this action? [y/N]: c
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
Press any key to return to menu.
It does seem to be something to do with the stability of the connection or the resolution of the address given how this seems to be intermittent.
Quote from: franco on July 18, 2024, 02:51:10 PM
So I tried the upgrade from a fresh 23.10 install and it ran fine to 23.10.3 and health audit is ok. I'm sure it's not the mirror either so there has to be a local issue of some sort but I have no idea what it could be.
for some reason I still suspect a disk-related issue and it would be useful to post the usage stats (df -h).
Cheers,
Franco
Out put from 'df -h' in the serial terminal shell:
~ # df -h
Filesystem Size Used Avail Capacity Mounted on
zroot/ROOT/default 222G 2.5G 220G 1% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/gpt/efifs 256M 888K 255M 0% /boot/efi
zroot/var/audit 220G 96K 220G 0% /var/audit
zroot/var/tmp 220G 96K 220G 0% /var/tmp
zroot/tmp 220G 7.4M 220G 0% /tmp
zroot/usr/src 220G 96K 220G 0% /usr/src
zroot/usr/ports 220G 96K 220G 0% /usr/ports
zroot 220G 96K 220G 0% /zroot
zroot/usr/home 220G 96K 220G 0% /usr/home
zroot/var/log 220G 87M 220G 0% /var/log
zroot/var/crash 220G 100K 220G 0% /var/crash
zroot/var/mail 220G 152K 220G 0% /var/mail
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
devfs 1.0K 1.0K 0B 100% /var/unbound/dev
/usr/local/lib/python3.11 222G 2.5G 220G 1% /var/unbound/usr/local/lib/python3.11
/lib 222G 2.5G 220G 1% /var/unbound/lib
Try two more things please:
WAN interface
- make sure Block private networks is unchecked (unsure what IP you have on wan)
- IPv6 Configuration Type set to None
Quote from: newsense on July 19, 2024, 03:50:22 AM
Try two more things please:
WAN interface
- make sure Block private networks is unchecked (unsure what IP you have on wan)
- IPv6 Configuration Type set to None
Already set that way before the thread was started:
(https://i.ibb.co/Y7N3xpG/image.png) (https://ibb.co/Y7N3xpG)
Before I found how to set the Netgear Nighthawk M6 Pro to pass through the public IP I had to set it that way as it was providing a private IP range.
Would my public IP be useful?
No, your public IP is not needed as long as it is public and you're not dropping traffic because of a private IP on the WAN and the improper settings on the interface.
So...if all looks good, what happens when you run this command ?
pkg update && pkg install nano
Quote from: newsense on July 19, 2024, 06:21:23 AM
No, your public IP is not needed as long as it is public and you're not dropping traffic because of a private IP on the WAN and the improper settings on the interface.
So...if all looks good, what happens when you run this command ?
pkg update && pkg install nano
it works:
~ # pkg update && pkg install nano
Updating OPNsense repository catalogue...
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.pkg: 100% 241 KiB 246.5kB/s 00:01
Processing entries: 100%
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Updating OPNsense repository catalogue...
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.pkg: 100% 241 KiB 246.5kB/s 00:01
Processing entries: 100%
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nano: 8.0
Number of packages to be installed: 1
251 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/1] Fetching nano-8.0.pkg: 100% 251 KiB 257.5kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing nano-8.0...
[1/1] Extracting nano-8.0: 100%
But the coms check still doesn't:
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
Proceed with this action? [y/N]: c
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
Press any key to return to menu.
The updates didn't fail at the start but after several packages had been downloaded. With enough persistance I was able to get through an update completely so I'm up to 24.4 now but I'd like to fix this before having to reopen the thread next time there is a BE patch.
I think it further indicates that there is a local issue with your Internet connection or network equipment or cabling in front of the OPNsense. Doesn't appear to be the disk or the device or the mirror.
And frankly let's ignore the IPv6 health audit errors when IPv6 is disabled anyway. It's purely diagnostic telling us IPv6 doesn't work which is... true. ;)
Cheers,
Franco
Quote from: franco on July 19, 2024, 11:00:54 AM
I think it further indicates that there is a local issue with your Internet connection or network equipment or cabling in front of the OPNsense. Doesn't appear to be the disk or the device or the mirror.
And frankly let's ignore the IPv6 health audit errors when IPv6 is disabled anyway. It's purely diagnostic telling us IPv6 doesn't work which is... true. ;)
Cheers,
Franco
I've tried swapping the .5 meter cable that went from the Netgear Nighthawk M6 Pro to the DEC850vs with a different cable. It made no change.
I have tried using serial terminal option 7 and several sites and it doesn't show packet loss but using command 'c' in option 12 does.
OPNsense 24.4.1_3 ***
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: ******/30
HTTPS: SHA256 ****
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 7
Enter a host name or IP address: www.google.com
PING www.google.com (142.250.191.228): 56 data bytes
64 bytes from 142.250.191.228: icmp_seq=0 ttl=115 time=64.835 ms
64 bytes from 142.250.191.228: icmp_seq=1 ttl=115 time=89.934 ms
64 bytes from 142.250.191.228: icmp_seq=2 ttl=115 time=89.795 ms
--- www.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 64.835/81.521/89.934/11.799 ms
Press ENTER to continue.
*** lurch.adams.fun: OPNsense 24.4.1_3 ***
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: *****/30
HTTPS: SHA256 *****
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
Proceed with this action? [y/N]: c
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
Press any key to return to menu.
*** lurch.adams.fun: OPNsense 24.4.1_3 ***
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: *****/30
HTTPS: SHA256 *****
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 7
Enter a host name or IP address: www.bing.com
PING e86303.dscx.akamaiedge.net (23.209.37.106): 56 data bytes
64 bytes from 23.209.37.106: icmp_seq=0 ttl=55 time=73.048 ms
64 bytes from 23.209.37.106: icmp_seq=1 ttl=55 time=108.998 ms
64 bytes from 23.209.37.106: icmp_seq=2 ttl=55 time=89.823 ms
--- e86303.dscx.akamaiedge.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 73.048/90.623/108.998/14.687 ms
Press ENTER to continue.
*** lurch.adams.fun: OPNsense 24.4.1_3 ***
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: *******/30
HTTPS: SHA256 ***
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 7
Enter a host name or IP address: opnsense.org
PING opnsense.org (178.162.131.118): 56 data bytes
64 bytes from 178.162.131.118: icmp_seq=0 ttl=50 time=151.912 ms
64 bytes from 178.162.131.118: icmp_seq=1 ttl=50 time=169.263 ms
64 bytes from 178.162.131.118: icmp_seq=2 ttl=50 time=174.856 ms
--- opnsense.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 151.912/165.343/174.856/9.768 ms
Press ENTER to continue.
I even tried deciso.com:
Enter an option: 7
Enter a host name or IP address: deciso.com
PING deciso.com (178.162.136.178): 56 data bytes
64 bytes from 178.162.136.178: icmp_seq=0 ttl=50 time=153.909 ms
64 bytes from 178.162.136.178: icmp_seq=1 ttl=50 time=174.483 ms
64 bytes from 178.162.136.178: icmp_seq=2 ttl=50 time=187.436 ms
--- deciso.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 153.909/171.942/187.436/13.805 ms
Press ENTER to continue.
Enter an option: 7
Enter a host name or IP address: opnsense-update.deciso.com
PING opnsense-update.deciso.com (89.149.211.205): 56 data bytes
64 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=488.380 ms
64 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=179.525 ms
64 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=178.570 ms
--- opnsense-update.deciso.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 178.570/282.158/488.380/145.821 ms
Press ENTER to continue.
When I run option 12 command 'c' it always loses packets but not when I directly ping?
Quote from: charles.adams on July 20, 2024, 12:10:15 AM
I've tried swapping the .5 meter cable that went from the Netgear Nighthawk M6 Pro to the DEC850vs with a different cable. It made no change.
Most likely the issue is not with the cable but with your unstable 5G connection.
Wow a 200-500ms ping? That will slow down TCP a whole lot. I bet there is also a lot of paket loss. This all combined makes anything TCP and internet related a really bad experience and most likely causes a lot of timeouts and retransmissions.
Quote from: Monviech on July 20, 2024, 01:23:31 PM
Wow a 200-500ms ping? That will slow down TCP a whole lot. I bet there is also a lot of paket loss. This all combined makes anything TCP and internet related a really bad experience and most likely causes a lot of timeouts and retransmissions.
It doesn't seem to affect anything else and any other destination I've tried has much lower (less than 100 ms) ping times. It's only the deciso update server that seems to have this problem.
To https://packetlosstest.com/ New Jersey server:
Total Packet Loss: 0.00%
Upload Packet Loss: 0.00%
Download Packet Loss: 0.00%
Late Packet Rate: 0.00%
Average Latency: 83.86ms
Average Jitter: 6.84ms
Test Settings:
Duration: 10 seconds
Frequency: 15 pings/second
Average Size: 220 bytes
Acceptable Delay: 200ms
Details:
--------------
id,status,ping
1,success,89
2,success,80
3,success,78
4,success,78
5,success,81
6,success,73
7,success,83
8,success,82
9,success,83
10,success,83
11,success,90
12,success,88
13,success,95
14,success,83
15,success,73
16,success,79
17,success,85
18,success,80
19,success,80
20,success,75
21,success,87
22,success,80
23,success,75
24,success,85
25,success,85
26,success,79
27,success,85
28,success,86
29,success,80
30,success,74
31,success,90
32,success,81
33,success,74
34,success,117
35,success,78
36,success,76
37,success,81
38,success,74
39,success,80
40,success,76
41,success,74
42,success,92
43,success,83
44,success,76
45,success,91
46,success,84
47,success,73
48,success,82
49,success,73
50,success,75
51,success,79
52,success,71
53,success,83
54,success,79
55,success,72
56,success,77
57,success,90
58,success,79
59,success,80
60,success,72
61,success,91
62,success,98
63,success,101
64,success,77
65,success,78
66,success,83
67,success,81
68,success,82
69,success,84
70,success,82
71,success,99
72,success,87
73,success,79
74,success,79
75,success,94
76,success,91
77,success,93
78,success,96
79,success,77
80,success,73
81,success,99
82,success,85
83,success,130
84,success,84
85,success,78
86,success,79
87,success,83
88,success,77
89,success,96
90,success,90
91,success,84
92,success,73
93,success,93
94,success,98
95,success,76
96,success,82
97,success,81
98,success,73
99,success,84
100,success,77
101,success,84
102,success,89
103,success,93
104,success,81
105,success,76
106,success,96
107,success,104
108,success,88
109,success,91
110,success,97
111,success,89
112,success,73
113,success,79
114,success,81
115,success,100
116,success,75
117,success,84
118,success,79
119,success,83
120,success,87
121,success,78
122,success,86
123,success,98
124,success,109
125,success,91
126,success,83
127,success,75
128,success,81
129,success,76
130,success,93
131,success,73
132,success,85
133,success,84To their German server:
Total Packet Loss: 0.00%
Upload Packet Loss: 0.00%
Download Packet Loss: 0.00%
Late Packet Rate: 0.00%
Average Latency: 170.80ms
Average Jitter: 5.73ms
Test Settings:
Duration: 10 seconds
Frequency: 15 pings/second
Average Size: 220 bytes
Acceptable Delay: 200ms
Details:
--------------
id,status,ping
1,success,175
2,success,167
3,success,162
4,success,175
5,success,177
6,success,171
7,success,166
8,success,162
9,success,173
10,success,172
11,success,164
12,success,167
13,success,173
14,success,176
15,success,166
16,success,186
17,success,165
18,success,176
19,success,163
20,success,162
21,success,173
22,success,176
23,success,184
24,success,180
25,success,166
26,success,164
27,success,166
28,success,171
29,success,175
30,success,165
31,success,196
32,success,174
33,success,166
34,success,166
35,success,161
36,success,174
37,success,168
38,success,176
39,success,163
40,success,168
41,success,162
42,success,166
43,success,167
44,success,176
45,success,174
46,success,177
47,success,162
48,success,170
49,success,164
50,success,167
51,success,166
52,success,182
53,success,165
54,success,163
55,success,175
56,success,175
57,success,165
58,success,168
59,success,168
60,success,167
61,success,172
62,success,177
63,success,184
64,success,171
65,success,174
66,success,170
67,success,172
68,success,174
69,success,165
70,success,173
71,success,179
72,success,166
73,success,167
74,success,176
75,success,168
76,success,177
77,success,173
78,success,162
79,success,181
80,success,172
81,success,164
82,success,182
83,success,162
84,success,175
85,success,170
86,success,177
87,success,159
88,success,167
89,success,171
90,success,167
91,success,177
92,success,167
93,success,186
94,success,161
95,success,162
96,success,166
97,success,170
98,success,168
99,success,167
100,success,168
101,success,167
102,success,168
103,success,162
104,success,176
105,success,168
106,success,173
107,success,171
108,success,183
109,success,174
110,success,196
111,success,168
112,success,162
113,success,171
114,success,166
115,success,171
116,success,171
117,success,173
118,success,165
119,success,170
120,success,163
121,success,175
122,success,163
123,success,164
124,success,167
125,success,192
126,success,179
127,success,166
128,success,166
129,success,188
130,success,180
131,success,174
132,success,160
133,success,177
You should check any of your ping times under a bit of load. The lost packets and retransmissions are likely going to make most downloads fail and destroy your ping success rate while at it.
Cheers,
Franco
Quote from: franco on July 20, 2024, 06:36:16 PM
You should check any of your ping times under a bit of load. The lost packets and retransmissions are likely going to make most downloads fail and destroy your ping success rate while at it.
Cheers,
Franco
While running https://speed.cloudflare.com/ below I also ran the packettest from the same site as before.
(https://i.ibb.co/BBwNmZN/image.png) (https://ibb.co/m4S8mq8)
time,direction,bytes,latency,bps,duration,serverTime,responseSize,loadedLatencies
1721516154312,download,100000,142.000067,1986274.1836265433,408.000067,69.999933,101300,
1721516159649,download,100000,84.00024400000001,4288079.120151823,189.000244,55.999756,101306,73.00018299999999
1721516159927,download,100000,83.000078,3822979.725507459,212.000078,56.999922,101309,
1721516160188,download,100000,80.00010900000001,4404562.608166715,184.000109,63.999891,101305,91.99998500000001
1721516160515,download,100000,87.000006,3448782.8906693733,235.00000599999998,55.999994,101308,
1721516160877,download,100000,96.000027,3001688.58872003,270.000027,52.999973,101307,
1721516161187,download,100000,98.000151,3377097.8752425867,240.00015100000002,57.999849,101313,193.00009
1721516161407,download,100000,81.00012000000001,5065546.200840348,160.00012,50.99988,101311,
1721516161724,download,100000,109.000223,3241949.108181395,250.000223,58.999777,101311,74.000006
1721516162010,download,100000,119.00010900000001,3787362.556904118,214.000109,63.999891,101312,
1721516162492,download,1000000,67.000067,20703500.29164207,387.000067,69.999933,1001532,209.00000599999998
1721516162993,download,1000000,67.999964,19168480.119773407,417.999964,62.000036,1001553,71.999933
1721516163427,download,1000000,97.999838,23427730.39559159,341.999838,80.000162,1001535,
1721516163798,download,1000000,67.000099,26184017.672491018,306.000099,53.999901,1001539,79.00012000000001
1721516164211,download,1000000,93.000202,23917239.30960495,335.000202,61.999798,1001535,191.999922
1721516164784,download,1000000,67.999922,16186507.601106249,494.99992199999997,68.000078,1001540,80.000202
1721516165206,download,1000000,106.000025,24353773.225397173,329.000025,75.999975,1001549,
1721516165571,download,1000000,70.000284,29676057.67407267,270.00028399999997,72.999716,1001568,69.999788
1721516166094,upload,100000,80.99997300000001,2892086.330935251,278,197.000027,1162,
1721516166579,upload,100000,83.999876,3941176.470588235,204,120.000124,1161,
1721516166784,upload,100000,87.000053,4165803.1088082893,193,105.999947,1159,
1721516167181,upload,100000,96.9998,3068702.2900763354,262,165.0002,1151,
1721516167597,upload,100000,84.000257,3510917.030567685,229,144.999743,1157,
1721516167798,upload,100000,92.999878,4231578.947368421,190,97.000122,1164,
1721516168207,upload,100000,95.00004999999999,3255060.728744939,247,151.99995,1150,
1721516168417,upload,100000,79.000042,4060606.0606060596,198,118.999958,1162,113.000038
1721516201397,upload,1000000,86.00026100000002,7584905.660377357,1060,973.999739,1165,242.999975 235.999966
1721516202597,upload,1000000,82.00006499999995,7657142.857142856,1050,967.999935,1166,303.999912
1721516203825,upload,1000000,97.99984600000005,7403314.91712707,1086,988.000154,1165,78.999924 396.99983
1721516204923,upload,1000000,106.99981500000001,7389705.88235294,1088,981.000185,1154,448.999924
1721516206213,upload,1000000,84.00010500000008,6733668.341708542,1194,1109.999895,1162,587.000111
1721516207414,upload,1000000,112.99994500000003,7805825.242718445,1030,917.000055,1155,77.00018299999999 444.000027
1721516209699,download,10000000,100.99998500000001,36411461.5769663,2197.999985,59.000015,10004049,357.000204 698.000069
1721516216108,download,10000000,74.99998500000001,12663017.751573617,6319.999985,59.000015,10003784,84.000006 76.000162 100.00030699999999 67.00018299999999 69.999945 71.000141 99.000038
1721516219759,download,10000000,73.00021,22717975.370203,3523.00021,94.99979,10004429,79.000162
1721516222775,download,10000000,99.000139,27457258.381969493,2915.000139,70.999861,10004739,86.000038
1721516225463,download,10000000,63.999933,31623947.103439137,2530.999933,55.000067,10005026,64.000034 99.99999600000001 90.00004799999999 79.999975 79.000193
1721516228168,download,10000000,93.999849,30745658.33368975,2602.999849,67.000151,10003868,113.000202 96.000162Packetloss test:
Total Packet Loss: 0.00%
Upload Packet Loss: 0.00%
Download Packet Loss: 0.00%
Late Packet Rate: 0.00%
Average Latency: 83.12ms
Average Jitter: 7.66ms
Test Settings:
Duration: 10 seconds
Frequency: 15 pings/second
Average Size: 220 bytes
Acceptable Delay: 200ms
Details:
--------------
id,status,ping
1,success,76
2,success,159
3,success,98
4,success,79
5,success,73
6,success,78
7,success,80
8,success,84
9,success,81
10,success,81
11,success,72
12,success,73
13,success,76
14,success,83
15,success,82
16,success,94
17,success,87
18,success,74
19,success,81
20,success,86
21,success,84
22,success,76
23,success,98
24,success,74
25,success,87
26,success,75
27,success,76
28,success,72
29,success,84
30,success,75
31,success,74
32,success,76
33,success,90
34,success,123
35,success,82
36,success,81
37,success,86
38,success,74
39,success,99
40,success,87
41,success,76
42,success,74
43,success,83
44,success,73
45,success,73
46,success,80
47,success,72
48,success,80
49,success,72
50,success,97
51,success,77
52,success,90
53,success,69
54,success,92
55,success,81
56,success,89
57,success,89
58,success,80
59,success,78
60,success,82
61,success,71
62,success,87
63,success,87
64,success,77
65,success,76
66,success,81
67,success,92
68,success,85
69,success,95
70,success,79
71,success,86
72,success,76
73,success,75
74,success,72
75,success,72
76,success,89
77,success,79
78,success,81
79,success,79
80,success,80
81,success,84
82,success,77
83,success,83
84,success,105
85,success,93
86,success,93
87,success,96
88,success,85
89,success,87
90,success,78
91,success,98
92,success,73
93,success,73
94,success,89
95,success,93
96,success,80
97,success,86
98,success,90
99,success,69
100,success,82
101,success,85Not great results but it's what I've got to work with and doesn't seem to be having any negative impact on Firefox's ability to download things nor access the rest of the internet (including this forum). Just the ability to reach the update for opnsense.
See pkg.conf(5) (https://man.freebsd.org/cgi/man.cgi?query=pkg.conf&sektion=5&manpath=freebsd-release-ports)
IP_VERSION
FETCH_RETRY
FETCH_TIMEOUT
Make a backup of /usr/local/etc/pkg.conf and experiments with the settings for your very much broken connectivity.
Quote from: doktornotor on July 21, 2024, 08:13:07 AM
See pkg.conf(5) (https://man.freebsd.org/cgi/man.cgi?query=pkg.conf&sektion=5&manpath=freebsd-release-ports)
IP_VERSION
FETCH_RETRY
FETCH_TIMEOUT
Make a backup of /usr/local/etc/pkg.conf and experiments with the settings for your very much broken connectivity.
Setting IP_VERSION = 4 (per the man page should force ipv4 only use) it does not seem to change the results of the connectivity check in option 12 -> 'c' seen below:
OPNsense 24.4.1_3 ***
GuestNetworkforWifiDevices (vlan01) -> v4: 192.168.69.1/32
IsolatedNetwork (vlan02) -> v4: 192.168.72.1/24
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: *****/30
HTTPS: SHA256 ****
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
Proceed with this action? [y/N]: c
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
Press any key to return to menu.
The other two options I don't see a way to test until the next BE update is availible?
Quote from: charles.adams on July 21, 2024, 04:40:30 PM
Quote from: doktornotor on July 21, 2024, 08:13:07 AM
See pkg.conf(5) (https://man.freebsd.org/cgi/man.cgi?query=pkg.conf&sektion=5&manpath=freebsd-release-ports)
IP_VERSION
FETCH_RETRY
FETCH_TIMEOUT
Make a backup of /usr/local/etc/pkg.conf and experiments with the settings for your very much broken connectivity.
Setting IP_VERSION = 4 (per the man page should force ipv4 only use) it does not seem to change the results of the connectivity check in option 12 -> 'c' seen below:
OPNsense 24.4.1_3 ***
GuestNetworkforWifiDevices (vlan01) -> v4: 192.168.69.1/32
IsolatedNetwork (vlan02) -> v4: 192.168.72.1/24
LAN (igc0) -> v4: 192.168.1.1/24
WAN (igc1) -> v4/DHCP4: *****/30
HTTPS: SHA256 ****
0) Logout 7) Ping host
1) Assign interfaces 8) Shell
2) Set interface IP address 9) pfTop
3) Reset the root password 10) Firewall log
4) Reset to factory defaults 11) Reload all services
5) Power off system 12) Update from console
6) Reboot system 13) Restore a backup
Enter an option: 12
Fetching change log information, please wait... done
This will automatically fetch all available updates and apply them.
Proceed with this action? [y/N]: c
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 849 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/SUBSCRIPTION/FreeBSD:13:amd64/24.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
Press any key to return to menu.
The other two options I don't see a way to test until the next BE update is availible?
So a question.
For the first variable that @doktornotor suggested, it seems the place to change it per the man page is at "/usr/local/etc/pkg/repos/OPNsense.conf" and pkg.conf located at /usr/local/etc/pkg.conf as the man page lists IP_VERSION as a variable at both locations? It doesn't explain which variable location is controlling or recommended?
There is nothing overriding IP_VERSION in the repo configuration. Also, I would leave those repo files alone, calls for a breakage sooner or later.
And let's not make the connectivity audit a benchmark for automatic connectivity as it forces -4 / -6 for pkg for troubleshooting reasons only. ;)
Cheers,
Franco
Quote from: franco on July 22, 2024, 09:16:57 AM
And let's not make the connectivity audit a benchmark for automatic connectivity as it forces -4 / -6 for pkg for troubleshooting reasons only. ;)
Cheers,
Franco
Sure, I guess at this point there is nothing I can do besides wait for another update to see if the IP_VERSION variable or the other two are effective?