Hey all,
I didn't yet found a new section for the BETA so I will use this one for now.
I decided to spin the OPNsense 25.1-BETA in a Proxmox as I was curious. That new loggo slaps, beutifull love it.
However the new theme opnsense-dark... I know its still work in progress but the colors are a bit off in my opinion and too much contrasty and do not go well together. This is not a critique! Just it feels to me a bit off.
For example:
* The black background and the grey - wouldn't it be better to replace the grey with a different tone of black? It would go more natural to the overall there, this way it looks bit cheap
* The banner on the bottom with "OPNsense (c) 2014-2024 Deciso B.V." is totally different color than banner where is the OPNsense logo, e.g the tone is off to the total dark theme
These are just the 1st observations. I will try to do some configuration and Implementation to see if overall the BETA works
As always many thanks for all the hard work!
Regards,
S.
Thanks, I'll pass these on. I don't doubt more tweaks will go into both themes.
Also found this testing the images but wasn't very handy to redo images at that point :)
https://github.com/opnsense/core/commit/4f0fdfa1a3
Forum created and post moved, thanks for the reminder!
Been running ok for me for a week now. That doesn't mean there won't be any issues, but it seems to be least complicated OS transition so far.
Cheers,
Franco
I switched the type to "Development" and I am now running:
OPNsense 25.1.b_19-amd64
FreeBSD 14.1-RELEASE-p6
Is that correct? I thought it was supposed to be FreeBSD 14.2?
Also my dashboard got reset to the default. I was coming from 24.7.11_2 with the per-user dashboard settings already in place.
Technically 25.1.b_19 has the latest in what will be the next stable opnsense package in 25.1, however it is still running on FreeBSD 14.1 kernel and base.
The bigger changes will come in RC1 -if my understanding is correct.
Quote from: franco on December 19, 2024, 11:18:11 PMThanks, I'll pass these on. I don't doubt more tweaks will go into both themes.
Also found this testing the images but wasn't very handy to redo images at that point :)
https://github.com/opnsense/core/commit/4f0fdfa1a3
Forum created and post moved, thanks for the reminder!
Been running ok for me for a week now. That doesn't mean there won't be any issues, but it seems to be least complicated OS transition so far.
Cheers,
Franco
Thanks Franco! That commit tho interesting simple steps in fine tuning :D.
Quote from: newsense on December 20, 2024, 08:18:10 AMTechnically 25.1.b_19 has the latest in what will be the next stable opnsense package in 25.1, however it is still running on FreeBSD 14.1 kernel and base.
The bigger changes will come in RC1 -if my understanding is correct.
So you say the true testing challenge starts in RCx releases? :)
Cause so far from what I see the BETA runs surprisingly well(Didn't try yet out everything I usually run, but still...).
Regards,
S.
Hi,
First, I'm not sure whether I should write separate feedback in this topic or open a new one.
I decided to take part in beta testing and I'm running 25.1 in place of my home setup. So far so good. I'm especially looking forward to PPPoE improvements. Not sure how much new is in 25.1 in comparison to latest 24.7 but still happy about what I've seen so far.
But, I have a question: Since interfaces menu has been reorganised I failed to find point-to-point device logs in the UI. Where has it moved? Or if it was removed, was it intentional or there's a chance it's going to be back at some later point as it's not critical?
Being "blessed" with PPPoE it's useful to take a look there as a first step of troubleshooting down connection. Having this in the UI was nice.
Thanks!
The beta, in my understanding, is mainly about validation of the new OS with a new kernel and base packages, and also exposing the new features, interfaces and changes in the core OPNsense package to a wider audience.
For anyone brave you can load the beta kernel into latest OPNsense 24.7.11 development:
# opnsense-update -bkr 25.1.b -A 25.1
This doesn't work for community release since the signing keys are not there yet, here you need -i option as well (for insecure).
You could also consider only loading the kernel (-k) without base (-b) for a reduced risk, but it runs fine here in a production environment since a whole week.
For now there are no direct upgrades to FreeBSD 14.2 kernel/base but they will indeed follow with the RC.
Cheers,
Franco
Quote from: pataps on December 20, 2024, 09:42:17 AMBut, I have a question: Since interfaces menu has been reorganised I failed to find point-to-point device logs in the UI. Where has it moved? Or if it was removed, was it intentional or there's a chance it's going to be back at some later point as it's not critical?
Hi, the PPP logs moved to System: Settings: General along with the rest of the things that provide connectivity (dhclient, dhcp6c, radvd, etc.). This was done because historically it is harder to debug PPPoE and context was often missing from bug reports that I hope will be better now.
Cheers,
Franco
Quote from: Patrick M. Hausen on December 19, 2024, 11:40:58 PMAlso my dashboard got reset to the default. I was coming from 24.7.11_2 with the per-user dashboard settings already in place.
All of the dashboard? Might be the new user manager changes. I'll take a look.
Quote from: franco on December 20, 2024, 10:26:36 AMQuote from: Patrick M. Hausen on December 19, 2024, 11:40:58 PMAlso my dashboard got reset to the default. I was coming from 24.7.11_2 with the per-user dashboard settings already in place.
All of the dashboard? Might be the new user manager changes. I'll take a look.
Yes, entire dashboard reverted to the default widgets and layout.
Ok, I'll check this out. Thanks.
# ping pkg.opnsense.org
PING pkg.opnsense.org (89.149.222.99): 56 data bytes
64 bytes from 89.149.222.99: icmp_seq=0 ttl=50 time=31.842 ms
64 bytes from 89.149.222.99: icmp_seq=1 ttl=50 time=34.511 ms
64 bytes from 89.149.222.99: icmp_seq=2 ttl=50 time=29.106 ms
^C
--- pkg.opnsense.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
# uname -a
FreeBSD CZ-HRUS-OPN-LAB.VLAN999 14.2-RELEASE FreeBSD 14.2-RELEASE stable/25.1-n269579-cd5d25393d6 SMP amd64
Btw Patrick & NEW, My OPNsense BETA which was spin off from the image provided by Franco is running 14.2
Regards.
S.
Stephan found the dashboard issue, thanks for the report! https://github.com/opnsense/core/commit/909e945e7
I have a Sophos SG330 for testing purposes.
OPNsense 24.7 was installed and running on that machine. I changed the firmware type to "Development" and installed 25.1. After the reboot was completed i was no longer able to access opnsense (web gui as well as ssh) but it did replay to ping.
After that i downloaded the 25.1 image and did a clean install. Same problem as before. So i installed 24.7 again, all fine.
I then installed 25.1 on PVE with the same effect as described for my SG330: no gui logon possible.
After i disabled pf via console i was able to logon.
Well that's weird,
I deployed it on Proxmox as well, with a single NIC. Deployed it with a vlan from CLI static IP and GW set to production OPNsense without problem.
Regards,
S.
Quote from: Seimus on December 20, 2024, 07:17:58 PMWell that's weird,
I deployed it on Proxmox as well, with a single NIC. Deployed it with a vlan from CLI static IP and GW set to production OPNsense without problem.
Regards,
S.
I also upgraded from 24.7 on cloned PVE. Expected mayhem but everything works surprisingly well. No major issues.
BUT I have a minor one - on mobile menu button is completely invisible (I guess it's white on white background), but it's there because when blindly tapping where it's supposed to be it works and highlights in dark grey :> Also - new, more white theme looks better IMO.
Quote from: pataps on December 20, 2024, 08:36:57 PMBUT I have a minor one - on mobile menu button is completely invisible (I guess it's white on white background), but it's there because when blindly tapping where it's supposed to be it works and highlights in dark grey :> Also - new, more white theme looks better IMO.
Can you tell me where, or screenshot with context?
Quote from: claus.schneeberger@gmail.com on December 20, 2024, 05:52:43 PMI have a Sophos SG330 for testing purposes.
OPNsense 24.7 was installed and running on that machine. I changed the firmware type to "Development" and installed 25.1. After the reboot was completed i was no longer able to access opnsense (web gui as well as ssh) but it did replay to ping.
After that i downloaded the 25.1 image and did a clean install. Same problem as before. So i installed 24.7 again, all fine.
I heard console settings were changed for some older systems like APU for (to me) unknown reasons, but I don't remember where I got that info from... some user somewhere. I need a break ;)
Cheers,
Franco
Having the same issue with the mobile view of the dashboard.
See attached screenshots.
1 menu invisible, 2 after some clicking around found the menu butten.
I looked a bit closer and found that the Default deny / state violation rule blocks traffic on both SG330 and PVE installation of 25.1
Out of the BOX, ssh will not be possible as is disabled. And Default rule on LAN allows Ingress only connection from the LAN network that is configured on the OPNsense. Saying this there is as well a Port forward rule that makes sure that in case you try to log into OPNsense via GUI, it will be possible even in this case.
So you should be able to at least LOG into the GUI.
Regards,
S.
Quote from: franco on December 20, 2024, 08:42:17 PMQuote from: pataps on December 20, 2024, 08:36:57 PMBUT I have a minor one - on mobile menu button is completely invisible (I guess it's white on white background), but it's there because when blindly tapping where it's supposed to be it works and highlights in dark grey :> Also - new, more white theme looks better IMO.
Can you tell me where, or screenshot with context?
Yeah, sorry here are the white theme screenshots showing same thing as @staticznld:
https://imgur.com/a/Z3AWJz6
Hi. I'm testing OPNsense 25.1.b_20. Installed from DVD over a previous 24.7.11 VM.
In my case I first exported the configuration and then imported it on the newly installed box during installation with a pendrive.
Everything was just fine without errors. The only thing I had to fix was reinstall the devel versions of the plugins I were testing.
VMWare tools plugin is working just fine. The other two, ndproxy and tailscale didn't work so I disabled them for now.
I've tested the snapshot feature and is really excellent. I have this feature from the hypervisor but I think that is much better to use it natively on ZFS.
I've tested to switch the active snapshot during boot and it works fine.
One thing I could ask is the option to generate a snapshot automatically before an update, if it is not already there.
Dark theme is fine for me. I know that it could take some time to get used to this kind of changes, but it doesn't differs too much from the cicada theme I'm using on my main box.
The certificate dashboard looks fine, I'll wait to test it with my main router.
Thanks to the OPNSense team for the great work and cheers....
Hi,
I build 24.7 for ARR64 for Nanopi R5S. I have up to 24.7.11 fine here. I use Rpi5 for that, and it runs 14.1.
I tried to build 25.1-BETA and it complaints about OS, that is not 14.2.
Do I need it to build? Am I asking in the right place?
thanks,
none
I did some more testing on 25.1b_20.
For testing purposes, without connecting the box directly to the internet via WAN interface, i always assign an IP address to the LAN interface as well as the IP address of the default gateway and DNS using console menu item 2). The WAN interface stays unconfigured.
I changed this procedure for my last test, skipping the configuration of the default gateway and voila OPNsense GUI was accessible. Then i added a default gateway for the LAN interface and immediately after applying the configuration the OPNsense GUI was no longer accessible (until i use pfctl -d and disable the gateway). I repeated this several times, always experiencing the same behaviour.
Quote from: claus.schneeberger@gmail.com on December 26, 2024, 02:54:44 PMI did some more testing on 25.1b_20.
For testing purposes, without connecting the box directly to the internet via WAN interface, i always assign an IP address to the LAN interface as well as the IP address of the default gateway and DNS using console menu item 2). The WAN interface stays unconfigured.
I changed this procedure for my last test, skipping the configuration of the default gateway and voila OPNsense GUI was accessible. Then i added a default gateway for the LAN interface and immediately after applying the configuration the OPNsense GUI was no longer accessible (until i use pfctl -d and disable the gateway). I repeated this several times, always experiencing the same behaviour.
Hi Claus,
I am new to the party here, but I don't get why having gateway to the LAN if. Is it not going to act as a router?
I may be missing something here, so sorry if I am not helping.
none
Upgraded to the beta. All is working here so far except for the missing menu button like others reported. Still testing and will report issues if I find them.
Added an issue regarding dnsmasq in 25.1 here (https://forum.opnsense.org/index.php?topic=44966.0)
Essentially, dnsmasq option"Query DNS servers sequentially" not working as expected.
Hi all,
another issue I got here is ssh login, I created a new user, set it to "admin" group, but could not login. Did just what I used to on 24.7.
Anyone also saw this?
none
Quote from: none on January 03, 2025, 02:45:43 AMHi all,
another issue I got here is ssh login, I created a new user, set it to "admin" group, but could not login. Did just what I used to on 24.7.
Anyone also saw this?
none
After a couple of reboots working on something else it worked!
none
The mobile menu button was fixed in https://github.com/opnsense/core/commit/970977f5bf
I want to push a package update to the Beta later this week.
Cheers,
Franco
Quote from: franco on December 20, 2024, 10:20:06 AM# opnsense-update -bkr 25.1b -A 25.1
It should be 25.1.b - so being on community I switch to development stream, ran 'opnsense-update -bkr 25.1.b -A 25.1 -i', and then updated
I still have internet.... ipv4 & ipv6 / pppoe
FreeBSD OPNsense.cherrybyte.me.uk 14.2-RELEASE FreeBSD 14.2-RELEASE stable/25.1-n269579-cd5d25393d6 SMP amd64
Since the update, I did get these log entries:
2025-01-07T19:00:20 Error flowd_aggregate.py sqlite3 repair /var/netflow/src_addr_details_086400.sqlite
2025-01-07T19:00:20 Error flowd_aggregate.py sqlite3 repair /var/netflow/metadata.sqlite [done]
2025-01-07T19:00:20 Error flowd_aggregate.py sqlite3 repair /var/netflow/metadata.sqlite
2025-01-07T18:59:05 Error flowd_aggregate.py flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 160, in run aggregate_flowd(self.config, do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 80, in aggregate_flowd stream_agg_object.add(copy.copy(flow_record)) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/interface.py", line 72, in add super(FlowInterfaceTotals, self).add(flow) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/__init__.py", line 185, in add self._update_cur.execute(self._update_stmt, flow) sqlite3.DatabaseError: database disk image is malformed
2025-01-07T18:51:30 Error flowd_aggregate.py flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 160, in run aggregate_flowd(self.config, do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 80, in aggregate_flowd stream_agg_object.add(copy.copy(flow_record)) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/interface.py", line 72, in add super(FlowInterfaceTotals, self).add(flow) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/__init__.py", line 185, in add self._update_cur.execute(self._update_stmt, flow) sqlite3.DatabaseError: database disk image is malformed
2025-01-07T18:51:20 Error opnsense-devel /usr/local/etc/rc.newwanipv6: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'
2025-01-07T18:51:19 Warning radvd exiting, 1 sigterm(s) received
2025-01-07T18:51:16 Error opnsense-devel /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'
2025-01-07T18:51:15 Error opnsense-devel /usr/local/etc/rc.bootup: The command '/usr/sbin/powerd -b 'hadp' -a 'hadp' -n 'hadp'' returned exit code '69', the output was 'powerd: no cpufreq(4) support -- aborting: No such file or directory'
2025-01-07T18:51:14 Error opnsense-devel /usr/local/etc/rc.bootup: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'
2025-01-07T18:51:11 Warning opnsense-devel /usr/local/etc/rc.bootup: dhcpd_radvd_configure(manual) found no suitable IPv6 address on lan(vtnet0)
The 'repair' entries only came up after I attempted to repair netflow data.
The system was rebooted at around 1851 so unsure yet if these were just related to shutdown.
Update
- When checking 'dmesg' I noticed the following 'pid 44730 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)'
Quote from: planetf1 on January 07, 2025, 07:53:55 PMIt should be 25.1.b - so being on community I switch to development stream, ran 'opnsense-update -bkr 25.1.b -A 25.1 -i', and then updated
Thanks, I edited the original post as well.
About ntpd core dumping I'm unsure. We're rebuilding packages cleanly for 25.1 for the RC, but we're not quite there yet. Haven't seen this here myself. If in doubt at least do a health audit and/or reinstall the ntp package.
Cheers,
Franco
Thanks @franco - for now I've added a cron 'ntpdate' rather than dig into ntp. Also the system is a vm so the base clock should start synced. I'll try again with the RC code, and investigate further if still bad then.
I did report issues with the flow database. A repair fixed those. May have been unrelated to an upgrade, just a bad time to reboot...
I checked the config for ntp, and switched from all interfaces to WAN only after seeing this:
2025-01-08T07:43:26 Error ntpd unable to create socket on vtnet0 (2) for [fd77:2ac4:81ba::]:123
2025-01-08T07:43:26 Error ntpd bind(22) AF_INET6 [fd77:2ac4:81ba::]:123 flags 0x11 failed: Can't assign requested address
I suspect the ntp issue is unrelated to 25.1, but rather is because I started using a local ipv6 address (fd77:.....) on my lan. This is done by creating a virtual interface in opnsense, whereupon clients use slacc to create an address (this all seems to work ok)
ntp doesn't like it.
Actually it doesn't work on LAN either - so maybe it's all internal ipv6? But the logs only ever refer to the fd77 address. Perhaps the config when selected 'WAN,LAN' isn't being setup properly (the virtual interface shows as a third one)
However I'm not making use of ntp on the lan (that I know of, unless advertized?) so I switched to WAN only. At least that way opnsense itself will be working as a client. Seems good enough for now.
A quick google search indicates there may have been issues in this area with ntp in the past.
I checked the config for ntp, and switched from all interfaces to WAN only after seeing this:
2025-01-08T07:43:26 Error ntpd unable to create socket on vtnet0 (2) for [fd77:2ac4:81ba::]:123
2025-01-08T07:43:26 Error ntpd bind(22) AF_INET6 [fd77:2ac4:81ba::]:123 flags 0x11 failed: Can't assign requested address
I suspect the ntp issue is unrelated to 25.1, but rather is because I started using a local ipv6 address (fd77:.....) on my lan. This is done by creating a virtual interface in opnsense, whereupon clients use slacc to create an address (this all seems to work ok)
ntp doesn't like it.
Actually it doesn't work on LAN either - so maybe it's all internal ipv6? But the logs only ever refer to the fd77 address. Perhaps the config when selected 'WAN,LAN' isn't being setup properly (the virtual interface shows as a third one)
However I'm not making use of ntp on the lan (that I know of, unless advertized?) so I switched to WAN only. At least that way opnsense itself will be working as a client. Seems good enough for now.
A quick google search indicates there may have been issues in this area with ntp in the past.
ntp fails when 'listen vtnet0' is added to the /var/etc/ntpd.conf file by opnsense:
root@OPNsense:/tmp # ifconfig vtnet0
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: LAN (lan)
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether bc:24:11:22:33:44
inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
inet6 fe80::be24:11ff:fe19:25a8%vtnet0 prefixlen 64 scopeid 0x2
inet6 fd77:2ac4:81ba:: prefixlen 48 duplicated
inet6 2a06:5982:1476:5555:6789:11ff:1234:25a8 prefixlen 64
groups: NET_LOCAL
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
(addresses obfuscated)
SO maybe the error is caused by me setting up the virtual interface incorrectly. The intent was simply to get a prefix broadcast that clients on the lan would use.
So in opnsense I added 'fd77:2ac4:81ba::/48' - but maybe this should be an actual address?
It seemed to work for the clients - for example my macbook currently has
inet6 fd77:2ac4:81ba:0:1cd3:d581:9c41:4242 prefixlen 64 autoconf secured
Hmm, don't use /48, always /64 or /128 depending on your intention but still favouring /64 overall.
For better IPv6 support I have a test patch for https://github.com/opnsense/core/commit/6c95d574a4a but no testers anymore it seems -- but this is only for explicit interfaces selected I think.
Cheers,
Franco
I can confirm that using ULAs as virtual IPs in LAN breaks ntpd. As long as lan interface with virtual ip added is selected in the ntpd interfaces list it cannott start saying that it cannot bind to fdxx address. Haven't found any other way around this other than removing virtual ip alias. Although I also think this was already a thing before 25.1.
Is this with a specific selection under Services: Network Time: General: Interfaces or using "all"?
Cheers,
Franco
I don't have an issue with fd77:2ac4:81ba:0:1cd3:d581:9c41:4242 but it looks like this is DAD playing tricks again...
Does this tunable help?
"net.inet6.ip6.dad_count" with value "0"
Cheers,
Franco
My gut feeling is this will fix ntpd starting up correctly but it will probably ignore the virtual IP in /var/etc/ntpd.conf for the mentioned reason.
# opnsense-patch https://github.com/opnsense/core/commit/c6e700fbae3
Quote from: franco on January 09, 2025, 08:17:40 AMIs this with a specific selection under Services: Network Time: General: Interfaces or using "all"?
Cheers,
Franco
Hi actually it's both. I have "Lan" network with ipv4, ipv6 gua and virtual ip in form of ula/64. I can pick any interface but picking this one breakes ntpd. I also have another similar one, but without ipv4 and this one doesn't do this.
I'll check both unable and patch fixes later today and report back.
Thanks!
I tried the patch (25.1 beta, with updated base/kernel), and with wan, lan + a virtual ipv6 /64 address (all selected in ntp config) ntp starts up ok :)
I did some more work on this... in particular:
https://github.com/opnsense/core/commit/c6e700fb
https://github.com/opnsense/core/commit/b2cc8168
https://github.com/opnsense/core/commit/be42113a (which is likely the real culprit for the nptd behaviour)
Too much for 24.7.x but luckily 25.1 is almost there :)
Cheers,
Franco
Quote from: planetf1 on January 09, 2025, 07:31:24 PMI tried the patch (25.1 beta, with updated base/kernel), and with wan, lan + a virtual ipv6 /64 address (all selected in ntp config) ntp starts up ok :)
Yup, it works great. Thanks franco :)
Hi,
is there any changes in the repository scheme or anything else?
I have the repository set up the same as before, but I keep getting this message:
Could not verify the repository fingerprint.
I have the repo fingerprint under /usr/local/etc/pkg/fingerprints/OPNsense/trusted/, the repo has all packages signed with that, and it is not working :(
thanks,
none
Quote from: pataps on January 09, 2025, 07:58:35 PMQuote from: planetf1 on January 09, 2025, 07:31:24 PMI tried the patch (25.1 beta, with updated base/kernel), and with wan, lan + a virtual ipv6 /64 address (all selected in ntp config) ntp starts up ok :)
Yup, it works great. Thanks franco :)
I guess I spoko too soon. After OPNSense reboot I get the same issue..
<101>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 7902 - [meta sequenceId="8"] ----------------------------------------------------
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="9"] proto: precision = 0.109 usec (-23)
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="10"] basedate set to 2024-12-27
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="11"] gps base set to 2024-12-29 (week 2347)
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="12"] initial drift restored to 7.743286
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="13"] Listen and drop on 0 v6wildcard [::]:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="14"] Listen and drop on 1 v4wildcard 0.0.0.0:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="15"] Listen normally on 2 re0 [fe80::5e85:7eff:fe47:f51a%1]:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="16"] Listen normally on 3 re1 [fe80::5e85:7eff:fe47:f51b%2]:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="17"] Listen normally on 4 re1 192.168.1.1:123
<99>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="18"] bind(25) AF_INET6 [fdf3:e453:45bc::]:123 flags 0x11 failed: Can't assign requested address
<99>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="19"] unable to create socket on re1 (5) for [fdf3:e453:45bc::]:123
<99>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 7902 - [meta sequenceId="20"] daemon child died with signal 11
It still doesn't like the virtual ip added to "Lan".
OPNsense 25.1.b_108
Yep, my bad:
# opnsense-patch https://github.com/opnsense/core/commit/26de190ba
Cheers,
Franco
On OPNsense 25.1.b_108 there's no IPSec Phase 2 anymore on 3 FWs - no change in the configuration on any prior to the upgrade to the -devel version. Things were also fine on 14.2 K&B with the packages from 24.7
Also on one FW which has policy routing (almost) nothing works anymore on the main VLAN, all the policy routed traffic is ignored and is sent out an arbitrary openvpn GW.
(https://i.postimg.cc/kDWg8BTj/Untitled.png) (https://postimg.cc/kDWg8BTj)
all seems ok, apart from some ghost sensors.....
Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (4 cores, 4 threads)
That's a bit expected... Can you run this for me and share the output? Thanks!
# sh -c 'sysctl $(configctl system sensors)'
Quote from: newsense on January 14, 2025, 01:51:15 AMOn OPNsense 25.1.b_108 there's no IPSec Phase 2 anymore on 3 FWs - no change in the configuration on any prior to the upgrade to the -devel version. Things were also fine on 14.2 K&B with the packages from 24.7
Also on one FW which has policy routing (almost) nothing works anymore on the main VLAN, all the policy routed traffic is ignored and is sent out an arbitrary openvpn GW.
You got any static routes in the configuration that are not showing up?
Negative, static routing is not enabled.
I was wondering if these IKE patches from yesterday would help, but it seems I'm either missing some other patch or they need more tweaking, so I'll undo it for now.
# opnsense-patch e8f6a825b75c6a38183e98e24fa4139e2070a89c e58197e5a5dc686671b115f4e7efad4aaedb523d 88530c33dfb3be4c7c0396b275054deb11dec467
When reloading services this message appears:
Generating /etc/hosts...done.
Fatal error: Uncaught OPNsense\Base\ModelException: class OPNsense\IPsec\FieldTypes\IKEAddressField missing in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:158
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(205): OPNsense\Base\BaseModel->getNewField('OPNsense\\IPsec\\...')
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(278): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#2 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(299): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#3 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(385): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#4 /usr/local/etc/inc/plugins.inc.d/ipsec.inc(204): OPNsense\Base\BaseModel->__construct()
#5 /usr/local/etc/inc/plugins.inc(112): ipsec_devices()
#6 /usr/local/etc/inc/interfaces.inc(634): plugins_devices()
#7 /usr/local/etc/rc.reload_all(53): interfaces_configure(true)
#8 {main}
thrown in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php on line 158
*** OPNsense.localdomain: OPNsense 25.1.b_108 (amd64) ***
Patches renaming files are tricky even with opnsense-patch. I'm intending to update 25.1.b packages later today.
Cheers,
Franco
OpenZFS 2.3.0
https://github.com/openzfs/zfs/releases
Quote from: newsense on January 14, 2025, 01:51:15 AMAlso on one FW which has policy routing (almost) nothing works anymore on the main VLAN, all the policy routed traffic is ignored and is sent out an arbitrary openvpn GW.
Talking about this it seems that this was caused by downgrading a 25.1 kernel to 24.7 while base was still on 25.1. Backwards compat is given, but not forwards compat.
Cheers,
Franco
Been running 25.1 since December. No issues encountered. Thanks for all the work on OPNsense!
Can I update a box from 24.7.11 to 25.1.b (devel) and then in the future update to 25.1-RC1 and follow not-devel releases?
I have a Nanopi R5S running 25.1.b as testing, all fine. But my router for my home runs 24.7.11.
Thanks,
none
Yes, RC1 will add stable ("community") release type again which leads into 25.1.x -- for online upgrades when RC1 hits it's still necessary to go through opnsense-devel since we will not publish an upgrade path to stable branch before 25.1 is ready.
hello,
OpnSense beta installed on Proxmox. Provided 8Gig of RAM from 16G to OpnSense
Machine: Lenovo M83, i5-4590T. 2nd LAN provided via USB (Realtek)
Used: Zenarmor, CrowdSec, Suricata
VPN: Wireguard
DHCP: classic (not KEA)
Unbound with blacklist: YES
Internet line: 600/60 with public IPv4 address
migration from stable to development and update to beta: no issues at all
daily work: no issue at all
VPN: no issue at all (successful one-time transmission over 72G over vpn)
You have done great work, thank you.
Ah, January is here, time for opnsense update :-)
No issues so far with the update to 25.1r1; not even the strange german PPPoE stuff produced issues.
Good job team; seemless as it should be ;-)
Hey Alex, yay :)
Hi,
I failed to find any answer to this. What are the steps for switching from Development to Community in terms of installed plugins? All have this -devel suffix but after upgrade to community they stay as they were. Do I need to manually reinstall their non-devel versions?