OPNsense Forum

I noticed the 25.1 rc announce.

I had presumed the right way to install on my existing 24.7 was to change from community->development, and then run an update

This seemed to only download a single update - will this be applied on reboot, or did I take the wrong approach

(Running on proxmox, so I have a snapshot before the update, as well as backups so easy to back off)

***GOT REQUEST TO UPDATE***
Currently running OPNsense 24.7.12 (amd64) at Wed Jan 22 11:38:13 GMT 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (53 candidates): .......... done
Processing candidates (53 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
Nothing to do.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following packages will be fetched:

New packages to be FETCHED:
opnsense: 24.7.12 (4 MiB: 48.61% of the 9 MiB to download)
opnsense-devel: 25.1.b_121 (5 MiB: 51.39% of the 9 MiB to download)

Number of packages to be fetched: 2

The process will require 9 MiB more space.
9 MiB to be downloaded.
Fetching opnsense-24.7.12.pkg: .......... done
Fetching opnsense-devel-25.1.b_121.pkg: .......... done
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (1 conflicting)
  - opnsense-devel-25.1.b_121 conflicts with opnsense-24.7.12 on /boot/lua/brand-opnsense.lua
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
opnsense: 24.7.12

New packages to be INSTALLED:
opnsense-devel: 25.1.b_121

Number of packages to be removed: 1
Number of packages to be installed: 1

The process will require 6 MiB more space.
[1/2] Deinstalling opnsense-24.7.12...
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
[1/2] Deleting files for opnsense-24.7.12: .......... done
[2/2] Installing opnsense-devel-25.1.b_121...
[2/2] Extracting opnsense-devel-25.1.b_121: .......... done
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Migrated OPNsense\Core\Hasync from 1.0.1 to 1.0.2
Migrated OPNsense\Core\Tunables from <unversioned> to 1.0.0
Migrated OPNsense\Kea\KeaDhcpv4 from 1.0.2 to 1.0.3
Migrated OPNsense\Auth\Group
Migrated OPNsense\Auth\User
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from opnsense-devel-25.1.b_121:

--
Carry on my wayward son
Nothing to do.
Starting web GUI...done.
***DONE***

The system shows as '25.1.b_121' which is from the beta.
I had previously installed this, but had an update problem, so had previously restored from a snaphot. Perhaps update files were lingering.

Not rebooted yet - any recommendation?

If I toggle back to community I get prompted to install 24.7.12 - though I've not done this yet.

The upgrade path to RC1 still has to be published for opnsense-devel on 24.7.x. Most likely tomorrow morning after another round of testing.

Usually these critical major upgrade paths are a bit slower than the images, because if we publish those first and then find an issue during image testing we need to revoke the upgrades or redo them creating a lot of extra work.  Redoing images on issues is bad enough as it is (yes there was one issue that caused RC1 to be redone too in order to publish good images).


Cheers,
Franco

Thanks for clarifying - I'll keep an eye out on the announcements.

It's there now :)

I tried installing the RC but I can't get into the GUI or SSH after the update. I started with 24.7.12_2 running on Proxmox in a test VM, switched to the dev channel and was offered the beta. I accepted and then it skipped to offering me the RC. I accepted. It seems to install fine, then install the base fine and then reboot successfully. The console shows 25.1.r_6 as the version, but I can't get into the GUI or SSH. If I log into the console and do an option 12 update, the same thing seems to happen. The LAN interface in the welcome has the same IP address as before and I can ping from the console, so I should be able to connect. I am new to trying RCs so it's probably something I am doing wrong.

I had the same problem. I was not able access the Web-GUI because a default deny firewall rule was altered with the update that blocks access. I had to disable the packet filter on the command line, then I was able to login and then I specifically had to add a firewall rule to my lan interface allowing ip's from my lan to access the lan address 192.168.1.1 on port 443.

I believe that others have reported this issue, but it hasn't been resolved.

Thank you @Cljackhammer.

Your fix worked partially. Disabling the packet filter via the command line allowed me to get into the GUI. Unfortunately, I haven't figured out a firewall rule that works to keep it fixed. My configuration is non-standard because it is a test VM. OPNsense is listening on 10.7.1.26 and setting rules to allow 443 to either the IP address or "this firewall" doesn't keep it fixed. It's a test VM, so this is just for fun.

Do you have a link to the issue on GitHub? I searched but couldn't find it. I'd like to help test the fix.

To the awesome OPNsense team: I really like the new dark theme. Keep proving that it is possible to love a router.

I'm not sure if a GitHub  issue was raised. It was discussed in the main the Beta feedback thread (first 3 pages). I thought that issue would have been addressed with the RC. I'll provide an image of my LAN ruleset. The first rule is the one the new rule that I had to add to address the LAN Web-UI issue. Before I added the rule the the default deny rule was blocking access. I'm not sure if this was introduced to address a security issue. Nothing was added to release notes about this.

Nothing fancy here in terms of firewall rules. It took some time for the rule to take effect, although I didn't reset firewall states after I made the change. The OPNsense team should probably weigh in here.

The first rule is the new one that I needed to add to address the WebUI access issue.

LAN firewall ruleset (https://imgur.com/a/hhKg7rv)

(https://imgur.com/a/hhKg7rv)

Quote from: julsssark on January 24, 2025, 04:48:11 AMThank you @Cljackhammer.

Your fix worked partially. Disabling the packet filter via the command line allowed me to get into the GUI. Unfortunately, I haven't figured out a firewall rule that works to keep it fixed. My configuration is non-standard because it is a test VM. OPNsense is listening on 10.7.1.26 and setting rules to allow 443 to either the IP address or "this firewall" doesn't keep it fixed. It's a test VM, so this is just for fun.

Do you have a link to the issue on GitHub? I searched but couldn't find it. I'd like to help test the fix.

I think we internally discovered the anti-lockout wasn't working as expected but it was never tracked on GitHub so I think we need to fix for RC2 today.


Thanks,
Franco

Many thanks Franco. I wasn't sure if adding the rule was appropriate. The RC is looking good.

Created a ticket for it https://github.com/opnsense/core/issues/8242

Fixed now in RC2 (it's online).

RC1 > RC2 went smooth.

Btw the Traffic graph is bit wonky, it increased in size and its taking a lot of space... Is it only me?

Regards,
S.

Same goes as well for the Disk widget & FW widget.

this is comparison between 24.7 and the 25.1RC

Regards,
S.

Quote from: franco on January 24, 2025, 12:51:55 PMFixed now in RC2 (it's online).

Works great. Thanks Franco.

For anyone upgrading to RC2 using the Dev channel: note that the upgrade will install RC1 first. You will not be able to access the GUI or SSH to initiate the upgrade to RC2. Either add a firewall rule to prevent the lockout before you update to RC1 or make sure you have access via the console.

Upgraded my home install to RC2 and everything is working as expected so far. Nice work OPNsense team!

Quote from: Seimus on January 24, 2025, 04:39:42 PMSame goes as well for the Disk widget & FW widget.

this is comparison between 24.7 and the 25.1RC

Regards,
S.

Yes, i'm @25.1 and these widgets look like yours. Some bugs with these widgets.

Guys, make sure to switch back to community. The gauges issues in part of ChartJS 4 update which is still under development.


Cheers,
Franco

Yop you are absolutely right,

On the official community release its all fine ;)

Regards,
S.

Okay, now not sure If I am stupid or What, but I updated second testing LAB node and I still see the weirdness with widgets.

25.1 Community release
FW + Disk widgets - looks odd
Traffic widget - was it always scaled like this? I am using by default vicuna which has it thinner

No, you're not. I am.  :)

# opnsense-patch https://github.com/opnsense/core/commit/dddbf79f8

I backported a development change that I should not have.


Sorry,
Franco

And I thought I am going insane.
Nah Franco, it happens :). You are always quick to address issues even if its stupid like this one.

I can confirm after applying the patch and reloading the UI it looks beautiful (like my mental state).

# opnsense-patch https://github.com/opnsense/core/commit/dddbf79f8
Fetched dddbf79f8 via https://github.com/opnsense/core
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From dddbf79f8fb42faa6e1340bc598eaea4d8e6d754 Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Thu, 30 Jan 2025 16:20:34 +0100
|Subject: [PATCH] Revert "theme: compile sass for
| https://github.com/opnsense/core/commit/a6b0a8593f9b1baeb773dd1b1b2677298b4a6d05"
|
|This reverts commit 83723a35b295da3cbd4c7253c693ed34e8c88319.
|---
| .../www/themes/opnsense-dark/build/css/dashboard.css       | 7 -------
| src/opnsense/www/themes/opnsense/build/css/dashboard.css   | 7 -------
| 2 files changed, 14 deletions(-)
|
|diff --git a/src/opnsense/www/themes/opnsense-dark/build/css/dashboard.css b/src/opnsense/www/themes/opnsense-dark/build/css/dashboard.css
|index 23a113f86f..514724a67f 100644
|--- a/src/opnsense/www/themes/opnsense-dark/build/css/dashboard.css
|+++ b/src/opnsense/www/themes/opnsense-dark/build/css/dashboard.css
--------------------------
Patching file opnsense/www/themes/opnsense-dark/build/css/dashboard.css using Plan A...
Hunk #1 succeeded at 140.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/opnsense/www/themes/opnsense/build/css/dashboard.css b/src/opnsense/www/themes/opnsense/build/css/dashboard.css
|index 4e678612df..7226a514b5 100644
|--- a/src/opnsense/www/themes/opnsense/build/css/dashboard.css
|+++ b/src/opnsense/www/themes/opnsense/build/css/dashboard.css
--------------------------
Patching file opnsense/www/themes/opnsense/build/css/dashboard.css using Plan A...
Hunk #1 succeeded at 140.
done
All patches have been applied successfully.  Have a nice day.
Many thanks!
Regards,
S.