I can't upgrade from 25.7 to 25.7.2 on my N100 without breaking OPNsense. It literally reboots itself and then won't go into the GUI. I'm having to re-install every single time I try. PLEASE FOR THE LOVE OF GOD!!!
Well, single user mode, mount the disk, go from there.
It's also a "community" version, so I am not sure we can criticize those offering a free product.
Open source free stuff comes with the risks.
Are you running UFS or ZFS filesystem?
> PLEASE FOR THE LOVE OF GOD!!!
I'm not here to bash you, but "buy once cry once" is becoming more evident these days. We write software and include software that increasingly breaks when bad cheap hardware is used which breaks the software by returning garbage results to it. N100 and friends have been a disaster. Intel is taking a hit. This is only going to get worse.
Cheers,
Franco
Running UFS. This is not my first rodeo with OPNsense. Honestly, been using it for years now without hiccup using suricata and adblockhome for my home lab. N100 is actually quite fine: Intel chipset, Intel NICs, lots of RAM and NVME so don't know what you're talking about Franc. Lots of people use N100, it's a good option. Honestly have 2 as I also run CAKE on OpenWRT on a symmetrical gigabit line without issue. I'm just saying, I have backups for a reason, but I can't use them if I can't install the platform that the plugins are looking for. I wouldn't have to re-install the platform if the 25.7.2 update didn't kill my Opnsense software after install. Yes I understand it's opensource and "community" and all that and no software is absolutely perfect. BUT. When you release an update that breaks the entire platform and then you leave the user unable to not only update (which isn't THAT big of a deal) but then the plugins won't install either because of said update not being implemented, it's a bit of an annoyance to put it subtly.
I understand your points, but you're asking at the wrong end. N100 vs. FreeBSD is not our battle.
Cheers,
Franco
Nice. So let's deploy an update to a stable platform that breaks it for a bunch of users then throw your hands up and say "not my problem". good job..
You didnt even say so far what your issue is. What is the crash that happens, why doesn't it boot?
Can't you get any diagnostics at all?
Just saying "It does not work plz fix" does not help here.
1. As already noted, you first posting does tell us nothing about what is potentially wrong.
2. When you opt to use a cheap N100 box, you should not be too surprised that it is not as well maintained as Deciso hardware, for starters. And BTW, as you will soon see, your "glorious" N100 maybe is not as rock-solid as you think. I use one, too, but I do not complain about OpnSense.
3. What Franco told you between the lines is that there are known problems with current micorocode updates on N100 CPUs in FreeBSD, which manifest only on UFS setups, which you also deliberately chose over the recommended ZFS setup. Had you gone with ZFS, you would not have ended up in this spot in the first place.
4. What you should do before an upgrade to more current releases of OpnSense is pointed to here (https://forum.opnsense.org/index.php?topic=42985.0), #23.
Ok.
1) N100 is not cheap for a home network.
2) all three tunables have been added.
3) and actually thank you I learned something. I thought you could only use zfs for raids, not for single drives so there's that.
I'll try to reinstall 25.7 with zfs over the weekend and do the tunables, then try to update 25.7.2. Thanks for helping a frustrated old man.
The tunable to disable PCID (vm.pmap.pcid_enabled=0) is only needed in some cases, as it's off by default in recent versions of FreeBSD (since 13.2 apparently (https://www.reddit.com/r/freebsd/comments/12cdl65/comment/jfi1udr/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)). I guess it depends how long ago the system was installed.
OPNsense moved to the FreeBSD 13.2 base in 23.7 (Community) / 23.10 (Business).
The N100 was launched in January 2023, so if this bug is impacting then my guess is it falls into one of these scenarios:
- Early production unit with initial OPNsense install using pre-23.7 image.
- Transplanted OS disk from an earlier installed system, or installed with an earlier downloaded pre-23.7 image.
- Config import explicitly passing along the enabled tunable (vm.pmap.pcid_enabled=1)
That's one possible cause of UFS corruptions.
There are reports of earlier intel microcode causing issues as well and people have had luck with uninstalling the microcode and re-installing it afresh. I'm not sure what that's about...
Single user mode, start there. Look in the log files to see what's not happy.
A boot that leads to a reboot ........... hmmmmm, are there any .core files on the disk?
Did you happen to save a config before upgrading?
I would suggest to be more investigating and less criticizing. I have several of N300 (stronger version of N100) and for whole time only one issue with platform (not updating EFI bootloader) got me to unusable state. Every update smooth like hell. But if you want to raise problem and get feedback what to perform to solve issue phrases like "PLEASE FOR THE LOVE OF GOD!!!" wont help at all. Post screen, logs, console output etc. to get to the point and to get solution. If your box is sensitive to software issues, follow best practice of having 2 (they are cheap like hell) and setup either flow TEST and PROD, or HA to prevent your internet to be disconnected.
Well, to be fair I did post this after trying to work on this n100 for about 10 hours with no success. But yes, I did write this thread with a hot head so. Anyway, that being said, I did install the platform using zfs and putting those tunables in first and rebooting before upgrade. Went smooth without a hitch. Thanks for the link meyergru.
Hello,
could you please share what those "3 tunables" are and what you changed? I seem to be missing something. I also use N100 with ZFS any my attempts to upgrade failed 1 week ago - since I haven't heard of single user mode before and rolled back, I simply don't know.
I spent the day figuring stuff out for the N100 I have. I moved from UFS to ZFS on a fresh install and was able to restore my config. Here are the tunables and another idea that franco mentioned in a different thread:
N100 tunables
system>settings>Tunables
vm.pmap.pcid_enabled=0
hw.ibrs_disable=0
vm.pmap.pti=1
Also for N100:
Drop to the console and do
# pkg install os-cpu-microcode-intel
and reboot to activate...
# opnsense-shell reboot
(from https://forum.opnsense.org/index.php?topic=48343.0)
I'm also thinking "what the actual f", my system has been nuked twice in two days. One by upgrading, the other by installing a plugin. How is it this unstable?
Don't we have that question in common? Do you expect the developers to also open forum threads asking WTF is going on with that hardware we don't even have for testing? And if we had it if we could do anything to solve it? Shall we check the compiled code for errors? Are there even errors in the compiled code? Do you have any answers for us? Please, do let us know.
Cheers,
Franco
Thanks for this - I thought I was going mad until I did what what open sourcers should always do and go to the discussion.
Yes - n100 is cheap hardware - but typically it works and after these fixes I expect it will happily work until another upgrade or two.
I now have a spare nvme as a backupp as I thought it was my hardware :-)
As the thankful recipient and user of open sourced software I am happy to perform the role of beta tester to iron out bugs - comes with the territory.
And I might add the fix is usually a lot faster than COTS software. Thanks OPNsense developers.
I've opted for zfs instead of ufs and will try the updates tomorrow (my wife insists that I keep it fixed atm so she can watch netflix)
quote author=ewtaylo link=msg=245909 date=1756435941]
I spent the day figuring stuff out for the N100 I have. I moved from UFS to ZFS on a fresh install and was able to restore my config. Here are the tunables and another idea that franco mentioned in a different thread:
N100 tunables
system>settings>Tunables
vm.pmap.pcid_enabled=0
hw.ibrs_disable=0
vm.pmap.pti=1
Also for N100:
Drop to the console and do
# pkg install os-cpu-microcode-intel
and reboot to activate...
# opnsense-shell reboot
(from https://forum.opnsense.org/index.php?topic=48343.0)
[/quote]
and patched after reinstall with zfs - all good now
Hello all
I assume all this discussion about N100 and UFS filesystem is a general recommendation for bare metal installations as well as for Proxmox VM?
As proposed in this thread, I newly installed OPNsense 25.1 in a new Proxmox VM with filesystem ZFS and successfully upgraded to 25.7. Thank you for sharing your experiences here!
When I initially installed OPNsense, I read that it is NOT recommended to use ZFS in a Proxmox VM because ZFS is already used for the Proxmox host.
regards
Quote from: boku on September 01, 2025, 02:20:33 PMWhen I initially installed OPNsense, I read that it is NOT recommended to use ZFS in a Proxmox VM because ZFS is already used for the Proxmox host.
I beg to differ: https://forum.opnsense.org/index.php?topic=44159.0
Quote from: meyergru on September 01, 2025, 03:08:25 PMQuote from: boku on September 01, 2025, 02:20:33 PMWhen I initially installed OPNsense, I read that it is NOT recommended to use ZFS in a Proxmox VM because ZFS is already used for the Proxmox host.
I beg to differ: https://forum.opnsense.org/index.php?topic=44159.0
Your articles should be taught in college level courses about OPNsense.
Quote from: meyergru on September 01, 2025, 03:08:25 PMQuote from: boku on September 01, 2025, 02:20:33 PMWhen I initially installed OPNsense, I read that it is NOT recommended to use ZFS in a Proxmox VM because ZFS is already used for the Proxmox host.
I beg to differ: https://forum.opnsense.org/index.php?topic=44159.0
Fantastic HowTo - thank you very much, I will wipe it out and install it again