I've just completed the 26.1 upgrade from the last version of OPNsense.
I watched the first reboot by checking ping responses and then reconnected to the UI.
Shortly after I have lost all connectivity, even when sat on the same LAN. SSH is not responding.
I assume this is firewall rule related. How can I reset the rules from console to restore access?
Any console output? Wouldn't assume anything without info. Rules behaviour hasn't changed.
Cheers,
Franco
Continuous
netmap_transmit igc3 drop but that needs checksum
Sounds like intrusion detection or Zenarmor active? Not sure if this is the issue, but it can cause traffic drops.
Cheers,
Franco
Well that was quite a scary upgrade!
Luckily I had a snapshot but foolishly overwrote the snapshot with another attempt at an upgrade.
Franco, you are quite right, I do have Zenarmor installed but don't use Suricata.
The interfaces that netmap_transmit was flooding the logs alternate between igc3 and igc5. Just so happened to be the ones Zenarmor protect.
After the upgrade, I managed to access the UI from another interface and checked Zenarmor. It was complaining that I seem to have enabled hardware offload - I can guarantee I hadn't!
Anyway, what fixed everything was changing "VLAN Hardware Filtering" from "Leave default" to "Disable VLAN Hardware Filtering"
We changed the location of the hardware disables in the config.xml... I assume Zenarmor is still reading the old one.
We did, however, flip the default for "Disable VLAN Hardware Filtering". I'm not sure if there is a bug in the migration but I'll take a look for sure.
I'll move this to the Zenarmor forum for more visibility.
Cheers,
Franco
Can you send me the diff shown in System: Configuration: History for the latest "run_migrations.php" change? Best via mail to franco AT opnsense DOT org.
Thanks,
Franco