Hello everyone,
I currently have a reproducible issue with OPNsense on a PC Engines APU2D4 and would appreciate any hints or similar experiences.
## Hardware / Setup
* PC Engines APU2D4
* Serial console only (no VGA)
* mSATA SSD
* FreeBSD base installation with GELI encryption
* Afterwards bootstrapped to OPNsense
## Initial Situation
The system previously worked fine with OPNsense 25.7.
The upgrade to 26.1 was performed from an existing FreeBSD installation using:
opnsense-update -ur 26.1
pkg upgrade
The upgrade process itself completes successfully without errors.
---
# Problem
After:
* successfully upgrading to 26.1 with 3 reboots
or
* performing a completely fresh FreeBSD - OPNsense 26.1 (bootstrap) installation and restoring my old configuration
the system gets stuck during the boot process.
Without restoring the config on fresh FreeBSD - OPNsense 26.1 (bootstrap) installation, it boots normally.
But with restored config:
* GELI unlock works
* boot messages continue normally
* output then appears to stop at:
amdtemp0: found 4 cores and 1 sensors
---
# Important Findings:
After additional testing, the system also seems to not be completely frozen on newer versions.
If I:
* install a fresh FreeBSD + OPNsense 25.7
* then restore the same old config
the APU2 shows EXACTLY the same behavior at serial:
* console output appears to stop at `amdtemp0`
HOWEVER, with the older 25.7 version:
* network interfaces are initialized correctly
* the WebGUI is fully reachable
* routing/firewall functionality works normally
This strongly suggests that:
* the serial console and/or
* console login / getty / tty handling
stops working correctly after restoring the configuration.
---
# Additional Observations
* newly attached USB devices are still detected
* corresponding kernel messages continue to appear on the serial console
* the kernel/system itself therefore still appears to be running
On OPNsense 26.1 additionally (with also old config restore:
* no reachable interfaces/WebGUI
* possibly an additional issue related to config/plugins/interface mapping
---
# Additional Important Information:
During the original FreeBSD installation I enabled all optional security hardening settings offered by the installer, including:
* hide_uids
* hide_gids
* hide_jail
* procfs restrictions
* read_msgbuf
* random_pid
* additional sysctl/hardening options
(Possibly relevant regarding tty/getty/login/serial console behavior.)
---
# Current Suspicions
At the moment I suspect a combination of:
* serial console/getty issue
* old console/TTY settings in config.xml
* possible plugin incompatibility
* old interface/VLAN mapping
* FreeBSD 14 / OPNsense 26.1 interaction on APU2
* possible interaction with enabled FreeBSD hardening options
Currently the behavior looks more like:
* console/login broken plus some init issues or something else during startup
rather than:
* a complete system freeze.
---
# Planned Analysis
Next I plan to:
* boot the system with the restored config until the apparent "hang"
* power it off
* boot the mSATA in another machine
* analyze logs and config.xml there
=> however, as a FreeBSD beginner, recovering/debugging FreeBSD bootloader issues is still somewhat tricky for me and can take some time
Relevant files are probably:
/var/log/system/latest.log
/var/log/boot/latest.log
/var/log/configd/latest.log
/conf/config.xml
---
# Questions
1. Has anyone experienced similar issues with
* APU2
* serial console
* restored configs
* OPNsense 26.1
* FreeBSD 14?
2. Are there any known issues involving
* old console/TTY settings
* plugins
* getty/serial login
* restored config.xml on 26.1?
3. Could the enabled FreeBSD hardening options be relevant here?
Thanks in advance