OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: comet on January 31, 2018, 07:35:56 am
-
I have seen so many posts and threads about people having issues upgrading from 17.7.12 to 18.1 that I am wondering if anyone had had a problem free upgrade, and if so, did you need to do anything special? I am still pretty new at this stuff and don't really know how to dig myself out of a hole if the upgrade fails, so if there is a path to success I'd like to know what it is. I do use aliases and I do use port forwarding, but I do not use IPv6, if that makes any difference.
It seems to me that there are three possible options:
- Try to do an upgrade in the normal manner via the web interface, as was done with upgrades of point versions of 17.7. Has anyone had success with this?
- Save the configuration, do a complete install of 18.1 from scratch, then try to import the saved configuration. Since the configuration is saved as a .xml file I wouldn't think this should cause any problems, but still I am wary after seeing so many reports of failure. Has anyone gone this route, and if so, has it worked for you or did you still have problems due to using the imported settings?
- Do a complete install of 18.1 from scratch, then re-enter all the settings manually. The obvious disadvantage here is that I might miss a few important settings, or that if the labels on any settings have been changed, I might not know where to put certain settings from the previous version. Yet it appears this is the only thing that has worked for some users.
I probably won't be doing this until the weekend so I'd just like to know, which of these ways is likely to be successful and which is likely to result in failure, based on the experience of those that have already completed the upgrade? This will be the first major version upgrade I have done since starting with OPNsense, and I don't really know what to expect.
-
Yes, I've had success with items 1 & 2 in your list. I run OPNsense as a VM and the obvious snapshot comes into play here. :)
There was a minor problem in the initial release of 18.1.1 but a hot fix from Franco fixed that. The upgrade via the UI went well and a couple of minor patches afterwards say my firewall firing on all cylinders. I then did an export of my setting and did a clean install because I wanted to make some changes to the VM, install went well and the import of the settings provided a work system, I reapplied the hotfixes and, again, everything is running well.
-
Yes, I upgraded 3 firewalls without a problem, all upgraded via the web interface.
-
If you are concerned about updating just wait for 18.1.1 or 18.1.2, no one is pushing you and there's no actual security threat to update right now :)
-
Did not work for me. I had to install a nano-image, upgrade from 17.7 to 18.1 caused a not starting router.
-
0 issues with my upgrade. Worked flawless and I have use OpenVPN/ExpressVPN and Traffic Shaping rules.
-
My upgrade went smoothly, and the system seems more responsive on 18. Very happy with it so far.
-
Mine failed though the UI with error 19. Will not boot now.
-
Upgraded to 17.7.12_1, then 18.1, through the web interface. Everything seems to be working just fine for me.
- Paul
-
Smooth upgrade from 17.7.12 to 18.1 from SSH.
Running on Fitlet A10.
-
Once the upgrade path from the 17 to 18 series was posted it went without incident for me. Of course since then the 18.1.1 patch was released as well so that's where I am at now, eg current.
Update 2-25-18
While the upgrade process itself went without incident, the system has trouble routing to certain websites. This was confirmed by reinstalling 17.7 as well as using two different linux based firewalls using the same adsl connection, I also tried alternative modems with 18.1.2 to no avail. I covered this in another thread.
https://forum.opnsense.org/index.php?topic=7277.0
-
The upgrade itself worked perfectly fine for me as well. There are a few glitches here and there with some features, but nothing critical. There's no perfect release anywhere :-)
Considering the number of upgraded components (or features if you like), bugfixes and the nature of OPNsense, it's a good and welcomed upgrade IMO.
-
I just completed an upgrade to 18.1, but I'm receiving an error from the Acme-Client supporting Let's Encrypt. I opened a ticket about this issue in 17.7.12 and was told to wait until I upgraded.
-
This one?
[Thu Feb 1 14:58:38 EET 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb 1 14:58:40 EET 2018] _ret='0'
[Thu Feb 1 14:58:40 EET 2018] code='400'
[Thu Feb 1 14:58:40 EET 2018] Update account error.
[Thu Feb 1 14:58:40 EET 2018] _on_issue_err
[Thu Feb 1 14:58:40 EET 2018] Please check log file for more details: /var/log/acme.sh.log
-
Yes, upgrade using the GUI was flawless. However, I’m finding the documentation now doesn’t match the software. Also, I spent a couple of hours trying to set up IPSec and find that it appears user permission assignments are broken. You can edit exiting permissions but not add them because the add button (plus sign) is missing.
-
I want to add that for mission critical software such as this I normally wait for for a few revisions before upgrading but assumed this would be clean and simple because most of the changes appeared to be in functionality I don’t use. . Judging from all th bugs it appears this may have been in error.
-
Two issues for me.
1- NAT didn't work at first, but a patch solved that one
2- Download speed has dropped 50% from previous version.
**** UPDATE ****
Speeds were affected because custom tweaks were removed by the upgrade. All OK now.
-
I want to add that for mission critical software such as this I normally wait for for a few revisions before upgrading but assumed this would be clean and simple because most of the changes appeared to be in functionality I don’t use. . Judging from all th bugs it appears this may have been in error.
I'm afraid that upgrading any software at any stage in it's lifecycle is always a case of caveat emptor and take all suitable precautions. :)
-
I want to add that for mission critical software such as this I normally wait for for a few revisions before upgrading but assumed this would be clean and simple because most of the changes appeared to be in functionality I don’t use. . Judging from all th bugs it appears this may have been in error.
When you say mission-critical devices, you say the buzzword "enterprise class". This includes enterprise-class hardware, software, aaand (drums) support. Did you pay for some of these? Mind you, support cannot be excluded.
Furthermore, you either wait for a few revisions (you actually wait for others to hit the wall / or not) or you don't. There are no exceptions, there can be no exceptions if you think you deployed mission-critical appliances.
But if you paid for mission-critical appliances and support, you don't do the upgrades yourself. You will call and schedule a remote session with the support personnel. It's your choice whether to make it your business or not (to personally execute the upgrade), but usually, you don't make it your business, because if something brakes while the remote personnel works on your device, you're not entirely responsible. And there's the thing that you paid for this kind of support (because otherwise, your appliance is not mission-critical, only in your imagination), so why bother? Did you do this?
-
Page name and screenshot please for easier tracking. I'm not aware of such fundamental changes in the GUI.
Cheers,
Franco
-
This one?
[Thu Feb 1 14:58:38 EET 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb 1 14:58:40 EET 2018] _ret='0'
[Thu Feb 1 14:58:40 EET 2018] code='400'
[Thu Feb 1 14:58:40 EET 2018] Update account error.
[Thu Feb 1 14:58:40 EET 2018] _on_issue_err
[Thu Feb 1 14:58:40 EET 2018] Please check log file for more details: /var/log/acme.sh.log
I had the code '400' as well as now the code '202'
[Thu Feb 1 22:58:49 NZDT 2018] code='202'
[Thu Feb 1 22:58:48 NZDT 2018] _ret='0'
[Thu Feb 1 22:58:48 NZDT 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb 1 22:58:48 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/VPHhSBoLrKHx0v0OFCcDcZXtGPqHPByS19IzOusHVjo/97238858'
[Thu Feb 1 22:58:48 NZDT 2018] POST
[Thu Feb 1 22:58:48 NZDT 2018] payload='{"resource": "challenge", "keyAuthorization": "GnEN-3x5LEaX0JY0MCI2f5CnqqAGZ7UNfCD9G-SQKvk.MWT6TBf_bqAL23Qyf5vMzH8pVfGeuSTTNpd8Lr6fIiI"}'
[Thu Feb 1 22:58:48 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/VPHhSBoLrKHx0v0OFCcDcZXtGPqHPByS19IzOusHVjo/97238858'
[Thu Feb 1 22:58:48 NZDT 2018] code='400'
[Thu Feb 1 22:58:47 NZDT 2018] _ret='0'
[Thu Feb 1 22:58:47 NZDT 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb 1 22:58:47 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/feDqnEOavG71OFJysjupxhnl8xpBGdUP2PKeKdaotY0/97238857'
[Thu Feb 1 22:58:47 NZDT 2018] POST
[Thu Feb 1 22:58:47 NZDT 2018] payload='{"resource": "challenge", "keyAuthorization": "RTqcwn1u5RX1za4U01_4CVIlI3HgHKuejSXW7sTiPgc.MWT6TBf_bqAL23Qyf5vMzH8pVfGeuSTTNpd8Lr6fIiI"}'
[Thu Feb 1 22:58:47 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/feDqnEOavG71OFJysjupxhnl8xpBGdUP2PKeKdaotY0/97238857'
[Thu Feb 1 22:58:46 NZDT 2018] Please check log file for more details: /var/log/acme.sh.log
-
Two issues for me.
1- NAT didn't work at first, but a patch solved that one
2- Download speed has dropped 50% from previous version.
**** UPDATE ****
Speeds were affected because custom tweaks were removed by the upgrade. All OK now.
Can you provide us with those custom tweaks that were removed? It appears that several of us are experiencing performance issues since the upgrade and would like to know what tweaks improve throughput.
-
First off, I only saw a performance reduction when IDS/IPS was enabled.
My specific issues had to do with custom IPS rules and tunables that I had placed in the wrong place and were erased during the upgrade.
As far as the custom IPS rules, I use pass rules to reduce the IPS engine load,
Use the tunable guide in the IPS topics for some improved performance.
One more thing that I noticed is you have to apply the IPS rules again, even if you didn't change anything after the upgrade or anytime suricata updates because the generic suricata.yaml will be used until you hit apply in the rules tab. This will affect your interfaces and engine algorithms used with IPS. The settings migrate ok in OPNsense, just doesn't apply them to suricata.yaml until you hit apply.
-
We upgraded via cmdline successfully.
On the old Alix boards we had to disable tmp & /var ramdisk before and re-enable after because of memory issues. With that the upgrade went smooth (but slow :} )
-
I updated via the GUI, smooth and fast on my box :)
-
Hi,
I am a relative new comer to OPNSense, I have managed to upgrade 2 without issue, they are relatively simple firewalls though (NAT and VPN)
M
-
Waited for 18.1.1 and upgraded directly to that and it appears to have worked fine, no issues at all have been observed so far. Thanks to everyone who responded!
-
I just finished upgrading my install from 17.7.12 to 18.1.1 to 18.1.2_2 with no issues thus far.
Running custom hardware based on an industrial Atom D2550 board, 2GB memory, 4GB SLC SSD. OPNSense install with the Nano image. Upgrade itself took about 20 minutes.