OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: manuel on January 09, 2019, 07:12:07 am

Title: Update to 18.7.10 broke my WAN Interface on apu2
Post by: manuel on January 09, 2019, 07:12:07 am
Hello friends
I'm having two different opnsense installation in two different location each on a apu2d4 which are both connected to a cable modem and the same provider. One box was update to 18.7.10 automatically this Monday 7th January. The second box still has 18.7.9 installed and is working fine.

After updating to 18.7.10 I don't get anymore an IP address on the WAN interface from my provider via DHCP. If I reboot the firewall and go to the dashboard I can see an IP from the range of my provider for a couple of seconds. After that, the IP is gone and I have only 0.0.0.0 and at the end there is no IP at all.

I rebooted opnsense several times and also my cable modem. No luck. I also tried to downgrade with

opnsense-revert -r 18.7.9 opnsense

but then I only get a

Fetching opnsense.txz: .. failed

I checked the release notes from 18.7.10. There are some changes in the code for the interfaces.

I attached my kernel message log and also some ifconfig commands. igb0 is my internal interface and igb1 for WAN.

Thank you very much for your help.

Regards Manuel
Title: Re: Update to 18.7.10 broke my WAN Interface
Post by: nubert on January 09, 2019, 07:42:24 pm
I have the same problem after upgrading to 18.7.10 on my apu2 board. :-(
Title: Re: Update to 18.7.10 broke my WAN Interface
Post by: manuel on January 09, 2019, 09:42:08 pm
Hello
Made a fresh new 18.7 installation this evening restored backup and WAN IP seems to be stable. How can I now update from 18.7 to 18.7.9. The GUI wants to upgrade directly to 18.7.10. I can't select 18.7.9.

I even tried on the shell with opnsense-upgrade -r 18.7.9 but even then it seems that it will go directly to 18.7.10.

Code: [Select]
root@OPNsense:~ # opnsense-update -r 18.7.9
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (101 candidates): 100%
Processing candidates (101 candidates): 100%
The following 85 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py27-yaml: 3.13
        squid3: 3.5.28_1
        radvd1: 1.15

Installed packages to be UPGRADED:
        ...
        pcre: 8.42 -> 8.42_1
        os-dyndns: 1.8 -> 1.11
        opnsense-update: 18.7 -> 18.7.10
        opnsense-lang: 18.1.7 -> 18.7.8
        opnsense: 18.7 -> 18.7.10
        openvpn: 2.4.6_1 -> 2.4.6_3
        openssl: 1.0.2o_4,1 -> 1.0.2q,1
        openssh-portable: 7.7.p1_6,1 -> 7.9.p1_1,1
        openldap-sasl-client: 2.4.46 -> 2.4.47
        ntp: 4.2.8p11_2 -> 4.2.8p12_3
        ...

Thank you for your help.

Greetings Manuel
Title: Re: Update to 18.7.10 broke my WAN Interface
Post by: Mr.Goodcat on January 09, 2019, 09:51:47 pm
Hello friends
I'm having two different opnsense installation in two different location each on a apu2d4 which are both connected to a cable modem and the same provider. One box was update to 18.7.10 automatically this Monday 7th January. The second box still has 18.7.9 installed and is working fine.

After updating to 18.7.10 I don't get anymore an IP address on the WAN interface from my provider via DHCP. If I reboot the firewall and go to the dashboard I can see an IP from the range of my provider for a couple of seconds. After that, the IP is gone and I have only 0.0.0.0 and at the end there is no IP at all.

Can confirm the issue on an Intel (Celeron plus NIC) box. However, I was lucky enough to get a stable connection after a few reboots to perform the downgrade to 18.7.9.
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 10, 2019, 09:32:34 am
Hi guys,

This works...

# opnsense-revert -r 18.7.9 opnsense

This does NOT work for stable package updates...

# opnsense-update -r 18.7.9

Upgrading from a lower version of 18.7 into 18.79 works by selecting the firmware flavour manually:

"18.7/MINT/18.7.9/OpenSSL" or "18.7/MINT/18.7.9/LibreSSL"

This will NOT downgrade a 18.7.10.

That being said the reports are strange: is this a driver issue? configuration code? No logs?

All I can gather is so far is that WAN DHCP does not keep its designated IP?

18.7.9 -> 18.7.10 interface changes...

o interfaces: only show name servers offered by individual link in status page
o interfaces: DUID-LL generator fix (contributed by Team Rebellion)
o interfaces: show disabled and virtual interfaces in groups
o interfaces: change wireless page interface iterators
o interfaces: change LAGG page interface iterators
o interfaces: remove unused get_dns_servers()
o interfaces: assorted code cleanups

All of these are not related to DHCP, WAN or startup.

That being said, I'm not sure where to start looking...


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: manuel on January 10, 2019, 10:35:04 am
Hello Franco
Thank you very much for your explanation.

# opnsense-revert -r 18.7.9 opnsense

Didn't work for me and produced a

# Fetching opnsense.txz: .. failed

Maybe because of missing internet connection?

I still don't get the point how to upgrade from 18.7 to 18.7.9 now. Sorry about that.

Yes you're right, WAN DHCP does not keep its designated IP. That's the problem.

I also checked system.log after upgrading to 18.7.10 but couldn't see any hint why WAN is losing its IP address. Unfortunately I had to go back to 18.7 because I can't live without internet and I don't have another apu2 to play with.

Maybe someone else could provide more info out of log files to investigate this issue.

Thank you very much for your help I'm really a big big fan of opnsense! Very good work.

Greetings Manuel
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 10, 2019, 10:48:26 am
Hi Manuel,

Yes, fetch fails so no Internet for opnsense-revert.

Go to System: Firmware: Settings, select flavour "(other)" and add this:

18.7/MINT/18.7.9/OpenSSL

Save and check for updates... it'll upgrade to 18.7.9 because that mirror location was fixed. It corresponds to:

https://pkg.opnsense.org/FreeBSD:11:amd64/18.7/MINT/

Where you can selectively pick all current releases. opnsense-revert also uses these directories.

Normal updates use a symlink to the latest version instead so when 18.7.10 is out it doesn't see 18.7.9 anymore.


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: manuel on January 10, 2019, 12:26:50 pm
Hello Franco
Thank you for your detailed answer. I'll try this this evening.

Really appreciate your help and work.

Greetings Manuel
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 10, 2019, 03:37:40 pm
No worries and thanks for your help on tracking this down too.


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: abraxxa on January 11, 2019, 02:02:37 am
It kinda did the same for me but only IPv6 gateway monitoring via dpinger seems to be broken as the IPv6 connectivity itself works.

The log message every seconds reads:
Quote
dpinger: WAN_SLAAC fe80::7281:5ff:fe7e:580%pppoe0: sendto error: 65
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 11, 2019, 04:15:02 pm
In another thread a similar problem was reported oddly enough pointing to Unbound and a probable form of DoH or TLS usage.

https://forum.opnsense.org/index.php?topic=10958.0

Try reverting this commit:

https://github.com/opnsense/core/commit/3d8fd0088a

# opnsense-patch 3d8fd0088a


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 11, 2019, 06:54:37 pm
One step sideways... are you guys using Suricata in IPS mode on said interface?


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: abraxxa on January 11, 2019, 07:46:56 pm
I don‘t because of problem but plan to try again with 19.1.
We should the dns server habe anything to do with dpinger? Note not apinger!
I reconfigured the WAN interface from SLAAC to DHCPv6 which fixed dpinger.
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: Mr.Goodcat on January 11, 2019, 11:05:43 pm
One step sideways... are you guys using Suricata in IPS mode on said interface?

No Suricata whatsoever. I'll probably try the update again tomorrow and see what the system log says.
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: manuel on January 12, 2019, 01:00:01 pm
Hello Franco
Yes, on my box IDS and IPS is enabled on WAN interface only.

Managed to update from 18.7 to 18.7.9 and WAN problems are gone. My internet connection to ISP is stable since some days.

Sorry that I can't assist you anymore but I couldn't find any error entries in dmesg or system.log when loosing IP address on WAN interface igb1.

Regards Manuel
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 12, 2019, 01:54:10 pm
@Manuel,

Thanks for confirming. We are suspecting the Suricata update to 4.1 caused this for IPS mode only, IDS should be ok. We'll push this to the Suricata people for help.

@Mr.Goodcat

Thanks, more data will be good here. It could be a separate issue.

@abraxxa

I think you are talking about another issue that is outside the scope of this thread...


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: Mr.Goodcat on January 12, 2019, 04:54:29 pm
@Mr.Goodcat

Thanks, more data will be good here. It could be a separate issue.

This time the update applied flawlessly. So the box survived several reboots and the connection remains stable. Maybe it was just a freak update issue? Anyways, thanks for your efforts!  :)
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: franco on January 13, 2019, 11:14:08 am
Alright, glad to hear. 8)


Cheers,
Franco
Title: Re: Update to 18.7.10 broke my WAN Interface on apu2
Post by: peat588 on January 13, 2019, 07:08:10 pm
I have the same issue, all seems fine, I get the correct gateway and ip but I get no route to host to the internet.

I'll try reverting the update.

Edit: Managed to get things going, rebooting my cable modem solved the issue. Not sure how it's related, hopefully it can help someone else with this issue.