OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: BertM on February 10, 2017, 05:08:26 pm

Title: Several problems with 17.1 - want to go back to 16.7.14
Post by: BertM on February 10, 2017, 05:08:26 pm

This morning I updated one of our firewalls to 17.1.
It is a virtual machine running on ESXi 6.0.

The first thing we noticed was an issue with SNMP. After the SNMP plugin was installed, CPU load was at 100%.
Disabling one of the SNMP options (the one that required MibII) solved that one.

However, later today we encountered the problem that mobile IPSec clients had problems.
Using Shrewsoft VPN client, they were able to establish the VPN tunnel. After playing around a bit, they noticed that, although they could PING the terminal server they wanted to connect, they could not establish the RDP session.
I played around with several settings, but to no avail.

Unfortunately, I did not make a snapshot before the update.
Because the matter was urgent, and time was running out, I deleted the firewall, installed a fresh one from the 16.7 ISO, and loaded a config I backed-up in December.
All is up-and-running again, so I am at least allowed to go home for the weekend, but.....

I would like to update to 16.7.14, but whenever I appempt to update, it wants to go to 17.1, and is the version  that caused the problem in the first place, so I don't want to go there.

Is there a way to update to 16.7.14, and not to 17.1?

Kind regards,
Bert

Title: Re: Several problems with 17.1 - want to go back to 16.7.14
Post by: franco on February 11, 2017, 10:22:56 am

Hi Bert,

It won't update to 17.1 unless you type "17.1" in the console. Type "y" instead and upgrade to 16.7.14. The GUI won't ever update to 17.1. I tried to explain it in detail in the release notes.

SNMP bug is known, somewhere in FreeBSD. There is a workaround:

https://forum.opnsense.org/index.php?topic=4297.msg16014#msg16014

IPsec has been partly addressed in 17.1.1.


Cheers,
Franco

Title: Re: Several problems with 17.1 - want to go back to 16.7.14
Post by: BertM on February 13, 2017, 09:51:25 am

Franco,

Thanks for the answer, I just updated it to 16.7.14_2.

In fact, I should have known this because I already successfully updated 5 other OPNsens installations to 17.1.
The weird thing is, by the way, that these all have site-to-site VPNs to various locations, and they all work fine after the update.
This last firewall is the only one that does not have sit-to-site VPNs, but only mobile IPSec clients.

I guess I will just wait before updating this one until 17.1 is released.
(and make a snapshot before update  ;)

Kind regards,
Bert

Title: Re: Several problems with 17.1 - want to go back to 16.7.14
Post by: franco on February 13, 2017, 08:36:51 pm

Hi Bert,

There are some loose ends still, sorry. We're also weighing the option of releasing new images, because of e.g. Hyper-V disks not being available. Hopefully around 17.1.3 or 17.1.4.


Cheers,
Franco

Title: Re: Several problems with 17.1 - want to go back to 16.7.14
Post by: BertM on August 11, 2017, 04:59:57 pm

I tried again with 17.1.4, but It still was not stable.
But.......

I don't know what changed, but last tuesday I tested again with 17.7, and it all works great again.
Last night I updated all our OPNsense installations to 17.7.

Hip Hip Hurray!