OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: MakesSense on January 30, 2018, 07:28:15 am
-
First of all, thank you for a brilliant product. I've been using it for a couple of weeks and I'm very impressed by it. Keep up the good work!
One thing I found though with the new relese 18.1, is that my IDS rules are not updating (as they did with r1 and r2).
-
Confirming. Manual updates looks like don't work. The cron job however looks like updates the rules.
Although there is some activity in the logs for manual updates:
Jan 30 08:44:23 configd.py: [445e92fb-c6b3-47fe-b075-9a1b380ce59e] get suricata daemon status
Jan 30 08:44:23 configd.py: [97439034-a58f-4abe-9782-0369281f2184] request installable rules
Jan 30 08:44:23 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] returned exit status 1
Jan 30 08:44:22 configd.py: [61b9da38-f1ac-4d56-93e7-fe53c23bd23e] update and reload intrusion detection rules
Jan 30 08:44:22 configd.py: generate template container OPNsense/IDS
Jan 30 08:44:21 configd.py: [c0d69b33-fcb7-45bf-8a28-aff7d6f7465a] generate template OPNsense/IDS
Jan 30 08:44:16 configd.py: [b02986fa-a9ec-499e-95cf-7ff878de4ed5] request installable rules
Jan 30 08:44:16 configd.py: [8454b92b-da7e-4cf9-bf16-a428f406b609] request installable rules
Jan 30 08:44:14 sshlockout[1370]: sshlockout/webConfigurator v3.0 starting up
Jan 30 08:44:14 configd.py: [8832dd6b-c72a-41ea-954a-1456992fab78] get suricata daemon status
Jan 30 08:44:06 syslogd: kernel boot file is /boot/kernel/kernel
-
It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:
pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz
And retry the update?
-
Yep, this fixed it.
Thank you!
-
Looks like an issue in py27-cryptography instead, which we didn't catch in our image build due to the code freeze. In theory, 18.1.1 will start working again automatically.
Cheers,
Franco
-
It looks like an issue with py27-openssl, can you try to revert this package to the previous version using:
pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz
And retry the update?
Thanks, this solved it for for my 'ET open' rules.
However my 'abuse.ch' rules and some of my 'Snort' rules are still not updating:-(
-
Didnt worked for me :(
-
I finally got all the rule sets down after a few more go's.
Thanks for the help!
-
The progress of ruleset updates in the UI is a bit awkward, usually, it's a good idea to run the update and then wait a little for the next one :)
-
I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.
-
I tryed to download/update it via cron job. But that didn't work either.
-
I can confirm, that it's not possible to manually download the rules. I had to install a fresh opnsense 18.1 after trying to update via GUI from 17.7.
Then I tryed to download the IPS rules, but nothing happens.
Did you try the quick fix:
pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/17.7/latest/All/py27-openssl-17.3.0.txz
Worked for me:-)
-
Please be careful, you need to match your architecture and crypto flavour. The link is for amd64/OpenSSL only.
Cheers,
Franco
-
Yes, it fixed it. THX
-
I'm on LibreSSL.
It fixed it for me as well. But I forgot about this and updated the reverted package, back to 17.5 and of course it isn't working ::)
py27-openssl 17.5.0 586KiB APACHE20 Python interface to the OpenSSL library
-
Hey, can you try this instead? This is the amd64/LibreSSL package for the real bug...
# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/libressl/All/py27-cryptography-2.1.4.txz
Cheers,
Franco
-
Brilliant, working!
Thank you Franco!
-
Okay, perfect. 8)