OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Headologic on May 14, 2018, 04:34:30 pm
-
Hello Guys,
today, i saw, that one of our firewalls are on a older version (17.7.11). Now, i want to move to a newer version...
I try the update from the GUI. First the OPNsense has made an update to the 17.7.12 without reboot.
Then, as usual, I had to "unlock" the upgrade to 18.1 in the GUI to be able to install the latest version afterwards. After the upgrade, OPNsense will restart automatically, but after login, OPNsense shows me the version 17.7.11.
The same issue occure, when i try these steps from Shell and running "opnsense-upgrade", "pkg update -f" or rather with "opnsense-update" and type "18.1". In addition, the upgrade via the menu item "12" for a "Upgrade" do work, but after a new reboot, it will boot with 17.7.11 again :-/
What I also noticed is that the configuration does not contain the latest changes after each restart.
This machine is a APU1D4 with 16GB SSD-Storage, and how the name describes with 4GB RAM...
What can I do, to resolve this problem and switch to a new secure platform?
Cheers Mikele
-
Hi Mikele,
Did you install any manual ports or FreeBSD packages? We had such an issue with additional Python 3 packages:
https://forum.opnsense.org/index.php?topic=7253.0
Some commands inside that thread on how to force it to upgrade anyway.
Cheers,
Franco
-
Hi Franco,
Did you install any manual ports or FreeBSD packages?
there are no additional Python 3 packages. Python 3 isn't installed. Only "python2.7" and "python2.7-config".
The following packages are installed, which have something to do with Python:
- py27-asn1crypto
- py27-Babel
- py27-certifi
- py27-cffi
- py27-chardet
- py27-cryptography
- py27-enum34
- py27-idna
- py27-ipaddress
- py27-Jinja2 2.10
- py27-MarkupSafe
- py27-netaddr
- py27-openssl
- py27-pycparser
- py27-pysocks
- py27-pytz
- py27-requests
- py27-setuptools
- py27-six
- py27-sqlite3
- py27-ujson
- py27-urllib3
- python27
Only one plugin for DynDNS is installed...
root@firewall:~ # uname -a
FreeBSD firewall.example.com 11.0-RELEASE-p17 FreeBSD 11.0-RELEASE-p17 #0 14a0f7db3(stable/17.7): Tue Dec 12 03:19:44 CET 2017 root@sensey64:/usr/obj/usr/src/sys/SMP amd64
root@firewall:~ # freebsd-version -u
11.0-RELEASE-p17
root@firewall:~ #
root@firewall:~ # opnsense-update -sn "18.1\/latest"
root@firewall:~ # pkg bootstrap -f
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.opnsense.org/FreeBSD:11:amd64/18.1/latest, please wait...
No trusted fingerprint found matching package's certificate
root@firewall:~ # sudo pkg upgrade -f
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
pkg: No trusted public keys found
repository OPNsense has no meta file, using default settings
Fetching packagesite.txz: 100% 130 KiB 133.6kB/s 00:01
pkg: No trusted public keys found
Unable to update repository OPNsense
Error updating repositories!
After search this Forum about "No trusted fingerprint found matching package's certificate" i found this thread https://forum.opnsense.org/index.php?topic=4668.0 (https://forum.opnsense.org/index.php?topic=4668.0)
So i run the following "updated" script:
# pkg install ca_root_nss
# fetch https://raw.githubusercontent.com/opnsense/update/master/bootstrap/opnsense-bootstrap.sh
# sh ./opnsense-bootstrap.sh
Now, all seems perfect. But at the point, where the system tries to install / extract pkg-1.10.5 i lost my ssh session.
So, i have to login over the gui and have to enable ssh again, because after every reboot the settings with enabled ssh get lost and i have to reactivitate this ssh-setting. After i run the opnsense-bootstrap-script again, the ssh session stopped at same point at "Extract pkg-1.10.5".
The firewall is at a remote point. We currently can't access directly. We try several ways, but i think, if we fix the error with the always resetted config, we can run the update perfectly...
-
I'm not sure what this is about, because even the bootstrap process does not touch your SSH config.
Check your config history under system: configuration: history for clues.
Cheers,
Franco
-
When i check the config history, there are several entrys. So my idea was, to made the "final" settings with SSH, delete two users i had added some time ago and delete all forerunning configs except the new one.
If i reboot the box, all forerunning configs are back how recovered. The SSH-settings are lost and the two "deleted" users back. After this, i took a look in the system.log.
Some entries appear that indicate an error. But why does the old Config appear again and again despite the new configuration?
May 17 08:32:47 firewall syslogd: kernel boot file is /boot/kernel/kernel
May 17 08:32:47 firewall kernel: OWNER=root MODE=100644
May 17 08:32:47 firewall kernel: WARNING: /mnt: reload pending error: blocks 64 files 101
May 17 08:32:47 firewall kernel: WARNING: /mnt was not properly dismounted
May 17 08:32:47 firewall kernel: tun1: changing name to 'ovpnc1'
May 17 08:32:47 firewall sshlockout[504]: sshlockout/webConfigurator v3.0 starting up
May 17 08:32:47 firewall kernel:
May 17 08:32:47 firewall kernel: re0: link state changed to UP
May 17 08:32:47 firewall configd.py: [a3037013-92fe-464d-a728-e0a0110e3e6f] Linkup starting re0
May 17 08:32:48 firewall opnsense: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'pppoe0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface pppoe0 does not exist'
May 17 08:32:48 firewall kernel:
May 17 08:32:48 firewall kernel: re1: link state changed to UP
May 17 08:32:48 firewall configd.py: [490dd0d9-488f-4502-a919-cf057a1dea9c] Linkup starting re1
May 17 08:32:48 firewall kernel: ng0: changing name to 'pppoe0'
May 17 08:32:49 firewall configd.py: [0edc9e6d-b783-4c48-9227-6840eefa25d7] Rewriting resolv.conf
May 17 08:32:50 firewall opnsense: /usr/local/etc/rc.bootup: Resyncing OpenVPN instances.
May 17 08:32:50 firewall kernel: done.
May 17 08:32:50 firewall kernel: ovpnc1: link state changed to UP
May 17 08:32:50 firewall configd.py: [b2b9e9b4-5e2b-44a9-93da-a3f852798611] New IPv4 on ovpnc1
May 17 08:32:50 firewall configd.py: [0eb60145-5ec6-4d4e-a4d3-ef040453dc29] New IPv4 on pppoe0
May 17 08:32:51 firewall kernel: pflog0: promiscuous mode enabled
May 17 08:32:52 firewall kernel: .done.
May 17 08:32:52 firewall configd.py: [5328beb9-b1ac-4d76-abd4-fbb03804b8c3] generate template OPNsense/WebGui
May 17 08:32:53 firewall configd.py: generate template container OPNsense/WebGui
May 17 08:32:53 firewall lighttpd[666]: (server.c.1412) server started (lighttpd/1.4.48)
May 17 08:32:53 firewall kernel: done.
May 17 08:32:53 firewall opnsense: /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to 82.82.7.107
May 17 08:32:53 firewall kernel: done.
May 17 08:32:53 firewall kernel: done.
May 17 08:32:54 firewall kernel: done.
May 17 08:32:55 firewall kernel: done.
May 17 08:32:56 firewall kernel: done.
May 17 08:32:57 firewall kernel: ...
May 17 08:32:58 firewall configd.py: [4b8e0537-230d-4214-988c-49d97ea67118] generate template *
May 17 08:32:58 firewall kernel: .done.
May 17 08:32:59 firewall configd.py: generate template container OPNsense/Auth
May 17 08:32:59 firewall configd.py: generate template container OPNsense/Captiveportal
May 17 08:33:00 firewall configd.py: generate template container OPNsense/Cron
May 17 08:33:00 firewall configd.py: generate template container OPNsense/IDS
May 17 08:33:01 firewall configd.py: generate template container OPNsense/IPFW
May 17 08:33:02 firewall configd.py: generate template container OPNsense/Macros
May 17 08:33:02 firewall configd.py: generate template container OPNsense/Netflow
May 17 08:33:02 firewall configd.py: generate template container OPNsense/Proxy
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Sample
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Sample/sub1
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Sample/sub2
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Syslog
May 17 08:33:05 firewall configd.py: generate template container OPNsense/WebGui
May 17 08:33:08 firewall opnsense: /usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/dyndns_wan_golfisforoldies_0.cache: x.x.x.x
May 17 08:33:08 firewall opnsense: /usr/local/etc/rc.bootup: Dynamic DNS: (Success) No change in IP address
May 17 08:33:09 firewall kernel: done.
May 17 08:33:12 firewall configd.py: [76bf7f8e-3973-48fe-bcef-3a6a43cef854] generate template OPNsense/Syslog
May 17 08:33:12 firewall kernel: done.
May 17 08:33:12 firewall configd.py: generate template container OPNsense/Syslog
May 17 08:33:12 firewall root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
May 17 08:33:15 firewall kernel: done.
May 17 08:33:20 firewall configd.py: [4dbc5bd8-cd50-4ce3-abd8-fd0757ebb859] restarting cron
May 17 08:33:20 firewall sshlockout[1731]: sshlockout/webConfigurator v3.0 starting up
May 17 08:33:20 firewall kernel: OK
May 17 08:33:22 firewall kernel:
May 17 08:33:23 firewall kernel:
May 17 08:33:23 firewall getty[1805]: open /dev/ttyv2: No such file or directory
May 17 08:33:23 firewall getty[1805]: open /dev/ttyv2: No such file or directory
May 17 08:33:23 firewall getty[1806]: open /dev/ttyv3: No such file or directory
May 17 08:33:23 firewall getty[1806]: open /dev/ttyv3: No such file or directory
May 17 08:33:23 firewall getty[1810]: open /dev/ttyv7: No such file or directory
May 17 08:33:23 firewall getty[1810]: open /dev/ttyv7: No such file or directory
May 17 08:33:23 firewall getty[1809]: open /dev/ttyv6: No such file or directory
May 17 08:33:23 firewall getty[1809]: open /dev/ttyv6: No such file or directory
May 17 08:33:23 firewall getty[1803]: open /dev/ttyv0: No such file or directory
May 17 08:33:23 firewall getty[1803]: open /dev/ttyv0: No such file or directory
May 17 08:33:23 firewall getty[1804]: open /dev/ttyv1: No such file or directory
May 17 08:33:23 firewall getty[1804]: open /dev/ttyv1: No such file or directory
May 17 08:33:23 firewall getty[1808]: open /dev/ttyv5: No such file or directory
May 17 08:33:23 firewall getty[1808]: open /dev/ttyv5: No such file or directory
May 17 08:33:23 firewall getty[1807]: open /dev/ttyv4: No such file or directory
May 17 08:33:23 firewall getty[1807]: open /dev/ttyv4: No such file or directory
May 17 08:36:09 firewall opnsense: /index.php: Successful login for user 'root' from: x.x.x.x
May 17 08:36:12 firewall configd.py: [47fb7cb8-b157-4add-b21a-8321f0f293fc] request pfctl byte/packet counters
May 17 08:36:18 firewall configd.py: [ade9dabe-f468-4289-92a1-44e7a9cdb466] request pfctl byte/packet counters
May 17 08:36:21 firewall configd.py: [a5d5d55a-73c1-4dfc-88d4-1c3a6be851ef] list ssl ciphers
May 17 08:48:27 firewall configd.py: [295e7714-3da2-4ad5-a9cd-190997e59cab] list ssl ciphers
May 17 08:48:33 firewall configd.py: [8c95c3ac-50bd-4789-b817-d18de94d83b7] Reloading filter
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: There is something wrong in your config because user sbtadmin password is missing!
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: There is something wrong in your config because user netbackup password is missing!
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: The command '/usr/sbin/pw 'groupadd' 'admins' -g '1999' -M '0,2000'' returned exit code '67', the output was 'pw: user `2000' does not exist'
May 17 08:48:36 firewall configd.py: [ce78b5f0-8fd1-4d85-8af2-6d694216942f] generate template OPNsense/Auth
May 17 08:48:37 firewall configd.py: generate template container OPNsense/Auth
May 17 08:48:39 firewall configd.py: [2787cb60-2b69-4dee-bac8-2d8e0f007774] restarting openssh
May 17 08:48:40 firewall configd.py: [3b480e09-2710-492f-9fe9-d2a341f6ba72] list ssl ciphers
May 17 08:48:40 firewall sshd[3446]: Server listening on :: port 22.
May 17 08:48:40 firewall sshd[3446]: Server listening on 0.0.0.0 port 22.
May 17 08:48:57 firewall configd.py: [a8fbe8c0-0936-493b-9d63-c632eb6bbf0c] request osfp
May 17 08:49:07 firewall configd.py: [0419cf8c-2a5a-45a8-b78d-dee32cf29a21] request osfp
May 17 08:49:10 firewall configd.py: [3d0d7959-d037-44f2-9cc0-bf9a4ea7f111] restarting cron
May 17 08:49:12 firewall configd.py: [db85f4e5-5c01-4fbe-b3f9-a4882241584a] Reloading filter
May 17 08:49:24 firewall configd.py: [ae7e48cb-48b0-4597-87ae-270e37b6071c] request pfctl byte/packet counters
May 17 08:49:31 firewall configd.py: [f75e2b2b-cdaa-4a7e-895e-5e0177ca950e] request pfctl byte/packet counters
May 17 08:49:32 firewall opnsense: user 'root' authenticated successfully
May 17 08:49:32 firewall sshd[3647]: Accepted keyboard-interactive/pam for root from x.x.x.x port 59831 ssh2
May 17 08:49:37 firewall configd.py: [42c07467-7064-4828-8593-a6d980a4a8f8] request pfctl byte/packet counters
May 17 08:49:43 firewall configd.py: [dbe99114-02c2-4305-85e1-8dafeda54b83] request pfctl byte/packet counters
May 17 08:49:49 firewall configd.py: [fd2e06d6-539c-4451-b843-c7958ff99077] request pfctl byte/packet counters
May 17 08:49:49 firewall opnsense: user 'root' authenticated successfully
May 17 08:49:50 firewall sshd[3817]: Accepted keyboard-interactive/pam for root from x.x.x.x port 51281 ssh2
899eb5745c2] retrieve upgrade progress status
I think, the problem with the config are two errors. The one:
May 17 08:32:47 firewall kernel: WARNING: /mnt: reload pending error: blocks 64 files 101
May 17 08:32:47 firewall kernel: WARNING: /mnt was not properly dismounted
and the other:
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: The command '/usr/sbin/pw 'groupadd' 'admins' -g '1999' -M '0,2000'' returned exit code '67', the output was 'pw: user `2000' does not exist'
I'm starting to think about rebuilding the OPNsense. But I am interested in the error and how to fix it without reinstallation.
-
Hello,
I went to the remote office today and take the OPNsense...after I opened the box, I noticed that I gave wrong information. There was not a SSD inside, but an SD-Card. My Fail, sorry!
So i plug the SD-Card in my Linux-Machine and wanted to access to this. Nothing...
Gparted say me, the card ist not o.k.. I run some tests and realized that the card ist broken.
So i replaced the SD-Card with a SDD, and now its running fine.
I close this thread as solved. Thanks franco for take time to help me...the error was not the error I had hoped for, the error was irreparable. :D
-
Hi there,
Whew, happy to hear. It appeared to be some sort of FS inconsistency, but this makes it clear.
Thanks for the update!
Cheers,
Franco