Messages

.....
Anyone have any suggestions.  Sent the logs to Opnsense via the issue reporting dialog.  This is the only firewall I use at home and dropping internet every 12 hours (and having to power cycle) is a real bummer. 

Can you post the output of this command please:

Code Select Expand

  ls -ltrh /var/crash

Export your config and install from scratch. If your setup is not overly complex you can install from the 25.1 beta ISO and get an update early next week to 25.1.rc1. Else go for 24.7.

As a general rule, stop enabling FreeBSD repos or you'll experience breakage more often than not.

And just to be clear, that remote FW will have to be reinstalled on site to either 24.7 or 25.1, and you'll get access back to it once the configuration has been imported on it.

You can try reverting, and open an issue with Crowdsec about this.

Code Select Expand

# opnsense-revert crowdsec

I was wondering if these IKE patches from yesterday would help, but it seems I'm either missing some other patch or they need more tweaking, so I'll undo it for now.

Code Select Expand


 # opnsense-patch e8f6a825b75c6a38183e98e24fa4139e2070a89c e58197e5a5dc686671b115f4e7efad4aaedb523d 88530c33dfb3be4c7c0396b275054deb11dec467

When reloading services this message appears:

Code Select Expand

Generating /etc/hosts...done.

Fatal error: Uncaught OPNsense\Base\ModelException: class OPNsense\IPsec\FieldTypes\IKEAddressField missing in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:158
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(205): OPNsense\Base\BaseModel->getNewField('OPNsense\\IPsec\\...')
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(278): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#2 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(299): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#3 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(385): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#4 /usr/local/etc/inc/plugins.inc.d/ipsec.inc(204): OPNsense\Base\BaseModel->__construct()
#5 /usr/local/etc/inc/plugins.inc(112): ipsec_devices()
#6 /usr/local/etc/inc/interfaces.inc(634): plugins_devices()
#7 /usr/local/etc/rc.reload_all(53): interfaces_configure(true)
#8 {main}
  thrown in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php on line 158

*** OPNsense.localdomain: OPNsense 25.1.b_108 (amd64) ***

 

Negative, static routing is not enabled.

On OPNsense 25.1.b_108 there's no IPSec Phase 2 anymore on 3 FWs - no change in the configuration on any prior to the upgrade to the -devel version. Things were also fine on 14.2 K&B with the packages from 24.7

Also on one FW which has policy routing (almost) nothing works anymore on the main VLAN, all the policy routed traffic is ignored and is sent out an arbitrary openvpn GW.

Good to hear, please mark the thread as [Solved]

If reinstalling the kernel fixes it for you there's no need to reinstall.

After reistalling the kernel if still having issues you could try reinstalling syslog-ng

Code Select Expand

pkg install -f syslog-ng

See, that's why details matter... :)

Don't use Cicada, use the official OPNsense theme. Cicada may not have been updated for 24.7/24.10

Did you try resetting the dashboard after the last update ? Browsers used ? Browser extensions ? Anything useful showing up in the browser console ? (Ctrl + Shift + i)

Without providing some useful information there's hardly anything that could be done other than guesswork.

Are you using the latest firmware on the GPON ?

The IPs may have changed. I would recommend using dynamic dns entries on both ends so that no matter when the IP changes on either side you're only 5 minutes away max from the tunnel(s) coming back online.

What drivers are you using ? SSH in and post here the information you see in ( ) next to LAN and WAN interfaces.

If you're seeing the dots then you need to simply wait for it to complete, then a few more minutes for the installation and reboots and you'll be on 24.7, then one more update to get on the latest 24.7.11.

Depending on how speedy your machine is the 24.7 upgrade process - once it finished downloading - can take anywhere from 5 to 20 minutes. Try to watch it unfolding if you have a monitor or serial cable and don't rush to reset/force reboot it while it is in the middle of the upgrade process.

Do a healthcheck and post the output here.