Messages

"force down" isn't about fbsd at all, it's a sense thing that came to be with the gateway monitoring and is effectively labelled incorrectly. It's more of a "do not use for automation" flag with the twist that it blanks the status for the gateway. Won't be easy to clean this up.  ;)


Cheers,
Franco

> I have the same problem

I don't?  :)

If you're not using static ARP and the neighbor is found via ARP it's not going anywhere.


Cheers,
Franco

If you have a concept for it you can open a ticket and see.

For now I noted your wish, but would like to hear from others in unrelated topics, too. So far this is the only one I've heard.


Cheers,
Franco

Hey,

Already saw your Reddit post.  The plugin has a hook for bootup-time and for newwanip-time reconfiguration.

> Is it possible during boot igmpproxy try to starts before the WAN/LAN interfaces are fully up?

This would be my guess like a hiccup in the initiation sequence.  It's a bit strange that since we do have newwanip reconfiguration that should take care of dynamic scenarios.

The big question is which WAN scenario is this? Plain DHCP, or PPPoE or some sort of DSLite tunneling or VPN trickery?


Cheers,
Franco

Normally they continue to work until reconfigured, but since the recent blocklists changes require to move data around you're more or less forced into a reconfiguration.  In this case the blocklists already stopped working.


Cheers,
Franco

You're not posting your update attempt logs here either.  I'm not sure how to help in that case other than give moral rubber duck support.  ;)


Cheers,
Franco

I tested on 25.7.10 and it adds and deletes the neighbor entry from the configuration.

It likely does not remove the neighbor from the ARP table until a reboot. Static ARP in ISC DHCP may change that if you apply there but that's for historic reasons.  There are upcoming changes related to these topics in 26.1.

So in case I haven't answered your question or bug can you be more precise?


Thanks,
Franco

Great, thank you!  :)

@kozistan the only thing I can think of is that the update stopped after

> socat upgraded: 1.8.0.3 -> 1.8.1.0

but it feels rather weird it didn't even mention removing opnsense package.

But it also looks like the files are there which makes me think you don't have many packages in your local database?

# pkg info | wc -l
     191

Should be somewhere over 100 packages at least.

The easiest way to fix it would be

# pkg install opnsense


Cheers,
Franco

It's out now.


Cheers,
Franco

A hotfix release was issued as 25.10.1_2:

o firewall: clean up rules edit cancel button
o firmware: opnsense-update: remove architecture pinning for -X option
o mvc: FilterBaseController: move shared automation rule logic here
o src: e1000: do not enable ASPM L1 without L0s
o src: e1000: bump 82574/82583 PBA to 32K
o src: if_ovpn: use IFT_TUNNEL
o src: ifconfig: bring back -L for netlink
o src: igb: fix VLAN support on VFs
o src: irdma: fix potential memory leak on qhash cqp operation
o src: ix: add support for debug dump for E610 adapters
o src: netmap: fix error handling in nm_os_extmem_create()
o src: pf: reading rules with a read lock on ioctl
o src: pf: relax sctp v_tag verification
o src: pf: handle divert packets
o src: pfsync: fix incorrect unlock during destroy
o src: rtsold: remote code execution via ND6 router advertisements[27]

[27] https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc

> Is 25.10.1 not affected by this issue?

From your question it seems more relevant that you implied to ask why no business update was issued yet.

Because we have a process to ensure that a business update will be adequately assembled and vetted prior to release. 24 hours is not that much to ask for IMO.


Cheers,
Franco

If someone suggests an elegant way and the relevant use case... sure? But what is the reason?


Cheers,
Franco

This is still pretty strange. The /var/logs/pkg folder has the logs of the previous days too if you can find the day with the non-working upgrade.


Cheers,
Franco