Messages

Hey guys,

thanks for the hints!
New installation from scratch, restore config, install plugins and after that upgrading to 25.7.2 worked like charm!

Thank you very much and best regards,
cibomato

Thanks for all these tipps but none of them helped me.
So, my question is:
can I just do a configuration backup of my running 25.7 , install the latest 25.7.2 from scratch and after that just restore from my backup or do I have to first install all plugins, that I'm using and then restore from backup? Or first restore and the install the plugins? What's the process?

BTW: the latest downloadable version is 25.7 (not 25.7.2!?) Will I have the same problems after new installation?

Thanks and best regards,
cibomato

Installed microcode plugin parallel in both ways /boot/loader.conf and /etc/rc.conf but still no upgrade possible. UI said the microcode plugin was misconfigured so i removed it.

Hi Franco,

Since the issue is sort of elusive on the CPU level chances are this affects stability in other ways than ZFS in particular (or any FS generally) so I think the recommendation for the tunable is something to consider for all relevant installs:

vm.pmap.pcid_enabled=0

I've also come to believe that moving way from our previous defaults hw.ibrs_disable=0 and vm.pmap.pti=1 back to FreeBSD's defaults (1 and 0 respectively) may cause some of the currently seen instabilities. Feel free to double check by setting these again on 25.7 and up:

hw.ibrs_disable=0
vm.pmap.pti=1

Sorry that I've captured this thread, don't know how to delete this post...
I've added vm.pmap.pcid_enabled=0 and corrected vm.pmap.pti=1 (was 0) but still it won't upgrade to 25.7.1.1_1
I also tried to install the intel-microcode-plugin (which I hadn't installed yet) but it claims that it'd need upgrade to 25.7.1_1 first, which doesn't work...
Trying to upgrade fails with:

Checking integrity...Assertion failed: (strcmp(uid, p->uid) != 0), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 315.
Child process pid=62294 terminated abnormally: Abort trap
Starting web GUI...done.
***DONE***

Any more iedaes?

Thanks and best regards,
Jochen

Also N100 here...

Hi Franco,

thanks for help! Now it downloads the needed packages but says:

Code Select Expand

...
[12/14] Fetching opnsense-25.7.1_1.pkg: .......... done
[13/14] Fetching py311-duckdb-1.3.2.pkg: .......... done
[14/14] Fetching sudo-1.9.17p2.pkg: .......... done
Checking integrity...Assertion failed: (strcmp(uid, p->uid) != 0), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 315.
Child process pid=97817 terminated abnormally: Abort trap
Starting web GUI...done.
***DONE***
What does that mean?
Could there be a problem with my SSD since some time ago I've read about an input/output error?

Edit:
Huh, seems to be the same error like here: https://forum.opnsense.org/index.php?topic=48340.0

Thanks and best regards,
Jochen

Hi all,

update from 25.7 to 25.7.1 fails with this error:

Code Select Expand

Number of packages to be upgraded: 17

The operation will free 62 MiB.
[1/17] Upgrading abseil from 20250127.0 to 20250127.1...
[1/17] Extracting abseil-20250127.1: .
pkg-static: Fail to set time on /usr/local/include/absl/debugging/.pkgtemp.symbolize_elf.inc.o11NKNgumlh4:No such file or directory
[1/17] Extracting abseil-20250127.1... done
Starting web GUI...done.
***DONE***
Any idea what went wrong?

Thanks and best regards,
Jochen

Hallo zusammen,

ich suche nach einer OPNsense-Hardware für mein Heimnetz. Sollte lüfterlos = leise bzw. lautlos sein, mind. 2*NICs, halbwegs aktuelle CPU m AES-NI, 8-16GB RAM haben und insg. entsprechend energieeffizient sein.

Bin da u.a. auf die Zotac CI331 als Barebone gestoßen. Macht von Specs und Preis her nen guten Eindruck, nur mit den Realtek-NICs scheinen manche Probleme zu haben. Andere aber nicht!?
Soll Wireguard machen, Zenarmor wäre nett (3 Familienmitglieder), ist das realistisch?

Könnt Ihr da was dazu sagen? Wird das mit OPNsense 22.7 prinzipiell besser/schlechter werden?

Vielleicht werde ich aus Gesamtkosten- und Energiegründen OPNsense auch auf einem ebenfalls neu zu planenden Home-Server virtualisieren.

Danke und Gruß,
cibomato

Hi all,

for our school campus (3 big schools) we'll get a new fiber-broadband connection. Additionally we'll keep our existing broadband-cable connection from Unitymedia (Germany).
Loadbalancing between these two connections would be nice to have but isn't subject of this thread. Main connection will be the fiber, because it's 1 Gbit/s symmetric.
But in case that one of the two connections will fail (fibercut or something else), I'd like to achieve automatic WAN-Failover. I'm wondering, how you would do that?

From inside to the internet, this could be done with OPNSense or - since the different schools use different firewalls - with a common used router in front, that does the WAN-failover, right?

But what about the other way: external access from the internet!?
Each school does have some fix IP addresses for different services (OWA, selfhosted clouds etc.). These IPs won't be transmitted from one (the broken) ISP to the other!
Is DNS-failover the right thing here? To have 2 IPs configured for each domain in the responsible nameserver?
I've read, that there are some obstacles with this setup because some clients would get obsolete IPs from caching DNS-servers and/or because some DNS-Providers won't take care of TTLs...!?
Besides that, one should decrease TTL in this scenario to achieve fast IP-switching but then the nameservers would be quite heavily loaded!?

Or am I completely wrong and one can achieve this on a completely different way?

Any thoughts or experiences?

Many thanks in advance and best regards,
cibomato

Reached 8000! And climbing! Keep up this great work!

Jetzt ist das gerade neu in OPNsense und nun das:
https://www.heise.de/newsticker/meldung/Schutz-durch-Speicherverwuerfelung-ASLR-geknackt-3627176.html


Was ist davon zu halten?

Viele Grüße,

Jochen

Hallo liebe Entwickler,

beim Stöbern durch das WebUI bin ich auf ein kleines kosmetisches Problem gestoßen:
die Installation von Plugins findet sich unter 'System - Firmware - Aktualisierungen - Plugins', sofern ich ein Plugin noch gar nicht installiert habe, hätte ich es intuitiv nicht unter Aktualisierungen gesucht, sondern unter 'System - Plugins' erwartet.
Keine große Hürde aber falls da sowieso evtl. noch was dran geändert werden sollte als kleine Idee..

Viele Grüße,
cibomato

Je nach Aufwand könnte ich mir auch vorstellen, hier mitzuhelfen!

Gruß,
Jochen

You don't have to excuse, just wanted to give a hint.

Hi OPNsense-Team,

the Roadmap at the Homepage still names 16.7 as "upcoming". Is there already an updated roadmap for 17.1?

Cheers,
Jochen