Messages

I still have two Deciso A10 Appliances running in production with 24.7.12.
I have a third, spare unit also running 24.7.12 which I tried to upgrade to 25.1.
The upgrade fails no matter how I try to get 25.1 installed.

I used Clonezilla to create an image of the 24.7.12 installation. Each of my attempts to upgrade starts from this exact same image.

I tried:
- in-place upgrade via GUI
- in-place upgrade via console
- download 25.1 image, copy to empty SSD using Rufus and install that SSD in the appliance, then boot from it
- boot a live system from USB-Stick using a second USB-Stick having config.xml in a /conf directory (like documentation suggests)

In all cases the system starts to boot but hangs after a few seconds.
In most cases the last lines visible in the serial console show that the connected network interfaces switch state to UP.
I think I saw a line regarding PIO being the last visible. Not sure...

So:
Is 25.1 supposed to run on this hardware ad I'm doing it wrong?
Or is this AMD chipset too old to be supported?

Any help apprechiated.

That worked fine.
Thanks a lot.

While preparing to update from 24.1.10_8 to 24.7.x I'm reading through this forum and find I should adhere to

https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces

and set "System->Settings->Administration->Web GUI->Listen Interfaces" to All (Recommended).
I had it set to LAN since the beginning (2016 I think).

Problem:
No matter which setting I try to change on that page I get
"Certificate webConfigurator default is not intended for server use"
I do not use a certificate in that configuration. Or am I?
I see a "webConfigurator default" certificate under "System->Trust->Certificates" but that has expired more than eight years ago.

Not sure what to do!?

See attached screenshots.

Thanks Franco

I just updated a system from 23.1.2 to 23.1.4_1 and found the following in the update protocol:

Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0

>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.

pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:

python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed

>>> There are still missing dependencies.
>>> Try fixing them manually.


Anything I need to worry about?
Is there something I need to do?

 :)

I just read that FreeBSD 12.1 has some issues with its TCP/IP stack that make it vulnerable for Remote Code Execution attacks that go by the name of NAME:WRECK.

I'm alarmed as we use OPNsense 21.1.4 to secure our company network.
Do I need to worry?

I have two Deciso A10 appliances. One with a GX416RA SOC, the other has a GX415GA SOC.
The first one is currently active, the second one should provide some redundancy (cold stand-by).
So I want to export the config of the GX416 and load it into the GX415.
As I already found out I have to rename the network interfaces from igb0 to em0 etc.

Now when testing I can connect to the stand-by machine and I see that its WAN interface is connected to the internet.
But not a single data packet is moving from LAN to WAN and vice versa.

What else do I need to change in the config?

This setting is switched on.
So IPv4 is preferred.

not sure what auto-detect does, but can you try setting the gateway address instead?

in https://forum.opnsense.org/index.php?topic=13456.0 there was a similar problem, and setting the gateway address seems to have solved it.

The problem in the topic you mention seems a bit different from mine.

Well, according to the help available (Info button) I should not change this value for non-WAN interfaces.
Thanks anyways

Well what I found by adding a test machine into the BBB network is this:
The root of the problem is not inbound NAT.
It is a routing problem from BBB to WAN. No packets going that way.
The BBB related entries in System/Routes/Status look fine (Similar to the LAN entries).
I have a firewall rule in place for the BBB network that allows anything.

I have not done anything special regarding gateway configuration.
IPV4 Upstream Gateway is set to Auto-Detect.

Call me stupid, maybe I am.
But this did work before in 20.1.3.

Where should I look?

Stefan

Bart,
maybe I did not express myself as clear as I should...
We host the conference system ourselves. On company premise on our own hardware behind OPNsense.
Right now I can't do any further tests because of this:
https://forum.opnsense.org/index.php?topic=16764.0

Thanks for your help
  Stefan

Bart,
don't know if your question goes in my direction but anyways, here I go:
According to the documentation of my conference system (BigBlueButton) I do not need a STUN server if the firewall's WAN interface has a fixed IP. In that case I can hardcode that IP in one of the configuration files instead of STUN server address and port. That's what I have done. Maybe that is not enough if clients are behind a router.

Stefan

Sorry, I cannot help, I'm just seing a similar problem here.

In the office I'm running a conference server (audio, video, whiteboard, chat and so on) behind an OPNsense firewall.
I can connect to the system itself just fine (well at least I could until I ran into the problems mentioned here yesterday).
No matter what connection path login works and whiteboard can be used. Chat system works.
But audio (SIP/RTP) and video (WebRTC) do not work when I try to connect from my home office where I am behind a AVM DSL router (Fritzbox).
Neither PC, nor iPad or iPhone can use audio/video when connected to the Fritzbox WIFI.
That same iPhone works fine when I shutdown WIFI and connect via LTE.
And the iPad works fine as soon as I use the iPhone as mobile hotspot with the phone.
The PC can connect from my homeoffice WIFI if I connect to the company network via OpenVPN (OPNsense road warrior setup).

In short everything using TCP works. UDP is the problem.
The problem looks very similar to yours. Difference being my homeoffice is just behind a AVM Fritzbox instead of a second OPNsense.

Just my 2 cents.

Stay safe everyone
Stefan

After the update to 20.1.4 I seeing some NAT problems.
This is on a Deciso DEC2630 or DEC2640 device.
I have two internal -  physically seperated - networks. LAN on igb0 (172.16.30.1/16) and a new one called BBB on igb2 (172.31.30.1).
WAN is on igb1 with a fixed IP.
I have some NAT rules to 172.16.x.x which are all LAN clients. These still work.
And I have some rules to 172.31.0.2 which is a server in the BBB network. These do not work anymore after the update. The server itself is listening to all ports, I checked that from behind the firewall. Coming in over WAN I only get connection timeouts (10060).
I double ( and triple) checked my rules. They look good and unchanged.

Any changes in the last update that could cause this trouble?

Is there an easy way back to 20.1.3 to do some cross checks?

Regards, stay safe
Stefan