Messages

Thank you for your kind reply Marco,

Can you confirm that it's always possible to make a smooth update starting from older versions (regardless of the starting version)?
Only by clicking update and following the process?
Thanks again.
M

You mean this? https://pkg.opnsense.org/releases/


Cheers,
Franco

Hi Franco & everybody

for better testing of the update process on my ruleset I need to get the older
            OPNsense 19.7.10_1-amd64
            FreeBSD 11.2-RELEASE-p14-HBSD
            OpenSSL 1.0.2u 20 Dec 2019
Can anyone provied it with its sign ?
Thank you
Mik

Thank you, Franco, I was misunderstanding how easy can be.
Good evening.

Hi,
I'm running a fresh install of OPNsense 18.7.4-amd64
I'm not able to connect to it via ssh for the user mik using his certificate while logging as root (also with the same certificate) it works normally (I get the banner and the initial menù).
User mik only the banner (as you can see below) and the connection immediately is closed (by client-side according to the sshd...)
User mik is a member of wheel and admin group while, has the opnsense-shell as login shell (the same as root)
In the privileges, I can't find anything useful to grant access..
What I'm missing or doing wrong ?
thank you !

The settings are the following
      System -> Settings -> Administration

        Secure Shell Server       X Enable Secure Shell
        Root Login             X Permit root user login
        Authentication Method      Permit password login
Here what I get trying to login

      mik@air:~/.ssh$ ssh -i id_rsa mik@10.1.1.206
      Last login: Wed Oct 17 22:18:15 2018 from 10.1.1.111
      ----------------------------------------------
      |      Hello, this is OPNsense 18.7                      |         @@@@@@@@@@@@@@@
      |                                                                    |        @@@@         @@@@
      | Website:   https://opnsense.org/                      |         @@@\\\   ///@@@
      | Handbook:   https://docs.opnsense.org/       |       ))))))))   ((((((((
      | Forums:   https://forum.opnsense.org/             |         @@@///   \\\@@@
      | Lists:   https://lists.opnsense.org/                 |        @@@@         @@@@
      | Code:      https://github.com/opnsense      |         @@@@@@@@@@@@@@@
      ----------------------------------------------
      Must be root.
      Connection to 10.1.1.206 closed.
      mik@air:~/.ssh$

And here a piece of the general log

      In System -> Log Files -> General

            Oct 17 22:18:16    sshd[36461]: Received disconnect from 10.1.1.111 port 59230:11: disconnected by user
            Oct 17 22:18:12    sshd[36082]: Accepted publickey for mik from 10.1.1.111 port 59230 ssh2: RSA SHA256:DWtI/7Wh
            Oct 17 22:17:52    sshd[32743]: Connection closed by 10.1.1.111 port 59228 [preauth]
            Oct 17 22:17:47    sshd[32350]: Connection closed by 10.1.1.111 port 59226 [preauth]
            Oct 17 22:17:43    sshd[27197]: Server listening on 0.0.0.0 port 2

The tail of the connection attempt using    mik@air:~/.ssh$ ssh -vvv -i id_rsa mik@10.1.1.206

         
         ...
         debug1: Sending env LC_TIME = it_IT.UTF-8
         debug2: channel 0: request env confirm 0
         debug3: send packet: type 98
         debug1: Sending env LC_NAME = it_IT.UTF-8
         debug2: channel 0: request env confirm 0
         debug3: send packet: type 98
         debug3: Ignored env XAUTHORITY
         debug3: Ignored env COLORTERM
         debug3: Ignored env _
         debug2: channel 0: request shell confirm 1
         debug3: send packet: type 98
         debug2: callback done
         debug2: channel 0: open confirm rwindow 0 rmax 32768
         debug3: receive packet: type 99
         debug2: channel_input_status_confirm: type 99 id 0
         debug2: PTY allocation request accepted on channel 0
         debug2: channel 0: rcvd adjust 2097152
         debug3: receive packet: type 99
         debug2: channel_input_status_confirm: type 99 id 0
         debug2: shell request accepted on channel 0
         Last login: Wed Oct 17 22:58:18 2018 from 10.1.1.111
         ----------------------------------------------
         |      Hello, this is OPNsense 18.7          |         @@@@@@@@@@@@@@@
         |                                            |        @@@@         @@@@
         | Website:   https://opnsense.org/        |         @@@\\\   ///@@@
         | Handbook:   https://docs.opnsense.org/   |       ))))))))   ((((((((
         | Forums:   https://forum.opnsense.org/  |         @@@///   \\\@@@
         | Lists:   https://lists.opnsense.org/  |        @@@@         @@@@
         | Code:      https://github.com/opnsense  |         @@@@@@@@@@@@@@@
         ----------------------------------------------
         debug3: receive packet: type 96
         debug2: channel 0: rcvd eof
         debug2: channel 0: output open -> drain
         debug3: receive packet: type 98
         debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
         debug3: receive packet: type 98
         debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
         debug2: channel 0: rcvd eow
         debug2: channel 0: close_read
         debug2: channel 0: input open -> closed
         debug3: receive packet: type 97
         debug2: channel 0: rcvd close
         debug3: channel 0: will not send data after close
         Must be root.
         debug3: channel 0: will not send data after close
         debug2: channel 0: obuf empty
         debug2: channel 0: close_write
         debug2: channel 0: output drain -> closed
         debug2: channel 0: almost dead
         debug2: channel 0: gc: notify user
         debug2: channel 0: gc: user detached
         debug2: channel 0: send close
         debug3: send packet: type 97
         debug2: channel 0: is dead
         debug2: channel 0: garbage collecting
         debug1: channel 0: free: client-session, nchannels 1
         debug3: channel 0: status: The following connections are open:
           #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

         debug3: send packet: type 1
         Connection to 10.1.1.206 closed.
         Transferred: sent 3480, received 3584 bytes, in 0.1 seconds
         Bytes per second: sent 53650.8, received 55254.1
         debug1: Exit status 1
         mik@air:~$

Set up a basic opnsense, then in configuration->backups select the pfsense config.xml file but only restore the section you need, i.e. dhcp then let it reboot and check what's been added, repeat for the unbound etc, but check after each one.

Not saying it will be flawless as I've never done it, but some of the config is the same.

hi,
one question, when you say to restore only the section needed, is there a correct order or sequence to follow?
I understood e.g. that the system section is not anymore compatible and i've to avoid any import of that.

On the basic configuration of opnsense after the usage of the wizard (to have the system section correctly filled), what have I to do exactly?

• copy and paste/merge the single sections taken from the original pfsense in the new opnsense config.xml?
  or
  
  
• import only the single original sections from the pfsense cfg file stripping away all unneeded?

thank you
Mik