Messages

No should be all good this time. In case of an issue booting the older kernel will get you back to 25.4.

Snapshots are also an option but may be overkill for this particular issue.

A test kernel has been provided on Github by Stephan

Code Select Expand

opnsense-update -zkr 25.1.6-axgbe

With FreeBSD 14.3beta2 out, if this gets an actual fix I'd be surprised if it makes it prior to 14.4 upstream.

( With OPNsense that would most likely be included in the next dot release that has a kernel update and at least one test kernel before that )

Firewall - Diagnostics - Aliases

Click on Update Bogons, wait ~10-15 minutes then reboot

Actually there's an easier way to do it where two FWs are present. Requires a USB cable connected from one to the console of the other.

First you'd ssh into the controlling FW, drop to a shell, and use this command to open the serial line to the other:

Code Select Expand

cu -s 115200 -l /dev/cuaU0

Here are three links you should know about.


https://docs.opnsense.org/hardware/serial_connectivity.html#serial

https://docs.opnsense.org/hardware/serial_connectivity.html#legacy-uart

https://docs.opnsense.org/hardware/bios.html

@franco will certainly be interested in this issue. Your workaround should help narrow down the issue.

Does it matter from a performance or security perspective if I just never use the "wan" interface and continue to use the interface I created for Windstream?

No. (AFAIK)

Now my question is, how to proceed from here? Should I open an issue with FreeBSD?

Opening an issue with your findings on github opnsense/src would be a good first step.

[simplest]

- I don't want YADS (yet another DNS server)

Where the simplest DHCP server would work and there are no other fancy requirements - but AGH is a must - one could simply use the DHCP provided by AGH.

I know dnsmasq is used in some big projects like pi-hole and OpenWRT, however because in so many years there's been no interest in adding support for encrypted DNS protocols makes it a very hard sell for internet traffic next to unbound/knot/stubby/powerdns/AdguardHome.


For relatively basic dhcp services you really cannot go wrong with either ISC DHCP, ISC Kea or dnsmasq, and it's not like either will be going away anytime soon. The biggest headache is finding out which must haves are needed and where do they exist or have a chance of being implemented in the next few years.

Just a guess, your timing might have been unfortunate and the issue landed during a short week

Can you reset the password using the procedure described here ?

Password reset

Are things working fine on 25.1.4 ?

Code Select Expand

opnsense-revert -r 25.1.4 opnsense && /usr/local/etc/rc.filter_configure
No reboot required, but I would reset the states to be on the safe side.

Will DEC800, DEC3800 & DEC4000 series also get an update soon?

New BIOS versions published for the following FWs:


DEC700 and DEC2700 series -- 04-2025 Version 33

Code Select Expand

BIOS Information
        Vendor: INSYDE Corp.
        Version: 05.38.26.0025-A10.33
        Release Date: 03/05/2025


DEC800 and DEC3800 & DEC4000 series -- 04-2025 Version 16

DEC4200 series -- 04-2025 Version 24



BIOS download page

That's kinda awesome, thanks for the update.