Messages

A second try was working without problems.

Hi,

I succesfully updated Slave and Master (CARP) opnsense to 26.1.6
After this I did some changes on the Master and tried to do a HA sync.
Suddenly I got an e-mail from monit of the Slave: CARP status changed
Master was no longer accesible via web GUI. With iLO I came to the console, but no prompt.
I was only able to send a CTRL+ALT+DEL and it started to reboot.

Now it stucks after >>> Invoking backup script 'netflow'

Ok, after a long time it went to the next step and comes up.
But ... a problem with CARP is detected and Master stays on backup.

I had to enter and leave maintenance mode to bring things back to normal.

Can someone confirm such a behaviour?

Hi,

I have an OPNsense connected to the internet and want to get certs via the acme client for an other OPNsense which is behind.
How is this possible?
There is no available automatisation for this.

In a master slave environment on old HP Server hardware I see the following:

Slave:
During the update a warning window appeard: something went wrong, please check the log files.
But the update was completed and the Server rebooted at the end.

Master:
The same warning window appeared and when the reboot should happen it jumped back to the dashboard,
without a reboot.
When I againg clicked on check for updates the window 'reboot is active' appeared, but no reboot was in progress.
I pressed ctrl+alt+del for a reboot.
It took long for shut down, but rebootet succesfully.

I just heard from a colleague that he saw also the warning window but the update worked. (like on our slave)

Only for information.

P.S.: at the moment I see 'pfr_update_stats: assertion failed.' on the master console

System is up and running again with original configuration!

Thank you Franco for your help.

But I think a wait an additional week, before I update the Master.
Maybe you will find something to prevent this behaviour.


Btw. I don't think that the before mentioned segmentation fault is comming from a RAM error.
The system is a HP Server DL360 with ECC RAM and the iLO Management of the Server shows no RAM error.
Also the tests at start are Ok.

As written: the log is not the last log, but was the output of opnsense-update -g

Code Select Expand

pkg install opnsense
Was Ok.

First run of

Code Select Expand

pkg upgrade
results in a segmentation fault.

A second try is now running. ( [99/104] Extracting ruby-3.3.9.1)

Can I run

Code Select Expand

opnsense-bootstrap.sh.in -r 25.7
Without loosing my (maybe) still available configuration of the interfaces and so on?

Hm...

when I run

Code Select Expand

opnsense-update -gI get a log from the update before.
I attached it.

> pkg upgrade

Do you have that particular output for me to prove the theory?

Sorry, I'm at the console and can not copy anything.
But the FreeBSD upgrade worked without any problems.

Ups... there is no directory /usr/local/etc/pkg

Code Select Expand

mkdir /usr/local/etc/pkg

Code Select Expand

mkdir /usr/local/etc/pkg/repos

Code Select Expand

vi /usr/local/etc/pkg/repos/OPNsense.conf
with content:

OPNsense: {
  fingerprints: "/usr/local/etc/pkg/fingerprints/OPNsense",
  url: "https://pkg.opnsense.org/${ABI}/25.7/latest",
  signature_type: "fingerprints",
  priority: 11,
  enabled: yes
}

Now opnsense-update results in

Nothing to do.

How can I force it?

Hm...

Code Select Expand

opnsense-update
results in

Missing /usr/local/etc/pkg/repos/OPNsense.conf

I will try to create it by hand now.

I used

Code Select Expand

ifconfig bce3 192.168.0.123 netmask 255.255.255.0
and

Code Select Expand

route add default 192.168.0.254
And I'm back on net.
/etc/resolve was still ok.
Now I started with

Code Select Expand

pkg update -f
and

Code Select Expand

pkg upgrade
This works now as expected. ( At the moment [122/127] Extracting ruby-3.3.9.1)

Next I will check if opnsense-update is available, then I will give it a try.

Ok,

I booted into single user used

Code Select Expand

mount -u /
to make it writable

and created the file with

Code Select Expand

vi /usr/local/libexec/opnsense-auth
content:

Code Select Expand

#!/bin/sh

exit 0
Then

Code Select Expand

chmod 755 /usr/local/libexec/opnsense-auth
Now I can login after a normal boot.
But up to now no internet.

Hi,

I did the trick with second search for updates after pkg was updated.
Update starts then like normal, but suddenly stucks and an Warning message appeard that the update failed.
Unfortunatley I don't know exactly where, but I think it was packet 4 of ..

Nothing works.

After a reboot I see the login prompt, but when I try to login, I get:

sh: /usr/local/libexec/opnsense-auth not found

and I'm not able to login.

Any idea?

[Setup:]

Hello everyone,

I have a problem with OpenVPN in a HA Setup.

Setup:
2x Opnsense (v25.7.3_7) as Master/Slave HA Setup using CARP
OpenVPN S2S Tunnel using Instances

The OpenVPN Tunnel is configured using the 'Depend on (CARP)' setting.
During CARP Failover the configuration works fine. Master and Slave start/stop the client depending on their CARP Status.

But during a manual 'Synchronize and reconfigure all' under 'System -> High Availability -> Status' the OpenVPN client on the slave is started even thought he is not the CARP Master at the time.

This is leads to both Master and Slave trying to connect to the server stealing each others connection until I manually stop the client.

Using Cron to trigger 'Synchronize and reconfigure all' doesn't have this effect only the manual sync.

~Marius