Messages

Ok, so If I follow you, it'S the same but I have to allow my server traffic to go to my actual lan where the machine is ?

Going to test this. Thank you very much for your help

Let's say I have a server on 192.168.4.25

What rules should I add to be to reach it from let's say 192.168.1.12 when requesting my wan IP ?

Regular hairpin mechanism does not seems to work.

Regards

Answered myself !

ZFS is part of the installer now. REJOICE !

Where does one get the bootstrap script ? I want to rebuild my firewall and the bootstrap script is 404

https://github.com/opnsense/update#opnsense-bootstrap

Procedure does not work anymore !

For folks considering doing it the following worked perfectly for me on WatchGuard XTM 5 upgraded with a quad core cpu, 4Gb RAM and an SSD. I did not patch the BIOS.

• Install FreeBSD 12.1 on ZFS
• Download and start the OpnSense Bootstrap

I had absolutely no issues.

I did this for the sole purpose of not messing the file system at every power outage.

Less Tax on CPU for vpn encryption, decryption.

I run OpnSense in an XTM5 second gen. It works beautifully.

This hardware comes with a Nitrox CAvium Card to accelerate VPN crypto

It appears drivers were released for linux:

https://github.com/torvalds/linux/tree/master/drivers/crypto/cavium/nitrox

Does it means someone could support that card in OpnSense ?

Didn't try other cards, but i'm using a professional SanDisk card which I doubt is the problem. Yes this is the Nano image.

I have the same output from the console. It stops right there and reboot.

No error messages, nothing.

The box reboot before the update has time to finish install. It reboot right after the last step in the transcript=which is far from the end.

Box is dead. Had to reflash and copy back the config.  Upgrading again leads to the same problem.

Hi There.

I really enjoy opnsense. But the upgrade procedure is currently failing and leaves me with a non booting Firewall. Any Idea ?

Firewall is a Watchguard XTM 5 with a 16 Gb compact flash card

The upgrade starts (Transcript below) and then the firewall reboots suddenly at the last listed step.

Code Select Expand

***GOT REQUEST TO UPGRADE: all***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (102 candidates): .......... done
Processing candidates (102 candidates): ........ done
The following 82 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
openssl102: 1.0.2u
py37-yaml: 5.2
syslog-ng324: 3.24.1
php72-google-api-php-client: 2.4.0

Installed packages to be UPGRADED:
wpa_supplicant: 2.8 -> 2.9
unbound: 1.9.2 -> 1.9.6
suricata: 4.1.4_3 -> 4.1.6
sudo: 1.8.27_1 -> 1.8.30
strongswan: 5.8.0 -> 5.8.2_1
squid: 4.7_2 -> 4.9
sqlite3: 3.28.0 -> 3.30.1
rrdtool: 1.7.2 -> 1.7.2_1
readline: 8.0.0 -> 8.0.1
python37: 3.7.3_1 -> 3.7.6
python27: 2.7.16_1 -> 2.7.17_1
py37-urllib3: 1.22,1 -> 1.25.7,1
py37-sqlite3: 3.7.3_7 -> 3.7.6_7
py37-six: 1.12.0 -> 1.13.0
py37-setuptools: 41.0.1 -> 44.0.0
py37-requests: 2.21.0 -> 2.22.0
py37-pytz: 2019.1,1 -> 2019.3,1
py37-pysocks: 1.7.0 -> 1.7.1
py37-openssl: 18.0.0 -> 19.0.0
py37-chardet: 3.0.4_1 -> 3.0.4_3
py37-cffi: 1.12.3 -> 1.13.2
py37-certifi: 2019.6.16 -> 2019.11.28
py27-yaml: 5.1 -> 5.2
py27-setuptools: 41.0.1 -> 44.0.0
php72-zlib: 7.2.19 -> 7.2.26
php72-xml: 7.2.19 -> 7.2.26
php72-sqlite3: 7.2.19 -> 7.2.26
php72-sockets: 7.2.19 -> 7.2.26
php72-simplexml: 7.2.19 -> 7.2.26
php72-session: 7.2.19 -> 7.2.26
php72-phpseclib: 2.0.15 -> 2.0.23
php72-phalcon: 3.4.4 -> 3.4.5
php72-pdo: 7.2.19 -> 7.2.26
php72-openssl: 7.2.19 -> 7.2.26
php72-ldap: 7.2.19 -> 7.2.26
php72-json: 7.2.19 -> 7.2.26
php72-hash: 7.2.19 -> 7.2.26
php72-gettext: 7.2.19 -> 7.2.26
php72-filter: 7.2.19 -> 7.2.26
php72-dom: 7.2.19 -> 7.2.26
php72-curl: 7.2.19 -> 7.2.26
php72-ctype: 7.2.19 -> 7.2.26
php72: 7.2.19 -> 7.2.26
pftop: 0.7_8 -> 0.7_9
perl5: 5.28.2 -> 5.30.1
pcre: 8.43_1 -> 8.43_2
os-dyndns: 1.16_1 -> 1.18_1
opnsense-update: 19.7 -> 19.7.7
opnsense: 19.7 -> 19.7.10
openvpn: 2.4.7 -> 2.4.8
openssh-portable: 7.9.p1_1,1 -> 8.1.p1,1
openldap-sasl-client: 2.4.47 -> 2.4.48
ntp: 4.2.8p13 -> 4.2.8p13_6
nettle: 3.5.1 -> 3.5.1_1
monit: 5.25.3 -> 5.26.0
libxml2: 2.9.9 -> 2.9.10
libnghttp2: 1.39.1 -> 1.40.0
liblz4: 1.9.1,1 -> 1.9.2_1,1
libevent: 2.1.10 -> 2.1.11
libedit: 3.1.20190324,1 -> 3.1.20191211,1
ldns: 1.7.0_1 -> 1.7.1_1
krb5: 1.17_2 -> 1.17.1
json-c: 0.13.1 -> 0.13.1_1
isc-dhcp44-server: 4.4.1_4 -> 4.4.2
isc-dhcp44-relay: 4.4.1 -> 4.4.2
hyperscan: 4.7.0_2 -> 4.7.0_3
hostapd: 2.8 -> 2.9
glib: 2.56.3_5,1 -> 2.56.3_6,1
expat: 2.2.6_1 -> 2.2.8
e2fsprogs-libuuid: 1.45.2 -> 1.45.5
dnsmasq: 2.80_3,1 -> 2.80_4,1
cyrus-sasl: 2.1.27 -> 2.1.27_1
curl: 7.65.1_1 -> 7.68.0
ca_root_nss: 3.45 -> 3.49.1

Installed packages to be REINSTALLED:
py37-cryptography-2.6.1 (direct dependency changed: openssl102)
mpd5-5.8_10 (direct dependency changed: openssl102)
lighttpd-1.4.54 (direct dependency changed: openssl102)
flowd-0.9.1_3 (options changed)

Number of packages to be installed: 4
Number of packages to be upgraded: 74
Number of packages to be reinstalled: 4

The process will require 37 MiB more space.
85 MiB to be downloaded.
[1/82] Fetching wpa_supplicant-2.9.txz: .......... done
[2/82] Fetching unbound-1.9.6.txz: .......... done
[3/82] Fetching suricata-4.1.6.txz: .......... done
[4/82] Fetching sudo-1.8.30.txz: .......... done
[5/82] Fetching strongswan-5.8.2_1.txz: .......... done
[6/82] Fetching squid-4.9.txz: .......... done
[7/82] Fetching sqlite3-3.30.1.txz: .......... done
[8/82] Fetching rrdtool-1.7.2_1.txz: .......... done
[9/82] Fetching readline-8.0.1.txz: .......... done
[10/82] Fetching python37-3.7.6.txz: .......... done
[11/82] Fetching python27-2.7.17_1.txz: .......... done
[12/82] Fetching py37-urllib3-1.25.7,1.txz: .......... done
[13/82] Fetching py37-sqlite3-3.7.6_7.txz: .... done
[14/82] Fetching py37-six-1.13.0.txz: ... done
[15/82] Fetching py37-setuptools-44.0.0.txz: .......... done
[16/82] Fetching py37-requests-2.22.0.txz: .......... done
[17/82] Fetching py37-pytz-2019.3,1.txz: .......... done
[18/82] Fetching py37-pysocks-1.7.1.txz: ... done
[19/82] Fetching py37-openssl-19.0.0.txz: .......... done
[20/82] Fetching py37-cryptography-2.6.1.txz: .......... done
[21/82] Fetching py37-chardet-3.0.4_3.txz: .......... done
[22/82] Fetching py37-cffi-1.13.2.txz: .......... done
[23/82] Fetching py37-certifi-2019.11.28.txz: .......... done
[24/82] Fetching py27-yaml-5.2.txz: .......... done
[25/82] Fetching py27-setuptools-44.0.0.txz: .......... done
[26/82] Fetching php72-zlib-7.2.26.txz: ... done
[27/82] Fetching php72-xml-7.2.26.txz: ... done
[28/82] Fetching php72-sqlite3-7.2.26.txz: ... done
[29/82] Fetching php72-sockets-7.2.26.txz: ..... done
[30/82] Fetching php72-simplexml-7.2.26.txz: ... done
[31/82] Fetching php72-session-7.2.26.txz: ..... done
[32/82] Fetching php72-phpseclib-2.0.23.txz: .......... done
[33/82] Fetching php72-phalcon-3.4.5.txz: .......... done
[34/82] Fetching php72-pdo-7.2.26.txz: ...... done
[35/82] Fetching php72-openssl-7.2.26.txz: ........ done
[36/82] Fetching php72-ldap-7.2.26.txz: ... done
[37/82] Fetching php72-json-7.2.26.txz: ... done
[38/82] Fetching php72-hash-7.2.26.txz: .......... done
[39/82] Fetching php72-gettext-7.2.26.txz: . done
[40/82] Fetching php72-filter-7.2.26.txz: ... done
[41/82] Fetching php72-dom-7.2.26.txz: ........ done
[42/82] Fetching php72-curl-7.2.26.txz: .... done
[43/82] Fetching php72-ctype-7.2.26.txz: . done
[44/82] Fetching php72-7.2.26.txz: .......... done
[45/82] Fetching pftop-0.7_9.txz: .......... done
[46/82] Fetching perl5-5.30.1.txz: .......... done
[47/82] Fetching pcre-8.43_2.txz: .......... done
[48/82] Fetching os-dyndns-1.18_1.txz: .... done
[49/82] Fetching opnsense-update-19.7.7.txz: ........ done
[50/82] Fetching opnsense-19.7.10.txz: .......... done
[51/82] Fetching openvpn-2.4.8.txz: .......... done
[52/82] Fetching openssh-portable-8.1.p1,1.txz: .......... done
[53/82] Fetching openldap-sasl-client-2.4.48.txz: .......... done
[54/82] Fetching ntp-4.2.8p13_6.txz: .......... done
[55/82] Fetching nettle-3.5.1_1.txz: .......... done
[56/82] Fetching mpd5-5.8_10.txz: .......... done
[57/82] Fetching monit-5.26.0.txz: .......... done
[58/82] Fetching lighttpd-1.4.54.txz: .......... done
[59/82] Fetching libxml2-2.9.10.txz: .......... done
[60/82] Fetching libnghttp2-1.40.0.txz: .......... done
[61/82] Fetching liblz4-1.9.2_1,1.txz: .......... done
[62/82] Fetching libevent-2.1.11.txz: .......... done
[63/82] Fetching libedit-3.1.20191211,1.txz: .......... done
[64/82] Fetching ldns-1.7.1_1.txz: .......... done
[65/82] Fetching krb5-1.17.1.txz: .......... done
[66/82] Fetching json-c-0.13.1_1.txz: ........ done
[67/82] Fetching isc-dhcp44-server-4.4.2.txz: .......... done
[68/82] Fetching isc-dhcp44-relay-4.4.2.txz: .......... done
[69/82] Fetching hyperscan-4.7.0_3.txz: .......... done
[70/82] Fetching hostapd-2.9.txz: .......... done
[71/82] Fetching glib-2.56.3_6,1.txz: .......... done
[72/82] Fetching flowd-0.9.1_3.txz: .......... done
[73/82] Fetching expat-2.2.8.txz: .......... done
[74/82] Fetching e2fsprogs-libuuid-1.45.5.txz: ..... done
[75/82] Fetching dnsmasq-2.80_4,1.txz: .......... done
[76/82] Fetching cyrus-sasl-2.1.27_1.txz: .......... done
[77/82] Fetching curl-7.68.0.txz: .......... done
[78/82] Fetching ca_root_nss-3.49.1.txz: .......... done
[79/82] Fetching openssl102-1.0.2u.txz: .......... done
[80/82] Fetching py37-yaml-5.2.txz: .......... done
[81/82] Fetching syslog-ng324-3.24.1.txz: .......... done
[82/82] Fetching php72-google-api-php-client-2.4.0.txz: .......... done
Checking integrity... done (2 conflicting)
  - openssl102-1.0.2u conflicts with openssl-1.0.2s,1 on /usr/local/bin/c_rehash
  - syslog-ng324-3.24.1 conflicts with syslog-ng-3.21.1 on /usr/local/bin/dqtool
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 84 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
openssl-1.0.2s,1
syslog-ng-3.21.1

New packages to be INSTALLED:
openssl102: 1.0.2u
py37-yaml: 5.2
syslog-ng324: 3.24.1
php72-google-api-php-client: 2.4.0

Installed packages to be UPGRADED:
readline: 8.0.0 -> 8.0.1
python37: 3.7.3_1 -> 3.7.6
py37-setuptools: 41.0.1 -> 44.0.0
py37-six: 1.12.0 -> 1.13.0
py37-cffi: 1.12.3 -> 1.13.2
python27: 2.7.16_1 -> 2.7.17_1
pcre: 8.43_1 -> 8.43_2
libxml2: 2.9.9 -> 2.9.10
py37-pytz: 2019.1,1 -> 2019.3,1
py37-pysocks: 1.7.0 -> 1.7.1
py37-openssl: 18.0.0 -> 19.0.0
py37-certifi: 2019.6.16 -> 2019.11.28
py27-setuptools: 41.0.1 -> 44.0.0
php72: 7.2.19 -> 7.2.26
libnghttp2: 1.39.1 -> 1.40.0
cyrus-sasl: 2.1.27 -> 2.1.27_1
ca_root_nss: 3.45 -> 3.49.1
sqlite3: 3.28.0 -> 3.30.1
py37-urllib3: 1.22,1 -> 1.25.7,1
py37-chardet: 3.0.4_1 -> 3.0.4_3
py27-yaml: 5.1 -> 5.2
php72-pdo: 7.2.19 -> 7.2.26
php72-json: 7.2.19 -> 7.2.26
php72-hash: 7.2.19 -> 7.2.26
perl5: 5.28.2 -> 5.30.1
openldap-sasl-client: 2.4.47 -> 2.4.48
nettle: 3.5.1 -> 3.5.1_1
liblz4: 1.9.1,1 -> 1.9.2_1,1
libevent: 2.1.10 -> 2.1.11
libedit: 3.1.20190324,1 -> 3.1.20191211,1
ldns: 1.7.0_1 -> 1.7.1_1
krb5: 1.17_2 -> 1.17.1
json-c: 0.13.1 -> 0.13.1_1
hyperscan: 4.7.0_2 -> 4.7.0_3
glib: 2.56.3_5,1 -> 2.56.3_6,1
expat: 2.2.6_1 -> 2.2.8
e2fsprogs-libuuid: 1.45.2 -> 1.45.5
curl: 7.65.1_1 -> 7.68.0
wpa_supplicant: 2.8 -> 2.9
unbound: 1.9.2 -> 1.9.6
suricata: 4.1.4_3 -> 4.1.6
sudo: 1.8.27_1 -> 1.8.30
strongswan: 5.8.0 -> 5.8.2_1
squid: 4.7_2 -> 4.9
rrdtool: 1.7.2 -> 1.7.2_1
py37-sqlite3: 3.7.3_7 -> 3.7.6_7
py37-requests: 2.21.0 -> 2.22.0
php72-zlib: 7.2.19 -> 7.2.26
php72-xml: 7.2.19 -> 7.2.26
php72-sqlite3: 7.2.19 -> 7.2.26
php72-sockets: 7.2.19 -> 7.2.26
php72-simplexml: 7.2.19 -> 7.2.26
php72-session: 7.2.19 -> 7.2.26
php72-phpseclib: 2.0.15 -> 2.0.23
php72-phalcon: 3.4.4 -> 3.4.5
php72-openssl: 7.2.19 -> 7.2.26
php72-ldap: 7.2.19 -> 7.2.26
php72-gettext: 7.2.19 -> 7.2.26
php72-filter: 7.2.19 -> 7.2.26
php72-dom: 7.2.19 -> 7.2.26
php72-curl: 7.2.19 -> 7.2.26
php72-ctype: 7.2.19 -> 7.2.26
pftop: 0.7_8 -> 0.7_9
opnsense-update: 19.7 -> 19.7.7
openvpn: 2.4.7 -> 2.4.8
openssh-portable: 7.9.p1_1,1 -> 8.1.p1,1
ntp: 4.2.8p13 -> 4.2.8p13_6
monit: 5.25.3 -> 5.26.0
isc-dhcp44-server: 4.4.1_4 -> 4.4.2
isc-dhcp44-relay: 4.4.1 -> 4.4.2
hostapd: 2.8 -> 2.9
dnsmasq: 2.80_3,1 -> 2.80_4,1
os-dyndns: 1.16_1 -> 1.18_1
opnsense: 19.7 -> 19.7.10

Installed packages to be REINSTALLED:
py37-cryptography-2.6.1 (direct dependency changed: openssl102)
mpd5-5.8_10 (direct dependency changed: openssl102)
lighttpd-1.4.54 (direct dependency changed: openssl102)
flowd-0.9.1_3 (options changed)

Number of packages to be removed: 2
Number of packages to be installed: 4
Number of packages to be upgraded: 74
Number of packages to be reinstalled: 4

The process will require 21 MiB more space.
[1/84] Upgrading pcre from 8.43_1 to 8.43_2...
[1/84] Extracting pcre-8.43_2: .......... done
[2/84] Upgrading libxml2 from 2.9.9 to 2.9.10...
[2/84] Extracting libxml2-2.9.10: .......... done
[3/84] Upgrading readline from 8.0.0 to 8.0.1...
[3/84] Extracting readline-8.0.1: .......... done
[4/84] Upgrading php72 from 7.2.19 to 7.2.26...
[4/84] Extracting php72-7.2.26: .......... done
[5/84] Upgrading sqlite3 from 3.28.0 to 3.30.1...
[5/84] Extracting sqlite3-3.30.1: .......... done
[6/84] Upgrading php72-pdo from 7.2.19 to 7.2.26...
[6/84] Extracting php72-pdo-7.2.26: .......... done
[7/84] Upgrading php72-json from 7.2.19 to 7.2.26...
[7/84] Extracting php72-json-7.2.26: .......... done
[8/84] Upgrading php72-hash from 7.2.19 to 7.2.26...
[8/84] Extracting php72-hash-7.2.26: .......... done
[9/84] Upgrading perl5 from 5.28.2 to 5.30.1...
[9/84] Extracting perl5-5.30.1: .......... done
[10/84] Upgrading nettle from 3.5.1 to 3.5.1_1...
[10/84] Extracting nettle-3.5.1_1: .......... done
[11/84] Upgrading ca_root_nss from 3.45 to 3.49.1...
[11/84] Extracting ca_root_nss-3.49.1: ...... done
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
You may need to manually remove /usr/local/openssl/cert.pem if it is no longer needed.
[12/84] Upgrading sudo from 1.8.27_1 to 1.8.30...
[12/84] Extracting sudo-1.8.30: ......... done
[13/84] Upgrading php72-zlib from 7.2.19 to 7.2.26...
[13/84] Extracting php72-zlib-7.2.26: ....... done
[14/84] Upgrading php72-xml from 7.2.19 to 7.2.26...
[14/84] Extracting php72-xml-7.2.26: ........ done
[15/84] Upgrading php72-sqlite3 from 7.2.19 to 7.2.26...
[15/84] Extracting php72-sqlite3-7.2.26: ........ done
[16/84] Upgrading php72-sockets from 7.2.19 to 7.2.26...
[16/84] Extracting php72-sockets-7.2.26: .......... done
[17/84] Upgrading php72-simplexml from 7.2.19 to 7.2.26...
[17/84] Extracting php72-simplexml-7.2.26: ......... done
[18/84] Upgrading php72-session from 7.2.19 to 7.2.26...
[18/84] Extracting php72-session-7.2.26: .......... done
[19/84] Upgrading php72-phpseclib from 2.0.15 to 2.0.23...
[19/84] Extracting php72-phpseclib-2.0.23: ........ done
[20/84] Upgrading php72-phalcon from 3.4.4 to 3.4.5...
[20/84] Extracting php72-phalcon-3.4.5: ........ done
[21/84] Upgrading php72-gettext from 7.2.19 to 7.2.26...
[21/84] Extracting php72-gettext-7.2.26: ....... done
[22/84] Upgrading php72-filter from 7.2.19 to 7.2.26...
[22/84] Extracting php72-filter-7.2.26: ........ done
[23/84] Upgrading php72-dom from 7.2.19 to 7.2.26...
[23/84] Extracting php72-dom-7.2.26: .......... done
[24/84] Upgrading php72-ctype from 7.2.19 to 7.2.26...
[24/84] Extracting php72-ctype-7.2.26: ....... done
[25/84] Upgrading pftop from 0.7_8 to 0.7_9...
[25/84] Extracting pftop-0.7_9: ..... done
[26/84] Upgrading isc-dhcp44-relay from 4.4.1 to 4.4.2...
[26/84] Extracting isc-dhcp44-relay-4.4.2: ....... done
[27/84] Reinstalling flowd-0.9.1_3...
===> Creating groups.
Using existing group '_flowd'.
===> Creating users
Using existing user '_flowd'.
[27/84] Extracting flowd-0.9.1_3: .......... done
[28/84] Upgrading dnsmasq from 2.80_3,1 to 2.80_4,1...
[28/84] Extracting dnsmasq-2.80_4,1: .......... done
[29/84] Deinstalling openssl-1.0.2s,1...
[29/84] Deleting files for openssl-1.0.2s,1: .....

Any Idea ???