"
I did some tests. Although traffic is flowing correctly through the firewall, the problems appear somewhere else. Crash reports are generated, related to some php migration script, users are uneditable, who knows what else
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Quick, fresh install update path from really old to latest version
April 02, 2025, 07:41:11 PM #2
General Discussion / Re: Quick, fresh install update path from really old to latest version
April 02, 2025, 06:17:48 PM
I know how to perform fresh install, maybe I should rephrase my question.
I'm worried that ie. v. 25.1.4 freshly installed system will not fully understand v21.1 configuration file, will skip parts of it (services configs, IPsec configs and so on) and I'd be forced to deal with hidden problems.
If only the tool existed, that could convert or verify the consistency of configuration after old config import.
I'm worried that ie. v. 25.1.4 freshly installed system will not fully understand v21.1 configuration file, will skip parts of it (services configs, IPsec configs and so on) and I'd be forced to deal with hidden problems.
If only the tool existed, that could convert or verify the consistency of configuration after old config import.
#3
General Discussion / Quick, fresh install update path from really old to latest version
March 31, 2025, 11:32:44 AM
Hi! I found general rule to perform incremental updates .1, .7, one by one and so on, but...
I got OPNsense instance being quite important to run uninterruptible, but running 21.1 version. I'd like to update it to the latest and greatest version, but with minimal count of reboots. Anyone knows the safest way to do that?
Is there a tool that can verify a configuration against given OPNsense version or maybe a configuration conversion tool?
Maybe someone tried and succeeded with fresh install ISO update, but skipping some versions?
I got OPNsense instance being quite important to run uninterruptible, but running 21.1 version. I'd like to update it to the latest and greatest version, but with minimal count of reboots. Anyone knows the safest way to do that?
Is there a tool that can verify a configuration against given OPNsense version or maybe a configuration conversion tool?
Maybe someone tried and succeeded with fresh install ISO update, but skipping some versions?
#4
24.7, 24.10 Legacy Series / Re: "Maximum IKEv1 phase 2 exchanges" is a check box, not a value field
October 10, 2024, 07:40:07 AM
Thx.
#5
24.7, 24.10 Legacy Series / "Maximum IKEv1 phase 2 exchanges" is a check box, not a value field
October 09, 2024, 02:12:22 PM
Hi!I need to change "Maximum IKEv1 phase 2 exchanges" aka max_ikev1_xchanges, but it's not a value field.
It's a checkbox, which is unchecked even if You check it, apply, open the section again.
Screenshot attached.
What do I miss?
It's a checkbox, which is unchecked even if You check it, apply, open the section again.
Screenshot attached.
What do I miss?
#6
24.7, 24.10 Legacy Series / Re: NAT stops working
September 30, 2024, 12:08:59 PM
There's definitely an issue after upgrade. I lost all NAT rules. After comparing config files before and after I see that new empty section showd up:
<Filter version="1.0.3">
<rules/>
<snatrules/>
<npt/>
</Filter>
In "before" config all rules are int <nat> section and they're present also in "after"one, but are obviously ignored.
After adding 1:1 rule it show under new section mentioned above, but in not visible before, but named the same as in older config: <onetoone>
<Filter version="1.0.3">
<rules/>
<snatrules/>
<npt/>
</Filter>
In "before" config all rules are int <nat> section and they're present also in "after"one, but are obviously ignored.
After adding 1:1 rule it show under new section mentioned above, but in not visible before, but named the same as in older config: <onetoone>
#7
20.1 Legacy Series / OPNsense 20.1.5, OSPF by FRRouting, Networks tab useless
May 06, 2020, 09:28:52 PM
Hi!
Through some testing I came to conclusion, that Routing->OSPF->Networks Tab is useless. I'm not sure if it's OPNsense fault or FRR's.
I have lo3 interface addressed as 100.127.127.127/32. If I have it configured on Networks tab, "sh ip ospf data" shows:
Router Link States (Area 0.0.0.200)
Link ID ADV Router Age Seq# CkSum Link count
[...]
100.127.127.127 100.127.127.127 791 0x80000005 0xe511 3
but "sh ip ospf data router" does not show:
Link connected to: Stub Network
(Link ID) Net: 100.127.127.127
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metric: 0
Also, neighboring routers don't have the LSA , they don't receive it at all. The only way to see the stub network LSA is to configure ospf on "Interfaces" tab. If I do this, it does no longer matter if I use the Networks tab, or not.
Has anyone experienced this issue? I haven't use FRR on other operating systems, so I have nothing to compare with.
Through some testing I came to conclusion, that Routing->OSPF->Networks Tab is useless. I'm not sure if it's OPNsense fault or FRR's.
I have lo3 interface addressed as 100.127.127.127/32. If I have it configured on Networks tab, "sh ip ospf data" shows:
Router Link States (Area 0.0.0.200)
Link ID ADV Router Age Seq# CkSum Link count
[...]
100.127.127.127 100.127.127.127 791 0x80000005 0xe511 3
but "sh ip ospf data router" does not show:
Link connected to: Stub Network
(Link ID) Net: 100.127.127.127
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metric: 0
Also, neighboring routers don't have the LSA , they don't receive it at all. The only way to see the stub network LSA is to configure ospf on "Interfaces" tab. If I do this, it does no longer matter if I use the Networks tab, or not.
Has anyone experienced this issue? I haven't use FRR on other operating systems, so I have nothing to compare with.
Pages1
