Messages

OK this only happens when I use the config file. If I don't specify a config file, I get a full inventory and can even filter by the MAC of my i226 card. I still get a message about "Unsupported device found - DeviceId: 15D6." though.

Code Select Expand

Intel(R) Ethernet NVM Update Tool
NVMUpdate version 1.43.20.0
Copyright(C) 2013 - 2025 Intel Corporation.

./nvmupdate64e -i -l out.log -m 00A0C9261A48

Config file will not be read.
Unsupported device found - DeviceId: 15D6.
Inventory
[00:001:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
OROM inventory started.
OROM inventory finished.
[00:001:00:00]: Intel(R) Ethernet Controller I226-V
Vendor                 : 8086
Device                 : 125C
Subvendor              : 8086
Subdevice              : 0000
Revision               : 4
LAN MAC                : 00A0C9261A48
Alt MAC                : 000000000000
SAN MAC                : 000000000000
ETrackId               : 8000028D
SerialNumber           : 00A0C9FFFF261A48
NVM Version            : 2.20(2.14)
PBA                    : G23456-000
VPD status             : Not set
VPD size               : 0
NVM update             : No config file entry
checksum             : Valid
OROM update            : No config file entry
CIVD                 : 0.0.0
EFI                  : 0.1.1, checksum None


I have another intel NIC (i219) in my machine that seems to be getting in the way:

Code Select Expand

./nvmupdate64e -i -c nvm.cfg.txt -l out.log

Config file read.
Unsupported device found - DeviceId: 15D6.
Error:   Config file ETrackId doesn't match NVM image version [config: 0x80000422, image: 0x74616465].
I think I need to use the -location option to specify (-m didn't help) but I haven't found the right thing to pass to that. Not sure what info in pciconf I need to put there:

Code Select Expand

igc0@pci0:1:0:0:        class=0x020000 rev=0x04 hdr=0x00 vendor=0x8086 device=0x125c subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'Ethernet Controller I226-V'
    class      = network
    subclass   = ethernet

User SSH keys will be part of the config.xml if you added them through the UI.

Ah, yeah found that out as I went ahead and did my reinstall. I also found it helpful to copy everything that I thought I might need besides the config.xml onto the opnsense usb stick so it would be there after I installed from it :).

Things I found:

• Using adguard as my primary DNS made this more difficult as the system could not install the adguard package (or any other additional packages/plugins) without DNS. I had to add 8.8.8.8 as my DNS until I got my plugin install finished.
• SSL certs (I use acme with letsencrypt) were saved in the config.xml, but were not saved out into the filesystem for something like adguard to use until I forced acme to renew the cert.
• I use bash on the user that I ssh into my opnsense box with, so I could not ssh in until I either changed that user to /bin/sh or installed bash.

Other than that, things went pretty smoothly and I'm now on zfs - something new to learn about :).

To go to 25.1, I think I'm going to do a reinstall and give myself a chance to switch to zfs, too. My question is if there is a checklist for doing a reinstall for things to consider besides just having your saved config.xml

Here's what I can think of (having not done it yet):

• SSL certs. It looks like these may be in the config.xml, but will the system place them in the filesystem where they need to go?
• user SSH keys
• Adguard Home config. And any other "3rd party" tool like this.

Anything else?

Yes! The disabling VLAN hardware filtering is what I was missing. I had it set to default. Thank you.

I'm running 21.7.1

I've been using suricata for a couple years. Originally, I had no VLANs and ran a pretty flat network. I recently redid my network and added an AP that supports VLANs. It it connected to its own interface on my router PC, my wired switch connects to another interface. I am running several VLANs on the WLAN. I realized yesterday that I never enabled suricata on the network port (igb) that the AP is on, so I did that yesterday.  Everything on a Wifi VLAN broke.
Details I have since found:

• Things are only broken if IPS is enabled
• Things are still broken even with no rules with IPS enabled
• clients are not able to get a DHCP address assigned.

As I was writing this I realize that it looks like dhcpd is trying to assign clients on the VLANs an address for the physical subnet for that port and then the client can't use that IP because it is for the wrong network.

Is there some settings I need to tweak somewhere?

I noticed the same thing and chalked it up to things being a bit weird during the upgrade process.

I'm running 21.1.6 on bare metal, single wan interface.

I had an issue last week where I was experiencing what seemed like service brownouts for many websites/services. I couldn't complete a login to gmail. I stopped being able to see all of my photos in google photos and couldn't upload new ones. I checked google's status page, all green. After looking around my opnsense box, I noticed that the firewall was blocking a ton of stuff heading out to the internet with the default deny rule. All of this was working fine the previous day, but for some reason opnsense decided that certain IPs should be blocked by the default deny rule. I wasn't sure if there was some cache I could choose to clear or service I could restart, so I rebooted and everything went back to normal.

This happened right before I was leaving on a trip for a few days so I just wanted ti back to working. The filter logs seem to have rolled over so I can't post a log og exactly what happened.  Today I will set up sending logs to a server on my network :)

Has anyone else experienced the firewall starting to block things with the default deny rule when it should not?

any better on 21.1.1?