Messages

anyone have any ideas? I have been holding off building the drivers.

Can confirm working as expected with the latest release.

Thank you for all your work and support!

I was able to boot the old machine offline, backup the config with the following process and then import it into the new install via the web.

Code Select Expand

mkdir /media/usb
mount_msdosfs /dev/da0s1 /media/usb
cp -R /conf /media/usb

Not sure if there is anything else I should backup for plugin configs. Everything seems to be back up and working.

[edit:]

Any help would be appreciated. What I tried:

Code Select Expand

vi /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: { enabled: yes }

pkg update
pkg install intel-em-kmod

vi /boot/loader.conf.local
if_em_updated_load="YES"

Reboot

Still will not connect at 1000baseT <full-duplex>

Code Select Expand

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 70:4d:7b:x:x:x
        inet x.x.x.x netmask 0xffffff00 broadcast x.x.x.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021


I did find this post that says not to but compile from source. Wondering if that would help?




edit: hw probe

I did try different cables!

I saved the backup of the config by clicking download and saving the config-[myrouterdns]-[date]-xml file.

I then replaced the hardware, installed a fresh copy opnsense, setup the basic config, and downloaded backup of a fresh config.

I went to compare the 2 xml files to migrate settings and realized that both xml files are actually the webpage.

Code Select Expand

<!doctype html>
<!--[if IE 8 ]><html lang="en-US" class="ie ie8 lte9 lte8 no-js"><![endif]-->
<!--[if IE 9 ]><html lang="en-US" class="ie ie9 lte9 no-js"><![endif]-->
<!--[if (gt IE 9)|!(IE)]><!--><html lang="en-US" class="no-js"><!--<![endif]-->
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="robots" content="noindex, nofollow, noodp, noydir" />
    <meta name="keywords" content="" />
    <meta name="description" content="" />
    <meta name="copyright" content="" />
    <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />

    <title>Backups | Configuration | System | [myrouterdns] </title>
...


Running:
OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

Understandable, as a preemptive measure and to be respectful of your time: when the security/health checks are complete and issues were found, a link could be presented that takes end users to an opnsense webpage with information suitable to end users with general diagnosis procedures as you have presented, that could be updated with any pertinent or ongoing information. Again I appreciate your assistance.

Franco, so what you are saying is that it is installed by something other than the core firewall. Got it.  That still does not resolve the issue of opnsense health saying there it is vulnerable. Nor help figure what is causing the problem. I appreciate your attention, please understand I am an end user not a opnsense programmer.

it's a relatively safe bet that when we do not configure SASL use from core that the vulnerable code is never used by us, even indirectly.

"Indirectly" would seem to indicate plugins in the opnsense repo? Are these verified compatible somehow with new release versions and made sure they are not vulnerable? The only issue I noticed after upgrading is that os-dyndns was marked as misconfigured so I reinstalled that, then I saw that it is marked as legacy now, so I will work on switching to os-ddclient. I also am not using squid.

Please stop trolling and start reading. This is ridiculous.


Cheers,

Franco, I am not trolling.  :( This is a response that I would typically see in pfsense. I legit do not see a resolution in your previous post, I see you posted some information on diagnosing, but no fix. I did a google search and found that 2.1.28 was updated 2.23.22 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262133 But I do not see an update for opnsense or how to get this fix.

for those that don't want to search... not sure why it was so hard to post.

Code Select Expand

pkg remove py37-markupsafe

Not sure why this was left around on the community build but I am sure lots of people will have this issue.

Still left with the "cyrus-sasl-2.1.27_2 is vulnerable:" error on the latest community build.

Any update on the fix?

Having this issue and can't remember how to fix it. This post came up first in the search result.

same

Didn't work form me. I got ERR_CERT_DATE_INVALID after following your instructions.

Are you sure you are not running in live mode? When you trashed the server, did it go through the installation wizard? (disk choice, etc.)

Bart...

Not in live mode. This is install on desktop machine.  I meant the openvpn wizard not the full install wizard.

I am having problems setting up the road warrior vpn. I am using OPNsense 20.7.3-amd64

When I try and use the Wizard it doesn't make any WAN rules to open the port I select. It creates the new interface but does not enable it. The firewall after enabling opt1 then has rules for OpenVPN and OPT1.

When I edit the server nothing is saved.
VPN -> OpenVPN -> Servers
Click pencil icon to edit, make any changes, Click save
Go back and edit again and the no changes were made.
I have to trash the openvpn server to try again.