Messages

Last night, I updated to 23.1.6, from 23.1.5_4.  My issues with >>extremely<< slow load observed in some apps on my two Android devices seem to have been resolved by the update.  My hunch that this problem was a DNS issue is supported by the fact that the update included a new version of os-ddclient.
The two Android devices are a Pixel 5a phone and a Samsung Galaxy Tab S7.  None of the non-Android devices on the network appeared to have similar problems -- iPhone, iPad, Windows 10 laptops, linux workstation and servers.
Still curious to know what the problem was and why it was constrained to Android devices -- what is different about how DNS works on Android (if in fact it was a DNS problem)?
I also have doubts about Galaxy's idea that the problem goes away briefly after a reboot.  When the opnsense router reboots, Android drops the wifi connection and reverts to cellular -- on the phone anyway, no cellular on the tab.  With the cellular connection, everything works normally.  Once the reboot is complete, it takes a few minutes for the phone to find wifi again and reconnect.
And that is one difference between Android and iPhone -- when the router WAN connection goes away for any reason -- either the router is offline or ISP WAN connection is down, the iPhone keeps its wifi connection and complains about lack of internet access.  Android drops the wifi connection when WAN internet access disappears and reverts to cellular.
My thanks anyway for the fix.  I try to stay away from the bleeding edge of major releases, to avoid issues like this.  I guess I jumped the gun by a few weeks this time.

Yes, I am a bit frustrated too, but I don't plan to go back to pf.  I can work around this either by using a VPN or turning off wifi on my phone so it uses cellular.  Hardly ideal, but I would rather support this open source effort and give the issue a chance to play out.  Though I wish I at least knew whether the problem is a configuration issue or a bug of some sort in the code.
If there are only two of us having the issue (if it is, in fact, the same issue), it's going to end up pretty low priority.

I rebooted last night for the first time since completing the upgrade a few weeks ago, and it is not clear... one of the apps on my phone cleared up right after the reboot, but after that no improvement.  So if the reboot fixed anything, it only lasted for one or two minutes.
And, yes, it appears that the problem only pertains to apps, not through a browser such as Firefox, which is my default.  For example I use  the Weather Underground app.  If I browse to wunderground.com in FireFox on my phone, weather info loads immediately.  When I open the Weather Underground app on the same phone, the app opens immediately, but it takes literally a few minutes for any weather info to load.  Watching LAN DNS traffic while the app is loading info, it is clear that there is a lot of DNS activity related to ads in the app.  Not sure that is relevant.

Galaxy -- thanks for your reply. 
Suspecting (with little to no evidence) that this is a problem with DNS, I tried changing DNS servers, and related settings, to no avail.  Then I fired up tcpdump with a Wireshark client and tried to find some obvious anomaly in DNS exchanges related to the apps that I am having problems with, also to no avail.  Lots of DNS traffic between DNS clients on the LAN and opnsense, much more sparse DNS traffic on the WAN.
Final attempt today was to remove the deprecated dyndns plugin and instead install os-ddclient but leave it deactivated, and parked the mostly unused domain name that was pointing to my OPNsense router.  This seemed to improve things for some, but not all, apps that are having problems on my phone and tablet.
Have you been using dynamic DNS?
I don't know why dynamic DNS would be causing problems, and it is frustrating that making that change led to apparent partial resolution, so that I don't really know if it has anything to do with the problem.
DNS settings on Android don't seem to make any difference either, but how DNS works in current Android releases is pretty opaque to me.
I would love it if someone could suggest other debugging steps or opine about what the root cause of this issue might be.

Following upgrading to 23.1, some apps running on two Android devices started loading very slowly.
Android devices:  Samsung Tablet, Pixel 5a phone
Slow apps:
-- loading an Excel file from OneDrive -- this can take several >>minutes<< unless I am running NordVPN on the tablet, in which case loading is immediate, as it was before upgrade to 23.1.  File size is 240k.
-- Starting Google Drive and loading a file -- not quite as slow as Excel File, but it can take up to a minute for Google Drive to display the directory, then another extended wait to load a pdf or word file.  Not a problem with the VPN running.
-- Running Wunderground weather app on either the tablet or the phone.  The app starts immediately, but takes an extended time to load any information.  Again, not a problem when running the VPN.  Also, not a problem for the phone when connected the the cellular network, not the LAN with the opnsense router.
Other devices on the network include Linux desktop running  Ubuntu 22.04, Windows 10 laptops, iphone, ipad.  None of these other devices are having similar problems.
Opnsense configuration:
OPNsense 23.1.5_4-amd64
Intel(R) Atom(TM) CPU E3845 @ 1.91GHz (4 cores, 4 threads)
Unbound DNS
I did not operate any of the intermediate versions of 23.1, but went directly to 23.1.5_4 release.
Is there something funky about how Android does DNS that causes a problematic interaction with Opnsense?
Thanks in advance for any help.

I am still having this problem.  I had to reboot my cable modem, and the opnsense router could not establish an IPV4 address on the WAN interface until I rebooted it. 
Any suggestions on what the problem might be would be much appreciated.
Thank you,
John K.

I recently had a failure of my UPS (battery died) during a storm event that resulted in repeated cycling of line power.  During the event, I lost internet connectivity and thought it was ISP's problem -- OPNsense was up and showing an IPv6 address on the WAN interface, but no IPv4.  After many hours of no internet, I investigated and found that going to Interfaces>Overview>WAN->reload resulted in a valid IPV4 address on the WAN interface and restored internet connectivity.
Again making an incorrect assumption, I figured that some problem associated with repeated power outages had resulted in a rare state that would not be repeated.  WRONG.  I cycled the power again, after doing a clean shutdown of OPNsense, as I replaced the battery in the UPS, and once again, no IPV4 address on the WAN interface and no internet connectivity after restart.  As before, going to the Interfaces>Overview>WAN->reload step restored the WAN interface to full operation.
As I have been running on a UPS for quite a while, I had not previously experienced the power cycling fault.  I have, however, done numerous reboots associated with updating OPNsense, which has not resulted in loss of WAN connectivity.
OPNsense 21.7.4-amd64
FreeBSD 12.1-RELEASE-p20-HBSD
OpenSSL 1.1.1l 24 Aug 2021
Intel(R) Atom(TM) CPU E3845 @ 1.91GHz (4 cores)

Browsing for similar problems, I see that others have experienced sim

Browsing for similar problems, I see that others have experienced similar problems associated with earlier major releases of OPNsense.  Is this still an outstanding issue?  Any ETA for a fix?  Or is there something in settings that I should change?
Thanks in advance for help/advice.
John K.ilar problems associated with earlier major releases of OPNsense.  Is this still an outstanding issue?  Any ETA for a fix?  Or is there something in settings that I should change?
Thanks in advance for help/advice.
John K.

I also have problems upgrading from 21.1.9_1-amd64 to 21.7.  Upgrade (from web gui) fails at the beginning:
***GOT REQUEST TO UPGRADE***
Fetching packages-21.7-OpenSSL-amd64.tar: ............................... failed, no signature found
***DONE***
Mirror is LeaseWeb (HTTP, Washington, DC, US)
/var/cache/opnsense-update/.upgrade.log hasn't been touched since the upgrade to 21.1.
A new --empty-- directory was made today, apparently when I attempted the upgrade:
/var/cache/opnsense-update/71076
Still at 21.1.9_1, and apparently running without problems.
Not sure whether I should follow the revert process discussed on this thread -- my symptoms are a bit different. 
Please advise.
Running on firewall appliance with Atom CPU E3845 @ 1.91GHz (4 cores).
Thanks for your help.
****Update: Successfully upgraded to 21.7, then 21.7.1, after changing mirror to NYC*BUG (HTTP, New York, US)

This problem resolved itself -- I was able, yesterday, to upgrade to 21.1, then update to 21.1.1.  I only made one change to the configuration prior to doing the upgrade, which was to set the Firewall>Settings>Advanced Disable force gateway option.  I did this to address an issue with lots of "dhcp6c transmit failed: No route to host" messages, which had the desired effect.  I have no idea whether this has anything to do with inability to properly download the upgrade files.

Thanks for your reply, Franco.  But being a newcomer here, I need a bit more instruction.  I have successfully downloaded an install file from the DC mirror with no problems.  However, I don't want to do a fresh install, I want to upgrade my current installation to 21.1.  I haven't had a problem in the past updating the 20.7 release to the terminal update 20.7.8_4.  What do I need to do differently here?

I am trying to upgrade from  20.7.8_4-amd64 to 21.1 through the web gui interface. I have repeatedly gotten the following response:
***GOT REQUEST TO UPGRADE: maj***
Fetching packages-21.1-OpenSSL-amd64.tar: .............................. failed, no signature found
***DONE***
I tried this with the source set to LeaseWeb in DC and NYC*BUG, with the same result.

CPU: Intel(R) Atom(TM) CPU E3845 @ 1.91GHz (4 cores)

Suggestions?

Thank you.

Shortly after final 20.7.8_4 update, my Ubuntu 16.04 workstation started having problems resolving domain names.  I have other Ubuntu 18.04 machines, windows machines, and android and ios machines, none of which seem to be having issues.  Attempting to look at the problem with Wireshark, I see messages of the type "standard query response 0xxxxx No such name [A or AAAA] [hostname]...." which are returned by OPNsense on DNS queries from the Ubuntu 16.04 machine, also returned by Google DNS servers 8.8.4.4 and 8.8.8.8.
Is this correct behavior?  It would seem that the flaw would be on the Ubuntu machine, since the rest of the network appears to be running properly, but I haven't changed any settings there.
If I reset the connection from the Ubuntu machine using Network Manager, DNS recovers but only for a very short time, and then stops working again.
Any debugging help would be much appreciated.

I purchased a similar device in 2017 from Protectli, but likely also made by Yangling, with AES-NI, atom e3845.  It ran pfSense, and then opnsense, until it bricked yesterday while updating opnsense.  It ran opnsense in my easy SOHO environment very nicely with much room to spare, until the untimely hardware failure.  These devices are well-suited to opnsense, but I am now uncertain about the hardware reliability.

By freeze, I mean doesn't restart. It appears to shutdown cleanly, but never comes back up.  This is what system.log has to say:
Oct  2 11:55:24 xxwall shutdown[37189]: reboot by root: 
Oct  2 11:55:24 xxwall shutdown[37189]: reboot by root: 
Oct  2 11:55:27 xxwall syslogd: exiting on signal 15
Oct  2 12:08:35 xxwall syslogd: kernel boot file is /boot/kernel/kernel
Oct  2 12:08:35 xxwall kernel: ---<<BOOT>>---

The upgrade completed and initiated a reboot at 11:55:24 -- 11:55:27.  13 minutes later, I cycled the power and the system booted normally.  In the intervening 13 minutes, the system was entirely unresponsive, although the power was on.  The network interface was not up and not responding to pings.  Nothing was written in the system log file.  I have seen the same behavior when I initiate a reboot manually from the web interface.  However if I log in using ssh and initiate a reboot from the command line with "shutdown -r now" the system shuts down and then restarts in less than 2 minutes, without cycling power:
Oct  2 12:27:07 xxwall shutdown[25295]: reboot by root: 
Oct  2 12:27:07 xxwall shutdown[25295]: reboot by root: 
Oct  2 12:27:12 xxwall syslogd: exiting on signal 15
Oct  2 12:28:39 xxwall syslogd: kernel boot file is /boot/kernel/kernel
Oct  2 12:28:39 xxwall kernel: ---<<BOOT>>---

Opnsense 2.7.2 freezes on reboot, initiated from web interface.  Recovers after waiting ~15 minutes and cycling power.
Upgraded to 2.7.3, upgrade appears to complete successfully, with reboot initiated, but system does not reboot.  Again wait 15 minutes and cycle power, and system comes back up quickly with 2.7.3 apparently successfully installed. 

Subsequently log onto system with ssh and issue "shutdown -r now", and system shuts down cleanly and comes back up quickly.

Would appreciate any suggestions about what the problem may be.  I would like to be able to keep the system firmware/software up  to date, but it makes me nervous when the install does not proceed smoothly.