Messages

OPNsense 25.7.11_2

My ISP has informed me that my assigned IP address will change at midnight. Looking at /var/db/dhclient.leases.igc0 (WAN), I see that my lease is valid for a few more days.

So I set up a cron job for shortly after midnight for periodic interface reset on wan. Will this have the desired effect of renewing the lease on the WAN and pulling the new address?

Thank you for the suggestion. How did you know the pre-authentication key was expired? My hosts have expiry disabled, but I'm not sure how to check the status of the key.

Now I've updated one of these two firewalls to OPNsense 25.7.7_4 and after a reboot Tailscale is still showing no peers and is not seen on the Tailscale Admin Console. I generated a new auth key and applied it and the host is now connected again. It seems the original auth key expired or somehow became invalid, even though it was generated without expiry, and I haven't found a log on the host itelf or the Tailscale console to confirm this.

OPNsense 25.7.4-amd64
Tailscale plugin 1.2 (1.88.1)

I have multiple firewalls running Tailscale. On November 1 two of these dropped off the tailnet. The hosts are still online, but when I look at their Tailscale status it shows that the service is running, but no peers are visible. I restarted the service but it's still not connecting to the tailnet. Key expiry is disabled for these hosts and they were initially connected using a pre-authentication key.

I don't see any Tailscale logs. What's the best way to troubleshoot this before I just update the firmware and reboot without knowing?

I have a pair of firewalls that I just updated from 25.7.2 to 25.7.5. As usual, I updated the backup firewall first. After it rebooted I updated the primary firewall. After it rebooted I expected the primary firewall to become CARP master, but it didn't. I then tried temporarily disabling CARP on the backup firewall, but it just generated an error "200". I got the same error trying to enter it into CARP maintenance mode.

I suppose I could just reboot the backup firewall, but I'd prefer to know what's not working properly. How to troubleshoot this further?

edit: after a few minutes the primary resumed master role. I guess more patience is all I needed in this case.

I ran opnsense-bootstrap without options and I have a working 24.1 system now that I can upgrade from.

This host was running OPNsense 24.1.10_3, but it's in a sad state after opnsense-bootstrap failed to complete on it. I still have shell access, but the web UI is broken. It's a remote system with no console access. I'm wondering if it can be rescued.

Code Select Expand

# opnsense-bootstrap -r 25.1
This utility will attempt to turn this installation into the latest
OPNsense 25.1 release.  All packages will be deleted, the base
system and kernel will be replaced, and if all went well the system
will automatically reboot.

Proceed with this action? [y/N]: y
fetch: https://github.com/opnsense/core/archive/stable/25.1.tar.gz: size of remote file is not known
/tmp/opnsense-bootstrap/core.tar.gz                     10 MB 8995 kBps    01s
pkg: 178 packages installed
beep-1.0_2: already unlocked
boost-libs-1.84.0: already unlocked
ca_root_nss-3.93: already unlocked
choparp-20150613_1: already unlocked
cpdup-1.22_1: already unlocked
cpustats-0.1: already unlocked
curl-8.8.0: already unlocked
cyrus-sasl-2.1.28_4: already unlocked
cyrus-sasl-gssapi-2.1.28: already unlocked
dhcp6c-20240710: already unlocked
dhcrelay-0.5: already unlocked
dnsmasq-2.90_1,1: already unlocked
dpinger-3.3: already unlocked
e2fsprogs-libuuid-1.47.1: already unlocked
easy-rsa-3.1.7,1: already unlocked
expat-2.6.2: already unlocked
expiretable-0.6_3: already unlocked
filterlog-0.7_1: already unlocked
flock-2.37.2_1: already unlocked
flowd-0.9.1_5: already unlocked
gettext-runtime-0.22.5: already unlocked
git-2.45.2_1: already unlocked
glib-2.80.3,2: already unlocked
gmp-6.3.0: already unlocked
hostapd-2.10_10: already unlocked
hyperscan-5.4.2: already unlocked
icu-74.2_1,1: already unlocked
ifinfo-13.0_1: already unlocked
iftop-1.0.p4_1: already unlocked
indexinfo-0.3.1: already unlocked
iperf3-3.17.1: already unlocked
isc-dhcp44-server-4.4.3P1_1: already unlocked
ivykis-0.43.2: already unlocked
jansson-2.14: already unlocked
json-c-0.17: already unlocked
kea-2.4.1_2: already unlocked
krb5-1.21.3: already unlocked
ldns-1.8.3_1: already unlocked
libargon2-20190702_1: already unlocked
libcbor-0.11.0: already unlocked
libcjson-1.7.18_2: already unlocked
libedit-3.1.20240517,1: already unlocked
libevent-2.1.12: already unlocked
libffi-3.4.6: already unlocked
libfido2-1.15.0: already unlocked
libiconv-1.17_1: already unlocked
libidn2-2.3.7: already unlocked
libltdl-2.4.7: already unlocked
liblz4-1.9.4_1,1: already unlocked
libmcrypt-2.5.8_4: already unlocked
libnet-1.3,1: already unlocked
libnghttp2-1.62.1: already unlocked
libpfctl-0.11: already unlocked
libpsl-0.21.5_1: already unlocked
libsodium-1.0.19: already unlocked
libucl-0.9.2: already unlocked
libunistring-1.2: already unlocked
libunwind-20240221: already unlocked
libxml2-2.11.8: already unlocked
libyaml-0.2.5: already unlocked
lighttpd-1.4.76: already unlocked
log4cplus-2.1.1: already unlocked
lzo2-2.10_1: already unlocked
monit-5.33.0_1: already unlocked
mpd5-5.9_18: already unlocked
mpdecimal-4.0.0: already unlocked
nettle-3.10_1: already unlocked
nspr-4.35: already unlocked
nss-3.101: already unlocked
ntp-4.2.8p18: already unlocked
oniguruma-6.9.9: already unlocked
openldap26-client-2.6.8: already unlocked
openssh-portable-9.8.p1,1: already unlocked
openssl-3.0.14,1: already unlocked
openvpn-2.6.11: already unlocked
opnsense-24.1.10_3: already unlocked
opnsense-installer-24.1: already unlocked
opnsense-lang-23.7.11: already unlocked
opnsense-update-24.1.8: already unlocked
os-dyndns-1.27_3: already unlocked
os-iperf-1.0_1: already unlocked
p5-Error-0.17029: already unlocked
pam_opnsense-24.1: already unlocked
pcre2-10.43: already unlocked
perl5-5.36.3_1: already unlocked
pftop-0.10_1: already unlocked
php82-8.2.20: already unlocked
php82-ctype-8.2.20: already unlocked
php82-curl-8.2.20: already unlocked
php82-dom-8.2.20: already unlocked
php82-filter-8.2.20: already unlocked
php82-gettext-8.2.20: already unlocked
php82-google-api-php-client-2.4.0: already unlocked
php82-ldap-8.2.20: already unlocked
php82-mbstring-8.2.20: already unlocked
php82-pcntl-8.2.20: already unlocked
php82-pdo-8.2.20: already unlocked
php82-pear-1.10.13: already unlocked
php82-pear-Crypt_CHAP-1.5.0_1: already unlocked
php82-pecl-mcrypt-1.0.7: already unlocked
php82-pecl-radius-1.4.0b1_2: already unlocked
php82-phalcon-5.7.0: already unlocked
php82-phpseclib-3.0.36: already unlocked
php82-session-8.2.20: already unlocked
php82-simplexml-8.2.20: already unlocked
php82-sockets-8.2.20: already unlocked
php82-sqlite3-8.2.20: already unlocked
php82-xml-8.2.20: already unlocked
php82-zlib-8.2.20: already unlocked
pkcs11-helper-1.29.0_3: already unlocked
pkg-1.19.2_1: already unlocked
py311-Babel-2.14.0: already unlocked
py311-Jinja2-3.1.3: already unlocked
py311-aioquic-1.2.0: already unlocked
py311-anyio-4.4.0: already unlocked
py311-async_generator-1.10: already unlocked
py311-attrs-23.2.0: already unlocked
py311-bottleneck-1.3.8_1: already unlocked
py311-certifi-2024.7.4: already unlocked
py311-cffi-1.16.0: already unlocked
py311-charset-normalizer-3.3.2_1: already unlocked
py311-cryptography-42.0.8_1,1: already unlocked
py311-dnspython-2.6.1,1: already unlocked
py311-duckdb-1.0.0: already unlocked
py311-h11-0.14.0: already unlocked
py311-h2-4.1.0: already unlocked
py311-hpack-4.0.0: already unlocked
py311-httpcore-1.0.5: already unlocked
py311-httpx-0.27.0_1: already unlocked
py311-hyperframe-6.0.0: already unlocked
py311-idna-3.7: already unlocked
py311-markupsafe-2.1.5_1: already unlocked
py311-netaddr-1.3.0: already unlocked
py311-numexpr-2.10.1: already unlocked
py311-numpy-1.25.0_7,1: already unlocked
py311-openssl-24.1.0,1: already unlocked
py311-outcome-1.3.0_1: already unlocked
py311-packaging-24.1: already unlocked
py311-pandas-2.0.3_2,1: already unlocked
py311-pyasn1-0.6.0: already unlocked
py311-pyasn1-modules-0.4.0: already unlocked
py311-pycparser-2.22: already unlocked
py311-pylsqpack-0.3.18: already unlocked
py311-pysocks-1.7.1_1: already unlocked
py311-python-dateutil-2.9.0: already unlocked
py311-pytz-2024.1,1: already unlocked
py311-pyyaml-6.0.1: already unlocked
py311-requests-2.32.3: already unlocked
py311-service-identity-24.1.0: already unlocked
py311-setuptools-63.1.0_1: already unlocked
py311-six-1.16.0_1: already unlocked
py311-sniffio-1.3.1: already unlocked
py311-socksio-1.0.0_1: already unlocked
py311-sortedcontainers-2.4.0: already unlocked
py311-sqlite3-3.11.9_7: already unlocked
py311-trio-0.26.0: already unlocked
py311-tzdata-2024.1: already unlocked
py311-ujson-5.10.0: already unlocked
py311-urllib3-1.26.19,1: already unlocked
py311-vici-5.9.11: already unlocked
python311-3.11.9_1: already unlocked
radvd-2.19_4: already unlocked
readline-8.2.10: already unlocked
rrdtool-1.8.0_4: already unlocked
ruby-3.1.6,1: already unlocked
ruby31-gems-3.5.14: already unlocked
rubygem-rexml-3.3.1: already unlocked
rubygem-strscan-3.1.0: already unlocked
samplicator-1.3.8.r1_1: already unlocked
sqlite3-3.46.0,1: already unlocked
strongswan-5.9.14: already unlocked
sudo-1.9.15p5_4: already unlocked
suricata-7.0.6: already unlocked
syslog-ng-4.7.1: already unlocked
tailscale-1.66.4: already unlocked
unbound-1.20.0_1: already unlocked
wpa_supplicant-2.10_10: already unlocked
zip-3.0_2: already unlocked
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 178 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
beep: 1.0_2
boost-libs: 1.84.0
ca_root_nss: 3.93
choparp: 20150613_1
cpdup: 1.22_1
cpustats: 0.1
curl: 8.8.0
cyrus-sasl: 2.1.28_4
cyrus-sasl-gssapi: 2.1.28
dhcp6c: 20240710
dhcrelay: 0.5
dnsmasq: 2.90_1,1
dpinger: 3.3
e2fsprogs-libuuid: 1.47.1
easy-rsa: 3.1.7,1
expat: 2.6.2
expiretable: 0.6_3
filterlog: 0.7_1
flock: 2.37.2_1
flowd: 0.9.1_5
gettext-runtime: 0.22.5
git: 2.45.2_1
glib: 2.80.3,2
gmp: 6.3.0
hostapd: 2.10_10
hyperscan: 5.4.2
icu: 74.2_1,1
ifinfo: 13.0_1
iftop: 1.0.p4_1
indexinfo: 0.3.1
iperf3: 3.17.1
isc-dhcp44-server: 4.4.3P1_1
ivykis: 0.43.2
jansson: 2.14
json-c: 0.17
kea: 2.4.1_2
krb5: 1.21.3
ldns: 1.8.3_1
libargon2: 20190702_1
libcbor: 0.11.0
libcjson: 1.7.18_2
libedit: 3.1.20240517,1
libevent: 2.1.12
libffi: 3.4.6
libfido2: 1.15.0
libiconv: 1.17_1
libidn2: 2.3.7
libltdl: 2.4.7
liblz4: 1.9.4_1,1
libmcrypt: 2.5.8_4
libnet: 1.3,1
libnghttp2: 1.62.1
libpfctl: 0.11
libpsl: 0.21.5_1
libsodium: 1.0.19
libucl: 0.9.2
libunistring: 1.2
libunwind: 20240221
libxml2: 2.11.8
libyaml: 0.2.5
lighttpd: 1.4.76
log4cplus: 2.1.1
lzo2: 2.10_1
monit: 5.33.0_1
mpd5: 5.9_18
mpdecimal: 4.0.0
nettle: 3.10_1
nspr: 4.35
nss: 3.101
ntp: 4.2.8p18
oniguruma: 6.9.9
openldap26-client: 2.6.8
openssh-portable: 9.8.p1,1
openssl: 3.0.14,1
openvpn: 2.6.11
opnsense: 24.1.10_3
opnsense-installer: 24.1
opnsense-lang: 23.7.11
opnsense-update: 24.1.8
os-dyndns: 1.27_3
os-iperf: 1.0_1
p5-Error: 0.17029
pam_opnsense: 24.1
pcre2: 10.43
perl5: 5.36.3_1
pftop: 0.10_1
php82: 8.2.20
php82-ctype: 8.2.20
php82-curl: 8.2.20
php82-dom: 8.2.20
php82-filter: 8.2.20
php82-gettext: 8.2.20
php82-google-api-php-client: 2.4.0
php82-ldap: 8.2.20
php82-mbstring: 8.2.20
php82-pcntl: 8.2.20
php82-pdo: 8.2.20
php82-pear: 1.10.13
php82-pear-Crypt_CHAP: 1.5.0_1
php82-pecl-mcrypt: 1.0.7
php82-pecl-radius: 1.4.0b1_2
php82-phalcon: 5.7.0
php82-phpseclib: 3.0.36
php82-session: 8.2.20
php82-simplexml: 8.2.20
php82-sockets: 8.2.20
php82-sqlite3: 8.2.20
php82-xml: 8.2.20
php82-zlib: 8.2.20
pkcs11-helper: 1.29.0_3
pkg: 1.19.2_1
py311-Babel: 2.14.0
py311-Jinja2: 3.1.3
py311-aioquic: 1.2.0
py311-anyio: 4.4.0
py311-async_generator: 1.10
py311-attrs: 23.2.0
py311-bottleneck: 1.3.8_1
py311-certifi: 2024.7.4
py311-cffi: 1.16.0
py311-charset-normalizer: 3.3.2_1
py311-cryptography: 42.0.8_1,1
py311-dnspython: 2.6.1,1
py311-duckdb: 1.0.0
py311-h11: 0.14.0
py311-h2: 4.1.0
py311-hpack: 4.0.0
py311-httpcore: 1.0.5
py311-httpx: 0.27.0_1
py311-hyperframe: 6.0.0
py311-idna: 3.7
py311-markupsafe: 2.1.5_1
py311-netaddr: 1.3.0
py311-numexpr: 2.10.1
py311-numpy: 1.25.0_7,1
py311-openssl: 24.1.0,1
py311-outcome: 1.3.0_1
py311-packaging: 24.1
py311-pandas: 2.0.3_2,1
py311-pyasn1: 0.6.0
py311-pyasn1-modules: 0.4.0
py311-pycparser: 2.22
py311-pylsqpack: 0.3.18
py311-pysocks: 1.7.1_1
py311-python-dateutil: 2.9.0
py311-pytz: 2024.1,1
py311-pyyaml: 6.0.1
py311-requests: 2.32.3
py311-service-identity: 24.1.0
py311-setuptools: 63.1.0_1
py311-six: 1.16.0_1
py311-sniffio: 1.3.1
py311-socksio: 1.0.0_1
py311-sortedcontainers: 2.4.0
py311-sqlite3: 3.11.9_7
py311-trio: 0.26.0
py311-tzdata: 2024.1
py311-ujson: 5.10.0
py311-urllib3: 1.26.19,1
py311-vici: 5.9.11
python311: 3.11.9_1
radvd: 2.19_4
readline: 8.2.10
rrdtool: 1.8.0_4
ruby: 3.1.6,1
ruby31-gems: 3.5.14
rubygem-rexml: 3.3.1
rubygem-strscan: 3.1.0
samplicator: 1.3.8.r1_1
sqlite3: 3.46.0,1
strongswan: 5.9.14
sudo: 1.9.15p5_4
suricata: 7.0.6
syslog-ng: 4.7.1
tailscale: 1.66.4
unbound: 1.20.0_1
wpa_supplicant: 2.10_10
zip: 3.0_2

Number of packages to be removed: 178

The operation will free 1 GiB.
[1/178] Deinstalling opnsense-24.1.10_3...
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20150402
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160104
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160630
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20161210
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20170625
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20171219
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20180614
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20181218
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20190702
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20200119
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20200313
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210104
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210629
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210903
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20220701
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20221213
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20230717
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20240105
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/repos/FreeBSD.conf.sample
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/repos/OPNsense.conf.sample
[1/178] Deleting files for opnsense-24.1.10_3: 100%
[2/178] Deinstalling py311-dnspython-2.6.1,1...
[2/178] Deleting files for py311-dnspython-2.6.1,1: 100%
[3/178] Deinstalling py311-aioquic-1.2.0...
[3/178] Deleting files for py311-aioquic-1.2.0: 100%
[4/178] Deinstalling py311-httpx-0.27.0_1...
[4/178] Deleting files for py311-httpx-0.27.0_1: 100%
[5/178] Deinstalling py311-duckdb-1.0.0...
[5/178] Deleting files for py311-duckdb-1.0.0: 100%
[6/178] Deinstalling php82-pear-Crypt_CHAP-1.5.0_1...
uninstall ok: channel://pear.php.net/Crypt_CHAP-1.5.0
[6/178] Deleting files for php82-pear-Crypt_CHAP-1.5.0_1: 100%
[7/178] Deinstalling py311-service-identity-24.1.0...
[7/178] Deleting files for py311-service-identity-24.1.0: 100%
[8/178] Deinstalling py311-pandas-2.0.3_2,1...
[8/178] Deleting files for py311-pandas-2.0.3_2,1: 100%
[9/178] Deinstalling os-iperf-1.0_1...
[9/178] Deleting files for os-iperf-1.0_1: 100%
[10/178] Deinstalling py311-httpcore-1.0.5...
[10/178] Deleting files for py311-httpcore-1.0.5: 100%
[11/178] Deinstalling py311-openssl-24.1.0,1...
[11/178] Deleting files for py311-openssl-24.1.0,1: 100%
[12/178] Deinstalling py311-cryptography-42.0.8_1,1...
[12/178] Deleting files for py311-cryptography-42.0.8_1,1: 100%
[13/178] Deinstalling py311-bottleneck-1.3.8_1...
[13/178] Deleting files for py311-bottleneck-1.3.8_1: 100%
[14/178] Deinstalling git-2.45.2_1...
[14/178] Deleting files for git-2.45.2_1: 100%
==> You should manually remove the "git_daemon" user
==> You should manually remove the "git_daemon" group
[15/178] Deinstalling php82-curl-8.2.20...
[15/178] Deleting files for php82-curl-8.2.20: 100%
[16/178] Deinstalling rrdtool-1.8.0_4...
[16/178] Deleting files for rrdtool-1.8.0_4: 100%
[17/178] Deinstalling php82-phalcon-5.7.0...
[17/178] Deleting files for php82-phalcon-5.7.0: 100%
[18/178] Deinstalling syslog-ng-4.7.1...
[18/178] Deleting files for syslog-ng-4.7.1: 100%
[19/178] Deinstalling py311-requests-2.32.3...
[19/178] Deleting files for py311-requests-2.32.3: 100%
[20/178] Deinstalling php82-ldap-8.2.20...
[20/178] Deleting files for php82-ldap-8.2.20: 100%
[21/178] Deinstalling py311-trio-0.26.0...
[21/178] Deleting files for py311-trio-0.26.0: 100%
[22/178] Deinstalling py311-h2-4.1.0...
[22/178] Deleting files for py311-h2-4.1.0: 100%
[23/178] Deinstalling py311-numexpr-2.10.1...
[23/178] Deleting files for py311-numexpr-2.10.1: 100%
[24/178] Deinstalling rubygem-rexml-3.3.1...
[24/178] Deleting files for rubygem-rexml-3.3.1: 100%
[25/178] Deinstalling suricata-7.0.6...
[25/178] Deleting files for suricata-7.0.6: 100%
==> If you are permanently removing this port, run rm -rf /usr/local/etc/suricata to remove configuration files.
[26/178] Deinstalling strongswan-5.9.14...
[26/178] Deleting files for strongswan-5.9.14: 100%
[27/178] Deinstalling php82-pear-1.10.13...
[27/178] Deleting files for php82-pear-1.10.13: 100%
[28/178] Deinstalling py311-Jinja2-3.1.3...
[28/178] Deleting files for py311-Jinja2-3.1.3: 100%
[29/178] Deinstalling py311-sqlite3-3.11.9_7...
[29/178] Deleting files for py311-sqlite3-3.11.9_7: 100%
[30/178] Deinstalling py311-anyio-4.4.0...
[30/178] Deleting files for py311-anyio-4.4.0: 100%
[31/178] Deinstalling php82-session-8.2.20...
[31/178] Deleting files for php82-session-8.2.20: 100%
[32/178] Deinstalling py311-hyperframe-6.0.0...
[32/178] Deleting files for py311-hyperframe-6.0.0: 100%
[33/178] Deinstalling py311-numpy-1.25.0_7,1...
[33/178] Deleting files for py311-numpy-1.25.0_7,1: 100%
[34/178] Deinstalling py311-python-dateutil-2.9.0...
[34/178] Deleting files for py311-python-dateutil-2.9.0: 100%
[35/178] Deinstalling php82-zlib-8.2.20...
[35/178] Deleting files for php82-zlib-8.2.20: 100%
[36/178] Deinstalling php82-dom-8.2.20...
[36/178] Deleting files for php82-dom-8.2.20: 100%
[37/178] Deinstalling php82-simplexml-8.2.20...
[37/178] Deleting files for php82-simplexml-8.2.20: 100%
[38/178] Deinstalling py311-pyasn1-modules-0.4.0...
[38/178] Deleting files for py311-pyasn1-modules-0.4.0: 100%
[39/178] Deinstalling py311-pyyaml-6.0.1...
[39/178] Deleting files for py311-pyyaml-6.0.1: 100%
[40/178] Deinstalling php82-pdo-8.2.20...
[40/178] Deleting files for php82-pdo-8.2.20: 100%
[41/178] Deinstalling rubygem-strscan-3.1.0...
[41/178] Deleting files for rubygem-strscan-3.1.0: 100%
[42/178] Deinstalling py311-cffi-1.16.0...
[42/178] Deleting files for py311-cffi-1.16.0: 100%
[43/178] Deinstalling php82-pecl-radius-1.4.0b1_2...
[43/178] Deleting files for php82-pecl-radius-1.4.0b1_2: 100%
[44/178] Deinstalling php82-mbstring-8.2.20...
[44/178] Deleting files for php82-mbstring-8.2.20: 100%
[45/178] Deinstalling py311-pytz-2024.1,1...
[45/178] Deleting files for py311-pytz-2024.1,1: 100%
[46/178] Deinstalling py311-sortedcontainers-2.4.0...
[46/178] Deleting files for py311-sortedcontainers-2.4.0: 100%
[47/178] Deinstalling py311-vici-5.9.11...
[47/178] Deleting files for py311-vici-5.9.11: 100%
[48/178] Deinstalling py311-async_generator-1.10...
[48/178] Deleting files for py311-async_generator-1.10: 100%
[49/178] Deinstalling py311-hpack-4.0.0...
[49/178] Deleting files for py311-hpack-4.0.0: 100%
[50/178] Deinstalling php82-google-api-php-client-2.4.0...
[50/178] Deleting files for php82-google-api-php-client-2.4.0: 100%
[51/178] Deinstalling php82-sockets-8.2.20...
[51/178] Deleting files for php82-sockets-8.2.20: 100%
[52/178] Deinstalling php82-sqlite3-8.2.20...
[52/178] Deleting files for php82-sqlite3-8.2.20: 100%
[53/178] Deinstalling py311-Babel-2.14.0...
[53/178] Deleting files for py311-Babel-2.14.0: 100%
[54/178] Deinstalling py311-outcome-1.3.0_1...
[54/178] Deleting files for py311-outcome-1.3.0_1: 100%
[55/178] Deinstalling php82-pcntl-8.2.20...
[55/178] Deleting files for php82-pcntl-8.2.20: 100%
[56/178] Deinstalling php82-xml-8.2.20...
[56/178] Deleting files for php82-xml-8.2.20: 100%
[57/178] Deinstalling curl-8.8.0...
[57/178] Deleting files for curl-8.8.0: 100%
[58/178] Deinstalling py311-urllib3-1.26.19,1...
[58/178] Deleting files for py311-urllib3-1.26.19,1: 100%
[59/178] Deinstalling php82-phpseclib-3.0.36...
[59/178] Deleting files for php82-phpseclib-3.0.36: 100%
[60/178] Deinstalling php82-gettext-8.2.20...
[60/178] Deleting files for php82-gettext-8.2.20: 100%
[61/178] Deinstalling openldap26-client-2.6.8...
[61/178] Deleting files for openldap26-client-2.6.8: 100%
[62/178] Deinstalling glib-2.80.3,2...
[62/178] Deleting files for glib-2.80.3,2: 100%
[63/178] Deinstalling php82-pecl-mcrypt-1.0.7...
[63/178] Deleting files for php82-pecl-mcrypt-1.0.7: 100%
[64/178] Deinstalling py311-ujson-5.10.0...
[64/178] Deleting files for py311-ujson-5.10.0: 100%
[65/178] Deinstalling php82-ctype-8.2.20...
[65/178] Deleting files for php82-ctype-8.2.20: 100%
[66/178] Deinstalling php82-filter-8.2.20...
[66/178] Deleting files for php82-filter-8.2.20: 100%
[67/178] Deinstalling py311-h11-0.14.0...
[67/178] Deleting files for py311-h11-0.14.0: 100%
[68/178] Deinstalling unbound-1.20.0_1...
[68/178] Deleting files for unbound-1.20.0_1: 100%
[69/178] Deinstalling lighttpd-1.4.76...
[69/178] Deleting files for lighttpd-1.4.76: 100%
[70/178] Deinstalling py311-sniffio-1.3.1...
[70/178] Deleting files for py311-sniffio-1.3.1: 100%
[71/178] Deinstalling py311-pycparser-2.22...
[71/178] Deleting files for py311-pycparser-2.22: 100%
[72/178] Deinstalling py311-six-1.16.0_1...
[72/178] Deleting files for py311-six-1.16.0_1: 100%
[73/178] Deinstalling py311-charset-normalizer-3.3.2_1...
[73/178] Deleting files for py311-charset-normalizer-3.3.2_1: 100%
[74/178] Deinstalling py311-setuptools-63.1.0_1...
[74/178] Deleting files for py311-setuptools-63.1.0_1: 100%
[75/178] Deinstalling py311-idna-3.7...
[75/178] Deleting files for py311-idna-3.7: 100%
[76/178] Deinstalling cyrus-sasl-gssapi-2.1.28...
[76/178] Deleting files for cyrus-sasl-gssapi-2.1.28: 100%
[77/178] Deinstalling dnsmasq-2.90_1,1...
[77/178] Deleting files for dnsmasq-2.90_1,1: 100%
[78/178] Deinstalling py311-netaddr-1.3.0...
[78/178] Deleting files for py311-netaddr-1.3.0: 100%
[79/178] Deinstalling py311-packaging-24.1...
[79/178] Deleting files for py311-packaging-24.1: 100%
[80/178] Deinstalling py311-pysocks-1.7.1_1...
[80/178] Deleting files for py311-pysocks-1.7.1_1: 100%
[81/178] Deinstalling py311-markupsafe-2.1.5_1...
[81/178] Deleting files for py311-markupsafe-2.1.5_1: 100%
[82/178] Deinstalling libpsl-0.21.5_1...
[82/178] Deleting files for libpsl-0.21.5_1: 100%
[83/178] Deinstalling py311-attrs-23.2.0...
[83/178] Deleting files for py311-attrs-23.2.0: 100%
[84/178] Deinstalling py311-certifi-2024.7.4...
[84/178] Deleting files for py311-certifi-2024.7.4: 100%
[85/178] Deinstalling py311-tzdata-2024.1...
[85/178] Deleting files for py311-tzdata-2024.1: 100%
[86/178] Deinstalling php82-8.2.20...
[86/178] Deleting files for php82-8.2.20: 100%
[87/178] Deinstalling py311-socksio-1.0.0_1...
[87/178] Deleting files for py311-socksio-1.0.0_1: 100%
[88/178] Deinstalling openssh-portable-9.8.p1,1...
[88/178] Deleting files for openssh-portable-9.8.p1,1: 100%
[89/178] Deinstalling py311-pylsqpack-0.3.18...
[89/178] Deleting files for py311-pylsqpack-0.3.18: 100%
[90/178] Deinstalling py311-pyasn1-0.6.0...
[90/178] Deleting files for py311-pyasn1-0.6.0: 100%
[91/178] Deinstalling ruby31-gems-3.5.14...
[91/178] Deleting files for ruby31-gems-3.5.14: 100%
[92/178] Deinstalling wpa_supplicant-2.10_10...
[92/178] Deleting files for wpa_supplicant-2.10_10: 100%
[93/178] Deinstalling libidn2-2.3.7...
[93/178] Deleting files for libidn2-2.3.7: 100%
[94/178] Deinstalling nettle-3.10_1...
[94/178] Deleting files for nettle-3.10_1: 100%
[95/178] Deinstalling nss-3.101...
[95/178] Deleting files for nss-3.101: 100%
[96/178] Deinstalling openvpn-2.6.11...
[96/178] Deleting files for openvpn-2.6.11: 100%
==> You should manually remove the "openvpn" user
==> You should manually remove the "openvpn" group
[97/178] Deinstalling krb5-1.21.3...
[97/178] Deleting files for krb5-1.21.3: 100%
[98/178] Deinstalling libxml2-2.11.8...
[98/178] Deleting files for libxml2-2.11.8: 100%
[99/178] Deinstalling ruby-3.1.6,1...
[99/178] Deleting files for ruby-3.1.6,1: 100%
[100/178] Deinstalling ntp-4.2.8p18...
[100/178] Deleting files for ntp-4.2.8p18: 100%
[101/178] Deinstalling libfido2-1.15.0...
[101/178] Deleting files for libfido2-1.15.0: 100%
[102/178] Deinstalling python311-3.11.9_1...
[102/178] Deleting files for python311-3.11.9_1: 100%
[103/178] Deinstalling kea-2.4.1_2...
[103/178] Deleting files for kea-2.4.1_2: 100%
[104/178] Deinstalling opnsense-installer-24.1...
[104/178] Deleting files for opnsense-installer-24.1: 100%
[105/178] Deinstalling opnsense-update-24.1.8...
[105/178] Deleting files for opnsense-update-24.1.8: 100%
[106/178] Deinstalling hostapd-2.10_10...
[106/178] Deleting files for hostapd-2.10_10: 100%
[107/178] Deinstalling boost-libs-1.84.0...
[107/178] Deleting files for boost-libs-1.84.0: 100%
[108/178] Deinstalling monit-5.33.0_1...
[108/178] Deleting files for monit-5.33.0_1: 100%
[109/178] Deinstalling libunistring-1.2...
[109/178] Deleting files for libunistring-1.2: 100%
[110/178] Deinstalling cpdup-1.22_1...
[110/178] Deleting files for cpdup-1.22_1: 100%
[111/178] Deinstalling p5-Error-0.17029...
[111/178] Deleting files for p5-Error-0.17029: 100%
[112/178] Deinstalling libcbor-0.11.0...
[112/178] Deleting files for libcbor-0.11.0: 100%
[113/178] Deinstalling ldns-1.8.3_1...
[113/178] Deleting files for ldns-1.8.3_1: 100%
[114/178] Deinstalling tailscale-1.66.4...
[114/178] Deleting files for tailscale-1.66.4: 100%
[115/178] Deinstalling isc-dhcp44-server-4.4.3P1_1...
[115/178] Deleting files for isc-dhcp44-server-4.4.3P1_1: 100%
==> You should manually remove the "dhcpd" user.
==> You should manually remove the "dhcpd" group
[116/178] Deinstalling libevent-2.1.12...
[116/178] Deleting files for libevent-2.1.12: 100%
[117/178] Deinstalling iperf3-3.17.1...
[117/178] Deleting files for iperf3-3.17.1: 100%
[118/178] Deinstalling pkcs11-helper-1.29.0_3...
[118/178] Deleting files for pkcs11-helper-1.29.0_3: 100%
[119/178] Deinstalling gmp-6.3.0...
[119/178] Deleting files for gmp-6.3.0: 100%
[120/178] Deinstalling gettext-runtime-0.22.5...
[120/178] Deleting files for gettext-runtime-0.22.5: 100%
[121/178] Deinstalling cyrus-sasl-2.1.28_4...
[121/178] Deleting files for cyrus-sasl-2.1.28_4: 100%
To delete Cyrus user permanently, use 'pw userdel cyrus'
To delete Cyrus group permanently, use 'pw groupdel cyrus'
[122/178] Deinstalling sqlite3-3.46.0,1...
[122/178] Deleting files for sqlite3-3.46.0,1: 100%
[123/178] Deinstalling libffi-3.4.6...
[123/178] Deleting files for libffi-3.4.6: 100%
[124/178] Deinstalling readline-8.2.10...
[124/178] Deleting files for readline-8.2.10: 100%
[125/178] Deinstalling sudo-1.9.15p5_4...
[125/178] Deleting files for sudo-1.9.15p5_4: 100%
[126/178] Deinstalling pftop-0.10_1...
[126/178] Deleting files for pftop-0.10_1: 100%
[127/178] Deinstalling filterlog-0.7_1...
[127/178] Deleting files for filterlog-0.7_1: 100%
[128/178] Deinstalling flock-2.37.2_1...
[128/178] Deleting files for flock-2.37.2_1: 100%
[129/178] Deinstalling dpinger-3.3...
[129/178] Deleting files for dpinger-3.3: 100%
[130/178] Deinstalling mpdecimal-4.0.0...
[130/178] Deleting files for mpdecimal-4.0.0: 100%
[131/178] Deinstalling flowd-0.9.1_5...
[131/178] Deleting files for flowd-0.9.1_5: 100%
==> You should manually remove the "_flowd" user.
==> You should manually remove the "_flowd" group
[132/178] Deinstalling openssl-3.0.14,1...
[132/178] Deleting files for openssl-3.0.14,1: 100%
[133/178] Deinstalling libyaml-0.2.5...
[133/178] Deleting files for libyaml-0.2.5: 100%
[134/178] Deinstalling lzo2-2.10_1...
[134/178] Deleting files for lzo2-2.10_1: 100%
[135/178] Deinstalling dhcrelay-0.5...
[135/178] Deleting files for dhcrelay-0.5: 100%
[136/178] Deinstalling libiconv-1.17_1...
[136/178] Deleting files for libiconv-1.17_1: 100%
[137/178] Deinstalling json-c-0.17...
[137/178] Deleting files for json-c-0.17: 100%
[138/178] Deinstalling easy-rsa-3.1.7,1...
[138/178] Deleting files for easy-rsa-3.1.7,1: 100%
[139/178] Deinstalling choparp-20150613_1...
[139/178] Deleting files for choparp-20150613_1: 100%
[140/178] Deinstalling e2fsprogs-libuuid-1.47.1...
[140/178] Deleting files for e2fsprogs-libuuid-1.47.1: 100%
[141/178] Deinstalling cpustats-0.1...
[141/178] Deleting files for cpustats-0.1: 100%
[142/178] Deinstalling libnghttp2-1.62.1...
[142/178] Deleting files for libnghttp2-1.62.1: 100%
[143/178] Deinstalling icu-74.2_1,1...
[143/178] Deleting files for icu-74.2_1,1: 100%
[144/178] Deinstalling libmcrypt-2.5.8_4...
[144/178] Deleting files for libmcrypt-2.5.8_4: 100%
[145/178] Deinstalling dhcp6c-20240710...
[145/178] Deleting files for dhcp6c-20240710: 100%
[146/178] Deinstalling libargon2-20190702_1...
[146/178] Deleting files for libargon2-20190702_1: 100%
[147/178] Deinstalling radvd-2.19_4...
[147/178] Deleting files for radvd-2.19_4: 100%
[148/178] Deinstalling ca_root_nss-3.93...
[148/178] Deleting files for ca_root_nss-3.93: 100%
[149/178] Deinstalling os-dyndns-1.27_3...
[149/178] Deleting files for os-dyndns-1.27_3: 100%
[150/178] Deinstalling libcjson-1.7.18_2...
[150/178] Deleting files for libcjson-1.7.18_2: 100%
[151/178] Deinstalling ivykis-0.43.2...
[151/178] Deleting files for ivykis-0.43.2: 100%
[152/178] Deinstalling beep-1.0_2...
[152/178] Deleting files for beep-1.0_2: 100%
[153/178] Deinstalling libedit-3.1.20240517,1...
[153/178] Deleting files for libedit-3.1.20240517,1: 100%
[154/178] Deinstalling liblz4-1.9.4_1,1...
[154/178] Deleting files for liblz4-1.9.4_1,1: 100%
[155/178] Deinstalling iftop-1.0.p4_1...
[155/178] Deleting files for iftop-1.0.p4_1: 100%
[156/178] Deinstalling ifinfo-13.0_1...
[156/178] Deleting files for ifinfo-13.0_1: 100%
[157/178] Deinstalling libunwind-20240221...
[157/178] Deleting files for libunwind-20240221: 100%
[158/178] Deinstalling samplicator-1.3.8.r1_1...
[158/178] Deleting files for samplicator-1.3.8.r1_1: 100%
[159/178] Deinstalling log4cplus-2.1.1...
[159/178] Deleting files for log4cplus-2.1.1: 100%
[160/178] Deinstalling pcre2-10.43...
[160/178] Deleting files for pcre2-10.43: 100%
[161/178] Deinstalling nspr-4.35...
[161/178] Deleting files for nspr-4.35: 100%
[162/178] Deinstalling expiretable-0.6_3...
[162/178] Deleting files for expiretable-0.6_3: 100%
[163/178] Deinstalling jansson-2.14...
[163/178] Deleting files for jansson-2.14: 100%
[164/178] Deinstalling hyperscan-5.4.2...
[164/178] Deleting files for hyperscan-5.4.2: 100%
[165/178] Deinstalling libpfctl-0.11...
[165/178] Deleting files for libpfctl-0.11: 100%
[166/178] Deinstalling indexinfo-0.3.1...
[166/178] Deleting files for indexinfo-0.3.1: 100%
[167/178] Deinstalling pkg-1.19.2_1...
[167/178] Deleting files for pkg-1.19.2_1: 100%
[168/178] Deinstalling libnet-1.3,1...
[168/178] Deleting files for libnet-1.3,1: 100%
[169/178] Deinstalling libltdl-2.4.7...
[169/178] Deleting files for libltdl-2.4.7: 100%
[170/178] Deinstalling zip-3.0_2...
[170/178] Deleting files for zip-3.0_2: 100%
[171/178] Deinstalling mpd5-5.9_18...
[171/178] Deleting files for mpd5-5.9_18: 100%
[172/178] Deinstalling libucl-0.9.2...
[172/178] Deleting files for libucl-0.9.2: 100%
[173/178] Deinstalling libsodium-1.0.19...
[173/178] Deleting files for libsodium-1.0.19: 100%
[174/178] Deinstalling perl5-5.36.3_1...
[174/178] Deleting files for perl5-5.36.3_1: 100%
[175/178] Deinstalling oniguruma-6.9.9...
[175/178] Deleting files for oniguruma-6.9.9: 100%
[176/178] Deinstalling opnsense-lang-23.7.11...
[176/178] Deleting files for opnsense-lang-23.7.11: 100%
[177/178] Deinstalling pam_opnsense-24.1...
[177/178] Deleting files for pam_opnsense-24.1: 100%
[178/178] Deinstalling expat-2.6.2...
[178/178] Deleting files for expat-2.6.2: 100%
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-ctrl-agent.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-dhcp4.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/keactrl.conf if it is no longer needed.
You may need to manually remove /usr/local/openssl/openssl.cnf if it is no longer needed.
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
You may need to manually remove /usr/local/openssl/cert.pem if it is no longer needed.
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PHP set
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PYTHON set
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PHP set
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PYTHON set
Bootstrapping pkg from https://pkg.opnsense.org/FreeBSD:13:amd64/25.1/latest, please wait...
pkg: Error fetching https://pkg.opnsense.org/FreeBSD:13:amd64/25.1/latest/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.


Yes, things are working much smoother with the plugin now available from a standard install.

Thanks for the replies. I didn't set up this pair and I wasn't aware FreeBSD repos were enabled. I was under pressure to complete the upgrade so I ended up booting the VMs from the 25.1 ISO and did a fresh install after importing the config file. I then upgraded to 25.1.3 and was able to reinstall the plugins with a good outcome.

If I see this again in the future I will try disabling the extra repos.

OPNsense 25.1.3
os-theme-advanced 1.0_1

What's the best place to report a bug in this theme package? I see the package maintainer's email address in the package info, but I don't want to email somebody directly if there's a bug tracker set up somewhere.

I see there is a bug report on OPNsense's github, but it was closed as stale and I wonder if the maintainer doesn't look there.

https://github.com/opnsense/plugins/issues/4207

I inherited a pair of firewalls running OPNsense 23.1.4_1. When I try upgrading from console or web, I get the error "Missing /usr/local/etc/pkg/repos/OPNsense.conf". I tried opnsense-bootstrap from the shell and I got this:

Code Select Expand

Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.21.3...
package pkg is already installed, forced install
Extracting pkg-1.21.3: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: 100%
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
fetch: https://github.com/opnsense/core/archive/stable/23.1.tar.gz: size of remote file is not known
/tmp/opnsense-bootstrap/core.tar.gz                   7624 kB 7826 kBps    01s
pkg: 146 packages installed
beep-1.0_1: already unlocked
Is there a way to get opnsense-bootstrap working or am I stuck doing a reinstall from iso?
I also tried opnsense-bootstrap -r 25.1 and it was similarly ineffictive.

It's not just the default pass out rule. All of the rules in this attached screenshot are pass rules.

Since upgrading to 25.1.1 (we didn't spend any time on 25.1) I'm seeing log entries that are unexpected for two reasons:

• The entry indicates a block, but the rule description indicates a pass.
• The indicated rule is not configured to be logged.

I didn't see these log entries on 24.7. Is this an expected change of behaviour?

I was tasked today with upgrading a remote firewall that was running OPNsense 21.7.8. I upgraded to 22.1 in the web UI and it upgraded and rebooted without error. Now while trying to upgrade past 22.1 I get errors.

From web UI:

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Wed Jan 15 09:40:23 MST 2025
Fetching changelog information, please wait... Missing /usr/local/etc/pkg/repos/OPNsense.conf
Repository not found: OPNsense
Updating FreeBSD repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries:
Newer FreeBSD version for package zziplib:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1304000
- running kernel: 1300523
Ignore the mismatch and continue? [y/N]: pkg: repository FreeBSD contains packages for wrong OS version: FreeBSD:13:amd64
Processing entries...
Unable to update repository FreeBSD
Error updating repositories!
pkg: Unknown repository: OPNsense
***DONE***
From shell:

Code Select Expand

# opnsense-update -u
Missing /usr/local/etc/pkg/repos/OPNsense.conf

# opnsense-bootstrap
This utility will attempt to turn this installation into the latest
OPNsense 22.1 release.  All packages will be deleted, the base
system and kernel will be replaced, and if all went well the system
will automatically reboot.

Proceed with this action? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.21.3...
package pkg is already installed, forced install
Extracting pkg-1.21.3: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: 100%
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
/tmp/opnsense-bootstrap/core.tar.gz                   7508 kB 9443 kBps    01s
pkg: 139 packages installed
beep-1.0_1: already unlocked
I also tried a health check from the GUI:

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Wed Jan 15 09:46:54 MST 2025
>>> Check installed kernel version
Version 22.1 is correct.
Unverified consistency check for kernel: invalid /usr/local/opnsense/version/kernel.mtree.sig
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1 is correct.
Unverified consistency check for base: invalid /usr/local/opnsense/version/base.mtree.sig
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages:
ca_root_nss-3.104: checksum mismatch for /etc/ssl/cert.pem
Checking all packages.......
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20150402
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160104
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160630
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20161210
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20170625
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20171219
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20180614
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20181218
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20190702
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20200119
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20200313
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210104
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20210629
opnsense-22.1: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20210903
opnsense-22.1: missing file /usr/local/etc/pkg/repos/FreeBSD.conf.sample
opnsense-22.1: missing file /usr/local/etc/pkg/repos/OPNsense.conf.sample
Checking all packages......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.104 repository mismatch: FreeBSD
ca_root_nss-3.104 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dhcpleases-0.2 has no upstream equivalent
Checking packages: .
dnsmasq-2.86_2,1 has no upstream equivalent
Checking packages: .
dpinger-3.0 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.2P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.2P1_1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.63 has no upstream equivalent
Checking packages: .
monit-5.29.0_1 has no upstream equivalent
Checking packages: .
mpd5-5.9_6 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_4 has no upstream equivalent
Checking packages: .
openssh-portable-8.8.p1_1,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1m_1,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.5 has no upstream equivalent
Checking packages: .
opnsense-22.1 has no upstream equivalent
Checking packages: .
opnsense-installer-22.1 has no upstream equivalent
Checking packages: .
opnsense-lang-21.7.8 has no upstream equivalent
Checking packages: .
opnsense-update-22.1 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.7_9 has no upstream equivalent
Checking packages: .
php74-ctype-7.4.27 has no upstream equivalent
Checking packages: .
php74-curl-7.4.27 has no upstream equivalent
Checking packages: .
php74-dom-7.4.27 has no upstream equivalent
Checking packages: .
php74-filter-7.4.27 has no upstream equivalent
Checking packages: .
php74-gettext-7.4.27 has no upstream equivalent
Checking packages: .
php74-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php74-json-7.4.27 has no upstream equivalent
Checking packages: .
php74-ldap-7.4.27 has no upstream equivalent
Checking packages: .
php74-openssl-7.4.27 has no upstream equivalent
Checking packages: .
php74-pdo-7.4.27 has no upstream equivalent
Checking packages: .
php74-pecl-radius-1.4.0b1_1 has no upstream equivalent
Checking packages: .
php74-phalcon4-4.1.3 has no upstream equivalent
Checking packages: .
php74-phpseclib-2.0.35 has no upstream equivalent
Checking packages: .
php74-session-7.4.27 has no upstream equivalent
Checking packages: .
php74-simplexml-7.4.27 has no upstream equivalent
Checking packages: .
php74-sockets-7.4.27 has no upstream equivalent
Checking packages: .
php74-sqlite3-7.4.27 has no upstream equivalent
Checking packages: .
php74-xml-7.4.27 has no upstream equivalent
Checking packages: .
php74-zlib-7.4.27 has no upstream equivalent
Checking packages: .
pkg-1.21.3 repository mismatch: unknown-repository
pkg-1.21.3 has no upstream equivalent
Checking packages: .
py38-Jinja2-3.0.1 has no upstream equivalent
Checking packages: .
py38-dnspython2-2.2.0 has no upstream equivalent
Checking packages: .
py38-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py38-requests-2.25.1 has no upstream equivalent
Checking packages: .
py38-sqlite3-3.8.12_7 has no upstream equivalent
Checking packages: .
py38-ujson-5.0.0 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.7.2_4 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-4.15 has no upstream equivalent
Checking packages: .
strongswan-5.9.4 has no upstream equivalent
Checking packages: .
sudo-1.9.8p2 has no upstream equivalent
Checking packages: .
suricata-6.0.4_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.35.1 has no upstream equivalent
Checking packages: .
unbound-1.14.0 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***
Where do I go from here? I'm off site, so any remote rescue option is preferred at this point and the firewall is still running and accesscible. If I brick the thing I can get remote hands, but I'd prefer not to delegate a fresh install from USB if I can avoid it.

To reproduce (tested on OPNsene 24.7.9_1 and Windows NPS):

• Configure a pair of OPNsense hosts in HA and set "Auth Servers" to sync in System: High Availability: Settings
• Configure a RADIUS server in System: Access: Servers
• Configure a RADIUS server and add both OPNsense hosts as clients
• Synchronise config to backup in System: High Availability: Status
• Attempt to log into configuration master with a RADIUS account, then into the peer

Result:
The RADIUS logs will show two login attempts, one from each client, and both with identical NAS Identifier. Even if the first login attempt is successful, the second one will fail due to the duplicated NAS ID.

Expected Result:
If I use HA/XMLRPC sync to keep my Authentication Server settings synchronised between two hosts, the NAS ID should not be copied.

Recommended Change:
The second peer should have some mechanism to generate its own unique NAS ID if a RADIUS server is created by XMLRPC sync.