Messages

Yeah the alias was disabled :P I'm a little disappointed in how long it took me to figure that one out.

I removed the redundant '10.15.4.0/24' from the 'allowed_internet' alias and this fixed the problem.

edit: never mind, this did not fix the problem.

Yeah, the rule I showed in my first post is the partial output of

Code Select Expand

pfctl -sr. I'm not sure why it looks different in /tmp/rules.debug.

Other than logging, source and label, the two rules in /tmp/rules.debug look identical to me. I'm not using Advanced Features on either of these rules, and I think not on this firewall at all.

Code Select Expand

pass in log on aINTERNAL route-to ( wan_gw ) inet from {10.15.4.52/31} to !$rfc5735 keep state label "..." # Log Pass allowed to internet
pass in on aINTERNAL route-to ( wan_gw ) inet from $allowed_internet to !$rfc5735 keep state label "..." # Pass allowed to internet

OPNsense was version 25.7.11_2 when I noticed the problem, but upgrading to 26.1.3 hasn't fixed it.

I have a floating rule that allows internet access from multiple hosts on several networks (see screenshot). It looks like this in pfctl:

Code Select Expand

pass in on aINTERNAL route-to (wan_gw) inet from <allowed_internet> to ! <rfc5735> flags S/SA keep state label "..."
For some reason, about a week ago some hosts on multiple networks lost access to internet, as if this rule stopped matching packets. One such host has the address 10.15.4.52.

As you can see in the screenshot, I copied this rule and changed only the source from the alias to the explicit network 10.15.4.52/31 and enabled logging. This enabled this specific host to access the internet and the packets are logged as expected.

As you can also see in the screenshot, I have only one block rule in the floating rules. I can confirm there are no block rules in the group or on the interface specific to that network.

And finally, you can see in the screenshot that the alias <allowed_internet> includes the 10.15.0.0/21 network.

As these rules are not quick, I also moved the new rule above the old one, and the new rule still matches, passes and logs the packet, as if the old one isn't matching.

So why did the old rule stop matching packets while the new rule matches packets that should have matched the old one? The old rule used to work, and then stopped working at some point (at least for a handful of hosts that I've tested). I can't think of an explanation except that I'm seeing some sort of bug having to do with the rule or the alias.

So I scheduled the interface reset for a few minutes after midnight, but as it turned out, OPNsense grabbed a new lease with the new IP address 1 or 2 minutes before midnight. I'm not sure what triggered it, but there must have been something on the provider's side that minimised my down time. I ended up deleting the cron job before it ran.

OPNsense 25.7.11_2

My ISP has informed me that my assigned IP address will change at midnight. Looking at /var/db/dhclient.leases.igc0 (WAN), I see that my lease is valid for a few more days.

So I set up a cron job for shortly after midnight for periodic interface reset on wan. Will this have the desired effect of renewing the lease on the WAN and pulling the new address?

Thank you for the suggestion. How did you know the pre-authentication key was expired? My hosts have expiry disabled, but I'm not sure how to check the status of the key.

Now I've updated one of these two firewalls to OPNsense 25.7.7_4 and after a reboot Tailscale is still showing no peers and is not seen on the Tailscale Admin Console. I generated a new auth key and applied it and the host is now connected again. It seems the original auth key expired or somehow became invalid, even though it was generated without expiry, and I haven't found a log on the host itelf or the Tailscale console to confirm this.

OPNsense 25.7.4-amd64
Tailscale plugin 1.2 (1.88.1)

I have multiple firewalls running Tailscale. On November 1 two of these dropped off the tailnet. The hosts are still online, but when I look at their Tailscale status it shows that the service is running, but no peers are visible. I restarted the service but it's still not connecting to the tailnet. Key expiry is disabled for these hosts and they were initially connected using a pre-authentication key.

I don't see any Tailscale logs. What's the best way to troubleshoot this before I just update the firmware and reboot without knowing?

I have a pair of firewalls that I just updated from 25.7.2 to 25.7.5. As usual, I updated the backup firewall first. After it rebooted I updated the primary firewall. After it rebooted I expected the primary firewall to become CARP master, but it didn't. I then tried temporarily disabling CARP on the backup firewall, but it just generated an error "200". I got the same error trying to enter it into CARP maintenance mode.

I suppose I could just reboot the backup firewall, but I'd prefer to know what's not working properly. How to troubleshoot this further?

edit: after a few minutes the primary resumed master role. I guess more patience is all I needed in this case.

I ran opnsense-bootstrap without options and I have a working 24.1 system now that I can upgrade from.

This host was running OPNsense 24.1.10_3, but it's in a sad state after opnsense-bootstrap failed to complete on it. I still have shell access, but the web UI is broken. It's a remote system with no console access. I'm wondering if it can be rescued.

Code Select Expand

# opnsense-bootstrap -r 25.1
This utility will attempt to turn this installation into the latest
OPNsense 25.1 release.  All packages will be deleted, the base
system and kernel will be replaced, and if all went well the system
will automatically reboot.

Proceed with this action? [y/N]: y
fetch: https://github.com/opnsense/core/archive/stable/25.1.tar.gz: size of remote file is not known
/tmp/opnsense-bootstrap/core.tar.gz                     10 MB 8995 kBps    01s
pkg: 178 packages installed
beep-1.0_2: already unlocked
boost-libs-1.84.0: already unlocked
ca_root_nss-3.93: already unlocked
choparp-20150613_1: already unlocked
cpdup-1.22_1: already unlocked
cpustats-0.1: already unlocked
curl-8.8.0: already unlocked
cyrus-sasl-2.1.28_4: already unlocked
cyrus-sasl-gssapi-2.1.28: already unlocked
dhcp6c-20240710: already unlocked
dhcrelay-0.5: already unlocked
dnsmasq-2.90_1,1: already unlocked
dpinger-3.3: already unlocked
e2fsprogs-libuuid-1.47.1: already unlocked
easy-rsa-3.1.7,1: already unlocked
expat-2.6.2: already unlocked
expiretable-0.6_3: already unlocked
filterlog-0.7_1: already unlocked
flock-2.37.2_1: already unlocked
flowd-0.9.1_5: already unlocked
gettext-runtime-0.22.5: already unlocked
git-2.45.2_1: already unlocked
glib-2.80.3,2: already unlocked
gmp-6.3.0: already unlocked
hostapd-2.10_10: already unlocked
hyperscan-5.4.2: already unlocked
icu-74.2_1,1: already unlocked
ifinfo-13.0_1: already unlocked
iftop-1.0.p4_1: already unlocked
indexinfo-0.3.1: already unlocked
iperf3-3.17.1: already unlocked
isc-dhcp44-server-4.4.3P1_1: already unlocked
ivykis-0.43.2: already unlocked
jansson-2.14: already unlocked
json-c-0.17: already unlocked
kea-2.4.1_2: already unlocked
krb5-1.21.3: already unlocked
ldns-1.8.3_1: already unlocked
libargon2-20190702_1: already unlocked
libcbor-0.11.0: already unlocked
libcjson-1.7.18_2: already unlocked
libedit-3.1.20240517,1: already unlocked
libevent-2.1.12: already unlocked
libffi-3.4.6: already unlocked
libfido2-1.15.0: already unlocked
libiconv-1.17_1: already unlocked
libidn2-2.3.7: already unlocked
libltdl-2.4.7: already unlocked
liblz4-1.9.4_1,1: already unlocked
libmcrypt-2.5.8_4: already unlocked
libnet-1.3,1: already unlocked
libnghttp2-1.62.1: already unlocked
libpfctl-0.11: already unlocked
libpsl-0.21.5_1: already unlocked
libsodium-1.0.19: already unlocked
libucl-0.9.2: already unlocked
libunistring-1.2: already unlocked
libunwind-20240221: already unlocked
libxml2-2.11.8: already unlocked
libyaml-0.2.5: already unlocked
lighttpd-1.4.76: already unlocked
log4cplus-2.1.1: already unlocked
lzo2-2.10_1: already unlocked
monit-5.33.0_1: already unlocked
mpd5-5.9_18: already unlocked
mpdecimal-4.0.0: already unlocked
nettle-3.10_1: already unlocked
nspr-4.35: already unlocked
nss-3.101: already unlocked
ntp-4.2.8p18: already unlocked
oniguruma-6.9.9: already unlocked
openldap26-client-2.6.8: already unlocked
openssh-portable-9.8.p1,1: already unlocked
openssl-3.0.14,1: already unlocked
openvpn-2.6.11: already unlocked
opnsense-24.1.10_3: already unlocked
opnsense-installer-24.1: already unlocked
opnsense-lang-23.7.11: already unlocked
opnsense-update-24.1.8: already unlocked
os-dyndns-1.27_3: already unlocked
os-iperf-1.0_1: already unlocked
p5-Error-0.17029: already unlocked
pam_opnsense-24.1: already unlocked
pcre2-10.43: already unlocked
perl5-5.36.3_1: already unlocked
pftop-0.10_1: already unlocked
php82-8.2.20: already unlocked
php82-ctype-8.2.20: already unlocked
php82-curl-8.2.20: already unlocked
php82-dom-8.2.20: already unlocked
php82-filter-8.2.20: already unlocked
php82-gettext-8.2.20: already unlocked
php82-google-api-php-client-2.4.0: already unlocked
php82-ldap-8.2.20: already unlocked
php82-mbstring-8.2.20: already unlocked
php82-pcntl-8.2.20: already unlocked
php82-pdo-8.2.20: already unlocked
php82-pear-1.10.13: already unlocked
php82-pear-Crypt_CHAP-1.5.0_1: already unlocked
php82-pecl-mcrypt-1.0.7: already unlocked
php82-pecl-radius-1.4.0b1_2: already unlocked
php82-phalcon-5.7.0: already unlocked
php82-phpseclib-3.0.36: already unlocked
php82-session-8.2.20: already unlocked
php82-simplexml-8.2.20: already unlocked
php82-sockets-8.2.20: already unlocked
php82-sqlite3-8.2.20: already unlocked
php82-xml-8.2.20: already unlocked
php82-zlib-8.2.20: already unlocked
pkcs11-helper-1.29.0_3: already unlocked
pkg-1.19.2_1: already unlocked
py311-Babel-2.14.0: already unlocked
py311-Jinja2-3.1.3: already unlocked
py311-aioquic-1.2.0: already unlocked
py311-anyio-4.4.0: already unlocked
py311-async_generator-1.10: already unlocked
py311-attrs-23.2.0: already unlocked
py311-bottleneck-1.3.8_1: already unlocked
py311-certifi-2024.7.4: already unlocked
py311-cffi-1.16.0: already unlocked
py311-charset-normalizer-3.3.2_1: already unlocked
py311-cryptography-42.0.8_1,1: already unlocked
py311-dnspython-2.6.1,1: already unlocked
py311-duckdb-1.0.0: already unlocked
py311-h11-0.14.0: already unlocked
py311-h2-4.1.0: already unlocked
py311-hpack-4.0.0: already unlocked
py311-httpcore-1.0.5: already unlocked
py311-httpx-0.27.0_1: already unlocked
py311-hyperframe-6.0.0: already unlocked
py311-idna-3.7: already unlocked
py311-markupsafe-2.1.5_1: already unlocked
py311-netaddr-1.3.0: already unlocked
py311-numexpr-2.10.1: already unlocked
py311-numpy-1.25.0_7,1: already unlocked
py311-openssl-24.1.0,1: already unlocked
py311-outcome-1.3.0_1: already unlocked
py311-packaging-24.1: already unlocked
py311-pandas-2.0.3_2,1: already unlocked
py311-pyasn1-0.6.0: already unlocked
py311-pyasn1-modules-0.4.0: already unlocked
py311-pycparser-2.22: already unlocked
py311-pylsqpack-0.3.18: already unlocked
py311-pysocks-1.7.1_1: already unlocked
py311-python-dateutil-2.9.0: already unlocked
py311-pytz-2024.1,1: already unlocked
py311-pyyaml-6.0.1: already unlocked
py311-requests-2.32.3: already unlocked
py311-service-identity-24.1.0: already unlocked
py311-setuptools-63.1.0_1: already unlocked
py311-six-1.16.0_1: already unlocked
py311-sniffio-1.3.1: already unlocked
py311-socksio-1.0.0_1: already unlocked
py311-sortedcontainers-2.4.0: already unlocked
py311-sqlite3-3.11.9_7: already unlocked
py311-trio-0.26.0: already unlocked
py311-tzdata-2024.1: already unlocked
py311-ujson-5.10.0: already unlocked
py311-urllib3-1.26.19,1: already unlocked
py311-vici-5.9.11: already unlocked
python311-3.11.9_1: already unlocked
radvd-2.19_4: already unlocked
readline-8.2.10: already unlocked
rrdtool-1.8.0_4: already unlocked
ruby-3.1.6,1: already unlocked
ruby31-gems-3.5.14: already unlocked
rubygem-rexml-3.3.1: already unlocked
rubygem-strscan-3.1.0: already unlocked
samplicator-1.3.8.r1_1: already unlocked
sqlite3-3.46.0,1: already unlocked
strongswan-5.9.14: already unlocked
sudo-1.9.15p5_4: already unlocked
suricata-7.0.6: already unlocked
syslog-ng-4.7.1: already unlocked
tailscale-1.66.4: already unlocked
unbound-1.20.0_1: already unlocked
wpa_supplicant-2.10_10: already unlocked
zip-3.0_2: already unlocked
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 178 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
beep: 1.0_2
boost-libs: 1.84.0
ca_root_nss: 3.93
choparp: 20150613_1
cpdup: 1.22_1
cpustats: 0.1
curl: 8.8.0
cyrus-sasl: 2.1.28_4
cyrus-sasl-gssapi: 2.1.28
dhcp6c: 20240710
dhcrelay: 0.5
dnsmasq: 2.90_1,1
dpinger: 3.3
e2fsprogs-libuuid: 1.47.1
easy-rsa: 3.1.7,1
expat: 2.6.2
expiretable: 0.6_3
filterlog: 0.7_1
flock: 2.37.2_1
flowd: 0.9.1_5
gettext-runtime: 0.22.5
git: 2.45.2_1
glib: 2.80.3,2
gmp: 6.3.0
hostapd: 2.10_10
hyperscan: 5.4.2
icu: 74.2_1,1
ifinfo: 13.0_1
iftop: 1.0.p4_1
indexinfo: 0.3.1
iperf3: 3.17.1
isc-dhcp44-server: 4.4.3P1_1
ivykis: 0.43.2
jansson: 2.14
json-c: 0.17
kea: 2.4.1_2
krb5: 1.21.3
ldns: 1.8.3_1
libargon2: 20190702_1
libcbor: 0.11.0
libcjson: 1.7.18_2
libedit: 3.1.20240517,1
libevent: 2.1.12
libffi: 3.4.6
libfido2: 1.15.0
libiconv: 1.17_1
libidn2: 2.3.7
libltdl: 2.4.7
liblz4: 1.9.4_1,1
libmcrypt: 2.5.8_4
libnet: 1.3,1
libnghttp2: 1.62.1
libpfctl: 0.11
libpsl: 0.21.5_1
libsodium: 1.0.19
libucl: 0.9.2
libunistring: 1.2
libunwind: 20240221
libxml2: 2.11.8
libyaml: 0.2.5
lighttpd: 1.4.76
log4cplus: 2.1.1
lzo2: 2.10_1
monit: 5.33.0_1
mpd5: 5.9_18
mpdecimal: 4.0.0
nettle: 3.10_1
nspr: 4.35
nss: 3.101
ntp: 4.2.8p18
oniguruma: 6.9.9
openldap26-client: 2.6.8
openssh-portable: 9.8.p1,1
openssl: 3.0.14,1
openvpn: 2.6.11
opnsense: 24.1.10_3
opnsense-installer: 24.1
opnsense-lang: 23.7.11
opnsense-update: 24.1.8
os-dyndns: 1.27_3
os-iperf: 1.0_1
p5-Error: 0.17029
pam_opnsense: 24.1
pcre2: 10.43
perl5: 5.36.3_1
pftop: 0.10_1
php82: 8.2.20
php82-ctype: 8.2.20
php82-curl: 8.2.20
php82-dom: 8.2.20
php82-filter: 8.2.20
php82-gettext: 8.2.20
php82-google-api-php-client: 2.4.0
php82-ldap: 8.2.20
php82-mbstring: 8.2.20
php82-pcntl: 8.2.20
php82-pdo: 8.2.20
php82-pear: 1.10.13
php82-pear-Crypt_CHAP: 1.5.0_1
php82-pecl-mcrypt: 1.0.7
php82-pecl-radius: 1.4.0b1_2
php82-phalcon: 5.7.0
php82-phpseclib: 3.0.36
php82-session: 8.2.20
php82-simplexml: 8.2.20
php82-sockets: 8.2.20
php82-sqlite3: 8.2.20
php82-xml: 8.2.20
php82-zlib: 8.2.20
pkcs11-helper: 1.29.0_3
pkg: 1.19.2_1
py311-Babel: 2.14.0
py311-Jinja2: 3.1.3
py311-aioquic: 1.2.0
py311-anyio: 4.4.0
py311-async_generator: 1.10
py311-attrs: 23.2.0
py311-bottleneck: 1.3.8_1
py311-certifi: 2024.7.4
py311-cffi: 1.16.0
py311-charset-normalizer: 3.3.2_1
py311-cryptography: 42.0.8_1,1
py311-dnspython: 2.6.1,1
py311-duckdb: 1.0.0
py311-h11: 0.14.0
py311-h2: 4.1.0
py311-hpack: 4.0.0
py311-httpcore: 1.0.5
py311-httpx: 0.27.0_1
py311-hyperframe: 6.0.0
py311-idna: 3.7
py311-markupsafe: 2.1.5_1
py311-netaddr: 1.3.0
py311-numexpr: 2.10.1
py311-numpy: 1.25.0_7,1
py311-openssl: 24.1.0,1
py311-outcome: 1.3.0_1
py311-packaging: 24.1
py311-pandas: 2.0.3_2,1
py311-pyasn1: 0.6.0
py311-pyasn1-modules: 0.4.0
py311-pycparser: 2.22
py311-pylsqpack: 0.3.18
py311-pysocks: 1.7.1_1
py311-python-dateutil: 2.9.0
py311-pytz: 2024.1,1
py311-pyyaml: 6.0.1
py311-requests: 2.32.3
py311-service-identity: 24.1.0
py311-setuptools: 63.1.0_1
py311-six: 1.16.0_1
py311-sniffio: 1.3.1
py311-socksio: 1.0.0_1
py311-sortedcontainers: 2.4.0
py311-sqlite3: 3.11.9_7
py311-trio: 0.26.0
py311-tzdata: 2024.1
py311-ujson: 5.10.0
py311-urllib3: 1.26.19,1
py311-vici: 5.9.11
python311: 3.11.9_1
radvd: 2.19_4
readline: 8.2.10
rrdtool: 1.8.0_4
ruby: 3.1.6,1
ruby31-gems: 3.5.14
rubygem-rexml: 3.3.1
rubygem-strscan: 3.1.0
samplicator: 1.3.8.r1_1
sqlite3: 3.46.0,1
strongswan: 5.9.14
sudo: 1.9.15p5_4
suricata: 7.0.6
syslog-ng: 4.7.1
tailscale: 1.66.4
unbound: 1.20.0_1
wpa_supplicant: 2.10_10
zip: 3.0_2

Number of packages to be removed: 178

The operation will free 1 GiB.
[1/178] Deinstalling opnsense-24.1.10_3...
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20150402
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160104
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160630
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20161210
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20170625
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20171219
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20180614
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20181218
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20190702
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20200119
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20200313
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210104
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210629
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20210903
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20220701
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20221213
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20230717
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20240105
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/repos/FreeBSD.conf.sample
[1/178] Deleting files for opnsense-24.1.10_3:   3%
opnsense-24.1.10_3: missing file /usr/local/etc/pkg/repos/OPNsense.conf.sample
[1/178] Deleting files for opnsense-24.1.10_3: 100%
[2/178] Deinstalling py311-dnspython-2.6.1,1...
[2/178] Deleting files for py311-dnspython-2.6.1,1: 100%
[3/178] Deinstalling py311-aioquic-1.2.0...
[3/178] Deleting files for py311-aioquic-1.2.0: 100%
[4/178] Deinstalling py311-httpx-0.27.0_1...
[4/178] Deleting files for py311-httpx-0.27.0_1: 100%
[5/178] Deinstalling py311-duckdb-1.0.0...
[5/178] Deleting files for py311-duckdb-1.0.0: 100%
[6/178] Deinstalling php82-pear-Crypt_CHAP-1.5.0_1...
uninstall ok: channel://pear.php.net/Crypt_CHAP-1.5.0
[6/178] Deleting files for php82-pear-Crypt_CHAP-1.5.0_1: 100%
[7/178] Deinstalling py311-service-identity-24.1.0...
[7/178] Deleting files for py311-service-identity-24.1.0: 100%
[8/178] Deinstalling py311-pandas-2.0.3_2,1...
[8/178] Deleting files for py311-pandas-2.0.3_2,1: 100%
[9/178] Deinstalling os-iperf-1.0_1...
[9/178] Deleting files for os-iperf-1.0_1: 100%
[10/178] Deinstalling py311-httpcore-1.0.5...
[10/178] Deleting files for py311-httpcore-1.0.5: 100%
[11/178] Deinstalling py311-openssl-24.1.0,1...
[11/178] Deleting files for py311-openssl-24.1.0,1: 100%
[12/178] Deinstalling py311-cryptography-42.0.8_1,1...
[12/178] Deleting files for py311-cryptography-42.0.8_1,1: 100%
[13/178] Deinstalling py311-bottleneck-1.3.8_1...
[13/178] Deleting files for py311-bottleneck-1.3.8_1: 100%
[14/178] Deinstalling git-2.45.2_1...
[14/178] Deleting files for git-2.45.2_1: 100%
==> You should manually remove the "git_daemon" user
==> You should manually remove the "git_daemon" group
[15/178] Deinstalling php82-curl-8.2.20...
[15/178] Deleting files for php82-curl-8.2.20: 100%
[16/178] Deinstalling rrdtool-1.8.0_4...
[16/178] Deleting files for rrdtool-1.8.0_4: 100%
[17/178] Deinstalling php82-phalcon-5.7.0...
[17/178] Deleting files for php82-phalcon-5.7.0: 100%
[18/178] Deinstalling syslog-ng-4.7.1...
[18/178] Deleting files for syslog-ng-4.7.1: 100%
[19/178] Deinstalling py311-requests-2.32.3...
[19/178] Deleting files for py311-requests-2.32.3: 100%
[20/178] Deinstalling php82-ldap-8.2.20...
[20/178] Deleting files for php82-ldap-8.2.20: 100%
[21/178] Deinstalling py311-trio-0.26.0...
[21/178] Deleting files for py311-trio-0.26.0: 100%
[22/178] Deinstalling py311-h2-4.1.0...
[22/178] Deleting files for py311-h2-4.1.0: 100%
[23/178] Deinstalling py311-numexpr-2.10.1...
[23/178] Deleting files for py311-numexpr-2.10.1: 100%
[24/178] Deinstalling rubygem-rexml-3.3.1...
[24/178] Deleting files for rubygem-rexml-3.3.1: 100%
[25/178] Deinstalling suricata-7.0.6...
[25/178] Deleting files for suricata-7.0.6: 100%
==> If you are permanently removing this port, run rm -rf /usr/local/etc/suricata to remove configuration files.
[26/178] Deinstalling strongswan-5.9.14...
[26/178] Deleting files for strongswan-5.9.14: 100%
[27/178] Deinstalling php82-pear-1.10.13...
[27/178] Deleting files for php82-pear-1.10.13: 100%
[28/178] Deinstalling py311-Jinja2-3.1.3...
[28/178] Deleting files for py311-Jinja2-3.1.3: 100%
[29/178] Deinstalling py311-sqlite3-3.11.9_7...
[29/178] Deleting files for py311-sqlite3-3.11.9_7: 100%
[30/178] Deinstalling py311-anyio-4.4.0...
[30/178] Deleting files for py311-anyio-4.4.0: 100%
[31/178] Deinstalling php82-session-8.2.20...
[31/178] Deleting files for php82-session-8.2.20: 100%
[32/178] Deinstalling py311-hyperframe-6.0.0...
[32/178] Deleting files for py311-hyperframe-6.0.0: 100%
[33/178] Deinstalling py311-numpy-1.25.0_7,1...
[33/178] Deleting files for py311-numpy-1.25.0_7,1: 100%
[34/178] Deinstalling py311-python-dateutil-2.9.0...
[34/178] Deleting files for py311-python-dateutil-2.9.0: 100%
[35/178] Deinstalling php82-zlib-8.2.20...
[35/178] Deleting files for php82-zlib-8.2.20: 100%
[36/178] Deinstalling php82-dom-8.2.20...
[36/178] Deleting files for php82-dom-8.2.20: 100%
[37/178] Deinstalling php82-simplexml-8.2.20...
[37/178] Deleting files for php82-simplexml-8.2.20: 100%
[38/178] Deinstalling py311-pyasn1-modules-0.4.0...
[38/178] Deleting files for py311-pyasn1-modules-0.4.0: 100%
[39/178] Deinstalling py311-pyyaml-6.0.1...
[39/178] Deleting files for py311-pyyaml-6.0.1: 100%
[40/178] Deinstalling php82-pdo-8.2.20...
[40/178] Deleting files for php82-pdo-8.2.20: 100%
[41/178] Deinstalling rubygem-strscan-3.1.0...
[41/178] Deleting files for rubygem-strscan-3.1.0: 100%
[42/178] Deinstalling py311-cffi-1.16.0...
[42/178] Deleting files for py311-cffi-1.16.0: 100%
[43/178] Deinstalling php82-pecl-radius-1.4.0b1_2...
[43/178] Deleting files for php82-pecl-radius-1.4.0b1_2: 100%
[44/178] Deinstalling php82-mbstring-8.2.20...
[44/178] Deleting files for php82-mbstring-8.2.20: 100%
[45/178] Deinstalling py311-pytz-2024.1,1...
[45/178] Deleting files for py311-pytz-2024.1,1: 100%
[46/178] Deinstalling py311-sortedcontainers-2.4.0...
[46/178] Deleting files for py311-sortedcontainers-2.4.0: 100%
[47/178] Deinstalling py311-vici-5.9.11...
[47/178] Deleting files for py311-vici-5.9.11: 100%
[48/178] Deinstalling py311-async_generator-1.10...
[48/178] Deleting files for py311-async_generator-1.10: 100%
[49/178] Deinstalling py311-hpack-4.0.0...
[49/178] Deleting files for py311-hpack-4.0.0: 100%
[50/178] Deinstalling php82-google-api-php-client-2.4.0...
[50/178] Deleting files for php82-google-api-php-client-2.4.0: 100%
[51/178] Deinstalling php82-sockets-8.2.20...
[51/178] Deleting files for php82-sockets-8.2.20: 100%
[52/178] Deinstalling php82-sqlite3-8.2.20...
[52/178] Deleting files for php82-sqlite3-8.2.20: 100%
[53/178] Deinstalling py311-Babel-2.14.0...
[53/178] Deleting files for py311-Babel-2.14.0: 100%
[54/178] Deinstalling py311-outcome-1.3.0_1...
[54/178] Deleting files for py311-outcome-1.3.0_1: 100%
[55/178] Deinstalling php82-pcntl-8.2.20...
[55/178] Deleting files for php82-pcntl-8.2.20: 100%
[56/178] Deinstalling php82-xml-8.2.20...
[56/178] Deleting files for php82-xml-8.2.20: 100%
[57/178] Deinstalling curl-8.8.0...
[57/178] Deleting files for curl-8.8.0: 100%
[58/178] Deinstalling py311-urllib3-1.26.19,1...
[58/178] Deleting files for py311-urllib3-1.26.19,1: 100%
[59/178] Deinstalling php82-phpseclib-3.0.36...
[59/178] Deleting files for php82-phpseclib-3.0.36: 100%
[60/178] Deinstalling php82-gettext-8.2.20...
[60/178] Deleting files for php82-gettext-8.2.20: 100%
[61/178] Deinstalling openldap26-client-2.6.8...
[61/178] Deleting files for openldap26-client-2.6.8: 100%
[62/178] Deinstalling glib-2.80.3,2...
[62/178] Deleting files for glib-2.80.3,2: 100%
[63/178] Deinstalling php82-pecl-mcrypt-1.0.7...
[63/178] Deleting files for php82-pecl-mcrypt-1.0.7: 100%
[64/178] Deinstalling py311-ujson-5.10.0...
[64/178] Deleting files for py311-ujson-5.10.0: 100%
[65/178] Deinstalling php82-ctype-8.2.20...
[65/178] Deleting files for php82-ctype-8.2.20: 100%
[66/178] Deinstalling php82-filter-8.2.20...
[66/178] Deleting files for php82-filter-8.2.20: 100%
[67/178] Deinstalling py311-h11-0.14.0...
[67/178] Deleting files for py311-h11-0.14.0: 100%
[68/178] Deinstalling unbound-1.20.0_1...
[68/178] Deleting files for unbound-1.20.0_1: 100%
[69/178] Deinstalling lighttpd-1.4.76...
[69/178] Deleting files for lighttpd-1.4.76: 100%
[70/178] Deinstalling py311-sniffio-1.3.1...
[70/178] Deleting files for py311-sniffio-1.3.1: 100%
[71/178] Deinstalling py311-pycparser-2.22...
[71/178] Deleting files for py311-pycparser-2.22: 100%
[72/178] Deinstalling py311-six-1.16.0_1...
[72/178] Deleting files for py311-six-1.16.0_1: 100%
[73/178] Deinstalling py311-charset-normalizer-3.3.2_1...
[73/178] Deleting files for py311-charset-normalizer-3.3.2_1: 100%
[74/178] Deinstalling py311-setuptools-63.1.0_1...
[74/178] Deleting files for py311-setuptools-63.1.0_1: 100%
[75/178] Deinstalling py311-idna-3.7...
[75/178] Deleting files for py311-idna-3.7: 100%
[76/178] Deinstalling cyrus-sasl-gssapi-2.1.28...
[76/178] Deleting files for cyrus-sasl-gssapi-2.1.28: 100%
[77/178] Deinstalling dnsmasq-2.90_1,1...
[77/178] Deleting files for dnsmasq-2.90_1,1: 100%
[78/178] Deinstalling py311-netaddr-1.3.0...
[78/178] Deleting files for py311-netaddr-1.3.0: 100%
[79/178] Deinstalling py311-packaging-24.1...
[79/178] Deleting files for py311-packaging-24.1: 100%
[80/178] Deinstalling py311-pysocks-1.7.1_1...
[80/178] Deleting files for py311-pysocks-1.7.1_1: 100%
[81/178] Deinstalling py311-markupsafe-2.1.5_1...
[81/178] Deleting files for py311-markupsafe-2.1.5_1: 100%
[82/178] Deinstalling libpsl-0.21.5_1...
[82/178] Deleting files for libpsl-0.21.5_1: 100%
[83/178] Deinstalling py311-attrs-23.2.0...
[83/178] Deleting files for py311-attrs-23.2.0: 100%
[84/178] Deinstalling py311-certifi-2024.7.4...
[84/178] Deleting files for py311-certifi-2024.7.4: 100%
[85/178] Deinstalling py311-tzdata-2024.1...
[85/178] Deleting files for py311-tzdata-2024.1: 100%
[86/178] Deinstalling php82-8.2.20...
[86/178] Deleting files for php82-8.2.20: 100%
[87/178] Deinstalling py311-socksio-1.0.0_1...
[87/178] Deleting files for py311-socksio-1.0.0_1: 100%
[88/178] Deinstalling openssh-portable-9.8.p1,1...
[88/178] Deleting files for openssh-portable-9.8.p1,1: 100%
[89/178] Deinstalling py311-pylsqpack-0.3.18...
[89/178] Deleting files for py311-pylsqpack-0.3.18: 100%
[90/178] Deinstalling py311-pyasn1-0.6.0...
[90/178] Deleting files for py311-pyasn1-0.6.0: 100%
[91/178] Deinstalling ruby31-gems-3.5.14...
[91/178] Deleting files for ruby31-gems-3.5.14: 100%
[92/178] Deinstalling wpa_supplicant-2.10_10...
[92/178] Deleting files for wpa_supplicant-2.10_10: 100%
[93/178] Deinstalling libidn2-2.3.7...
[93/178] Deleting files for libidn2-2.3.7: 100%
[94/178] Deinstalling nettle-3.10_1...
[94/178] Deleting files for nettle-3.10_1: 100%
[95/178] Deinstalling nss-3.101...
[95/178] Deleting files for nss-3.101: 100%
[96/178] Deinstalling openvpn-2.6.11...
[96/178] Deleting files for openvpn-2.6.11: 100%
==> You should manually remove the "openvpn" user
==> You should manually remove the "openvpn" group
[97/178] Deinstalling krb5-1.21.3...
[97/178] Deleting files for krb5-1.21.3: 100%
[98/178] Deinstalling libxml2-2.11.8...
[98/178] Deleting files for libxml2-2.11.8: 100%
[99/178] Deinstalling ruby-3.1.6,1...
[99/178] Deleting files for ruby-3.1.6,1: 100%
[100/178] Deinstalling ntp-4.2.8p18...
[100/178] Deleting files for ntp-4.2.8p18: 100%
[101/178] Deinstalling libfido2-1.15.0...
[101/178] Deleting files for libfido2-1.15.0: 100%
[102/178] Deinstalling python311-3.11.9_1...
[102/178] Deleting files for python311-3.11.9_1: 100%
[103/178] Deinstalling kea-2.4.1_2...
[103/178] Deleting files for kea-2.4.1_2: 100%
[104/178] Deinstalling opnsense-installer-24.1...
[104/178] Deleting files for opnsense-installer-24.1: 100%
[105/178] Deinstalling opnsense-update-24.1.8...
[105/178] Deleting files for opnsense-update-24.1.8: 100%
[106/178] Deinstalling hostapd-2.10_10...
[106/178] Deleting files for hostapd-2.10_10: 100%
[107/178] Deinstalling boost-libs-1.84.0...
[107/178] Deleting files for boost-libs-1.84.0: 100%
[108/178] Deinstalling monit-5.33.0_1...
[108/178] Deleting files for monit-5.33.0_1: 100%
[109/178] Deinstalling libunistring-1.2...
[109/178] Deleting files for libunistring-1.2: 100%
[110/178] Deinstalling cpdup-1.22_1...
[110/178] Deleting files for cpdup-1.22_1: 100%
[111/178] Deinstalling p5-Error-0.17029...
[111/178] Deleting files for p5-Error-0.17029: 100%
[112/178] Deinstalling libcbor-0.11.0...
[112/178] Deleting files for libcbor-0.11.0: 100%
[113/178] Deinstalling ldns-1.8.3_1...
[113/178] Deleting files for ldns-1.8.3_1: 100%
[114/178] Deinstalling tailscale-1.66.4...
[114/178] Deleting files for tailscale-1.66.4: 100%
[115/178] Deinstalling isc-dhcp44-server-4.4.3P1_1...
[115/178] Deleting files for isc-dhcp44-server-4.4.3P1_1: 100%
==> You should manually remove the "dhcpd" user.
==> You should manually remove the "dhcpd" group
[116/178] Deinstalling libevent-2.1.12...
[116/178] Deleting files for libevent-2.1.12: 100%
[117/178] Deinstalling iperf3-3.17.1...
[117/178] Deleting files for iperf3-3.17.1: 100%
[118/178] Deinstalling pkcs11-helper-1.29.0_3...
[118/178] Deleting files for pkcs11-helper-1.29.0_3: 100%
[119/178] Deinstalling gmp-6.3.0...
[119/178] Deleting files for gmp-6.3.0: 100%
[120/178] Deinstalling gettext-runtime-0.22.5...
[120/178] Deleting files for gettext-runtime-0.22.5: 100%
[121/178] Deinstalling cyrus-sasl-2.1.28_4...
[121/178] Deleting files for cyrus-sasl-2.1.28_4: 100%
To delete Cyrus user permanently, use 'pw userdel cyrus'
To delete Cyrus group permanently, use 'pw groupdel cyrus'
[122/178] Deinstalling sqlite3-3.46.0,1...
[122/178] Deleting files for sqlite3-3.46.0,1: 100%
[123/178] Deinstalling libffi-3.4.6...
[123/178] Deleting files for libffi-3.4.6: 100%
[124/178] Deinstalling readline-8.2.10...
[124/178] Deleting files for readline-8.2.10: 100%
[125/178] Deinstalling sudo-1.9.15p5_4...
[125/178] Deleting files for sudo-1.9.15p5_4: 100%
[126/178] Deinstalling pftop-0.10_1...
[126/178] Deleting files for pftop-0.10_1: 100%
[127/178] Deinstalling filterlog-0.7_1...
[127/178] Deleting files for filterlog-0.7_1: 100%
[128/178] Deinstalling flock-2.37.2_1...
[128/178] Deleting files for flock-2.37.2_1: 100%
[129/178] Deinstalling dpinger-3.3...
[129/178] Deleting files for dpinger-3.3: 100%
[130/178] Deinstalling mpdecimal-4.0.0...
[130/178] Deleting files for mpdecimal-4.0.0: 100%
[131/178] Deinstalling flowd-0.9.1_5...
[131/178] Deleting files for flowd-0.9.1_5: 100%
==> You should manually remove the "_flowd" user.
==> You should manually remove the "_flowd" group
[132/178] Deinstalling openssl-3.0.14,1...
[132/178] Deleting files for openssl-3.0.14,1: 100%
[133/178] Deinstalling libyaml-0.2.5...
[133/178] Deleting files for libyaml-0.2.5: 100%
[134/178] Deinstalling lzo2-2.10_1...
[134/178] Deleting files for lzo2-2.10_1: 100%
[135/178] Deinstalling dhcrelay-0.5...
[135/178] Deleting files for dhcrelay-0.5: 100%
[136/178] Deinstalling libiconv-1.17_1...
[136/178] Deleting files for libiconv-1.17_1: 100%
[137/178] Deinstalling json-c-0.17...
[137/178] Deleting files for json-c-0.17: 100%
[138/178] Deinstalling easy-rsa-3.1.7,1...
[138/178] Deleting files for easy-rsa-3.1.7,1: 100%
[139/178] Deinstalling choparp-20150613_1...
[139/178] Deleting files for choparp-20150613_1: 100%
[140/178] Deinstalling e2fsprogs-libuuid-1.47.1...
[140/178] Deleting files for e2fsprogs-libuuid-1.47.1: 100%
[141/178] Deinstalling cpustats-0.1...
[141/178] Deleting files for cpustats-0.1: 100%
[142/178] Deinstalling libnghttp2-1.62.1...
[142/178] Deleting files for libnghttp2-1.62.1: 100%
[143/178] Deinstalling icu-74.2_1,1...
[143/178] Deleting files for icu-74.2_1,1: 100%
[144/178] Deinstalling libmcrypt-2.5.8_4...
[144/178] Deleting files for libmcrypt-2.5.8_4: 100%
[145/178] Deinstalling dhcp6c-20240710...
[145/178] Deleting files for dhcp6c-20240710: 100%
[146/178] Deinstalling libargon2-20190702_1...
[146/178] Deleting files for libargon2-20190702_1: 100%
[147/178] Deinstalling radvd-2.19_4...
[147/178] Deleting files for radvd-2.19_4: 100%
[148/178] Deinstalling ca_root_nss-3.93...
[148/178] Deleting files for ca_root_nss-3.93: 100%
[149/178] Deinstalling os-dyndns-1.27_3...
[149/178] Deleting files for os-dyndns-1.27_3: 100%
[150/178] Deinstalling libcjson-1.7.18_2...
[150/178] Deleting files for libcjson-1.7.18_2: 100%
[151/178] Deinstalling ivykis-0.43.2...
[151/178] Deleting files for ivykis-0.43.2: 100%
[152/178] Deinstalling beep-1.0_2...
[152/178] Deleting files for beep-1.0_2: 100%
[153/178] Deinstalling libedit-3.1.20240517,1...
[153/178] Deleting files for libedit-3.1.20240517,1: 100%
[154/178] Deinstalling liblz4-1.9.4_1,1...
[154/178] Deleting files for liblz4-1.9.4_1,1: 100%
[155/178] Deinstalling iftop-1.0.p4_1...
[155/178] Deleting files for iftop-1.0.p4_1: 100%
[156/178] Deinstalling ifinfo-13.0_1...
[156/178] Deleting files for ifinfo-13.0_1: 100%
[157/178] Deinstalling libunwind-20240221...
[157/178] Deleting files for libunwind-20240221: 100%
[158/178] Deinstalling samplicator-1.3.8.r1_1...
[158/178] Deleting files for samplicator-1.3.8.r1_1: 100%
[159/178] Deinstalling log4cplus-2.1.1...
[159/178] Deleting files for log4cplus-2.1.1: 100%
[160/178] Deinstalling pcre2-10.43...
[160/178] Deleting files for pcre2-10.43: 100%
[161/178] Deinstalling nspr-4.35...
[161/178] Deleting files for nspr-4.35: 100%
[162/178] Deinstalling expiretable-0.6_3...
[162/178] Deleting files for expiretable-0.6_3: 100%
[163/178] Deinstalling jansson-2.14...
[163/178] Deleting files for jansson-2.14: 100%
[164/178] Deinstalling hyperscan-5.4.2...
[164/178] Deleting files for hyperscan-5.4.2: 100%
[165/178] Deinstalling libpfctl-0.11...
[165/178] Deleting files for libpfctl-0.11: 100%
[166/178] Deinstalling indexinfo-0.3.1...
[166/178] Deleting files for indexinfo-0.3.1: 100%
[167/178] Deinstalling pkg-1.19.2_1...
[167/178] Deleting files for pkg-1.19.2_1: 100%
[168/178] Deinstalling libnet-1.3,1...
[168/178] Deleting files for libnet-1.3,1: 100%
[169/178] Deinstalling libltdl-2.4.7...
[169/178] Deleting files for libltdl-2.4.7: 100%
[170/178] Deinstalling zip-3.0_2...
[170/178] Deleting files for zip-3.0_2: 100%
[171/178] Deinstalling mpd5-5.9_18...
[171/178] Deleting files for mpd5-5.9_18: 100%
[172/178] Deinstalling libucl-0.9.2...
[172/178] Deleting files for libucl-0.9.2: 100%
[173/178] Deinstalling libsodium-1.0.19...
[173/178] Deleting files for libsodium-1.0.19: 100%
[174/178] Deinstalling perl5-5.36.3_1...
[174/178] Deleting files for perl5-5.36.3_1: 100%
[175/178] Deinstalling oniguruma-6.9.9...
[175/178] Deleting files for oniguruma-6.9.9: 100%
[176/178] Deinstalling opnsense-lang-23.7.11...
[176/178] Deleting files for opnsense-lang-23.7.11: 100%
[177/178] Deinstalling pam_opnsense-24.1...
[177/178] Deleting files for pam_opnsense-24.1: 100%
[178/178] Deinstalling expat-2.6.2...
[178/178] Deleting files for expat-2.6.2: 100%
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-ctrl-agent.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-dhcp4.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/keactrl.conf if it is no longer needed.
You may need to manually remove /usr/local/openssl/openssl.cnf if it is no longer needed.
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
You may need to manually remove /usr/local/openssl/cert.pem if it is no longer needed.
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PHP set
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PYTHON set
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PHP set
make: "/tmp/opnsense-bootstrap/core-stable-25.1/Makefile" line 34: warning: Cannot build without CORE_PYTHON set
Bootstrapping pkg from https://pkg.opnsense.org/FreeBSD:13:amd64/25.1/latest, please wait...
pkg: Error fetching https://pkg.opnsense.org/FreeBSD:13:amd64/25.1/latest/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.


Yes, things are working much smoother with the plugin now available from a standard install.

Thanks for the replies. I didn't set up this pair and I wasn't aware FreeBSD repos were enabled. I was under pressure to complete the upgrade so I ended up booting the VMs from the 25.1 ISO and did a fresh install after importing the config file. I then upgraded to 25.1.3 and was able to reinstall the plugins with a good outcome.

If I see this again in the future I will try disabling the extra repos.