Messages

Issue no 1 : i recently discovered that during one of the upgrade, configs of schedule blocks have been lost. Schedule aliases still appear in firewall rules, but they don't in schedule list which is completely empty. When you click on the schedule name in the rule page, you end up in a blank schedule sheet (the schedule creation page with all fields empty).

Issue no 2 : when you want to create several time blocks on the same schedule page if you don't change the 4 time items (start H, start M, end H, end M), then whatever is shown on the screen before click on add item, is not taken into account. Ie : you created a rule for Monday from 08:30 to 20:00, Now you want to add another block for Tuesday from 09:30 to 20:00 => you select Tuesday, you change the 08 to 09 and click add-time => you get a rule from 09:00 to 23:59.

Issue no 3 : in the situation where a scheduled 8:00-21:00 was created just before and you want to create one 09:00-23:00. When you try to change the 21 to 23, you can choose the 23 in the list, but after clicking on the hour, the box stays at 21. If you reclick on the 21, you can see that in the list the 23 is highlighted (and not the 21).

Best regards

version : 16.1.16 / nano
browser : firefox

[mkdir -p /var/cache/opnsense-updatemount -t nullfs /tmp/opnsense-update /var/cache/opnsense-update]

As mentionned in 15.7 forum (https://forum.opnsense.org/index.php?topic=1241.30) there is a workaround with an additionnal USB stick used to cope with larger update.

Please note I had to change my batch file on 16.1.14 with the last 2 lines (since now upgrades seems to use also /var/cache/opnsense-update) :

mkdir -p /var/cache/pkg
fsck -y -t ufs /dev/da0p1
mount /dev/da0p1 /var/cache/pkg
mkdir -p /tmp/opnsense-update
fsck -y -t ufs /dev/da0p2
mount /dev/da0p2 /tmp/opnsense-update
mkdir -p /var/cache/opnsense-update
mount -t nullfs /tmp/opnsense-update /var/cache/opnsense-update

Best regards.

Hello,

Please note that it doesn't seem t o work (ie rc.syshook not launched at startup).

Per you instructions I've created a symlink called mymount.early in /usr/local/etc/rc.syshook.d
Launching /usr/local/etc/rc.syshook.d/mymount.early from command line works, but when booting the alix the mounts are not done and I have no error messages in /var/log/system.log.

Credentials are the following :
-rwxr-xr-x   1 root     wheel     1912 Jan 18 10:59 rc.syshook
drwxr-xr-x   2 root     wheel      512 Jan 13 20:57 rc.syshook.d

and
/usr/local/etc/rc.syshook.d:
total 4
drwxr-xr-x   2 root  wheel   512 Jan 13 20:57 .
drwxr-xr-x  27 root  wheel  3584 Jan 23 09:38 ..
lrwxr-xr-x   1 root  wheel    29 Jan 13 20:57 mymount.early -> /root/var_cache_pkg_by_FXL.sh

and content of the batch file is :
mkdir -p /var/cache/pkg
fsck -y -t ufs /dev/da0p1
mount /dev/da0p1 /var/cache/pkg
mkdir -p /tmp/opnsense-update
fsck -y -t ufs /dev/da0p2
mount /dev/da0p2 /tmp/opnsense-update

If have an idea of the problem that would be very helpfull.

Best regards.

Hello,

I've found a small bug :
The "Log packets matched from the default pass rules put in the ruleset" check box from diag_logs_settings.php works the opposite way : when enabled there is no logging, and when disabled logging is active.

Best regards.

Hello,

I discovered that dashboard page (when firewall log widget is activated) & firewall log page are verrrryyy long to load when it is requested to display log on an interface that has no entry in log.

In my case I have many entries logged for LAN and OPT1 but none for WAN (behind another fw) => if i try to display / filter firewall log entries for WAN it takes several minutes before displaying web page.

nota : "cat /var/log/filter.log | grep vr1" provides an instantaneous (and blank) answer.

Best regards.

Sorry for late feedback.

With recent upgrades I had to create 2 partitions on my USB key
/dev/da0p1 on /var/cache/pkg (ufs, local)
/dev/da0p2 on /tmp/opnsense-update (ufs, local)

Nota an unclean shutdown of my Alix recently corrupted the file system on /var/da0p1 => adding an fsck in the small batch who mounts those seems usefull.

I mounting them manuall through a simple batch file I'm launching via ssh. For sure it would be better to be able to add something in a rc file to have it launched at startup. But I don't know exactly where / how to do that (in regular linux adding a Sxx and a Kxx file in the init.d would to the trick but on freebsd I don't how to do that), nor how to do that in a location / file not touched by future upgrades.

Best regards.

Now it works, thanks a lot (kernel updates are going to /tmp/opnsense-update/...)

So I re-formated by USB key with 2 partitions (one for /var/cache/pkg et the other one for /tmp/opnsense-update), and my alix is now updating the kernel very slooooooowly.

Finally it took 21 minutes for the kernel upgrade stage followed by a 6 minutes reboot !

[/]

OK I understand.

Then another idea could be to have a different directory name while staying in /tmp :

If you would use /tmp/opnsense-update/${$} instead of /tmp/opnsense-update.${$}, then one could create a mount to a permanent slice of a USB stick for /tmp/opnsense-update

OK Thanks a lot for the reply.

Basically changing the lines
rm -rf /tmp/opnsense-update.* (somewhere at the beginning of the file)
and
WORKDIR=/tmp/opnsense-update.${$}  (somewhere in the middle of the file after the KERNEL UPDATE warning)

by
rm -rf /var/cache/pkg/opnsense-update.*
WORKDIR=/var/cache/pkg/opnsense-update.${$} 

would be great help for me while staying consistent with what the updater is doing for other packages (fetching them in /var/cache/pkg).

Regards.

Hello,

I'm back with my poor 256 Mb Alix...

To have automatic updates working, I'v plugged a 2 Gb USB key on the alix and mounted that USB key on /var/cache/pkg.

Now the point is when a kernel update is required opnsense-update uses /tmp to fetch its .txz and .obsolete files.
+ Why aren't they going in /var/cache/pkg like other .txz files ?
+ Is there a way to pass a parameter to opnsense-update to use another directory as working directory ?

Thanks for your kind advice.

Best regards.

Thanks a lot for your feedback.

Based on your advice I just switched off suricata (who any way never achieved to start completely and was failing while loading). After rebooting, df -h brings :
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ufs/OPNsense0    1.8G    783M    919M    46%    /
devfs                 1.0K    1.0K      0B   100%    /dev
tmpfs                  97M     48K     97M     0%    /tmp
tmpfs                 110M     13M     97M    12%    /var
devfs                 1.0K    1.0K      0B   100%    /var/dhcpd/dev


From you point of view what kind of minimum hardware would be required for a "nano" type of system able to run IDS ?

Thanks for your advice.

Best regards.

RAM : based on dmesg.today : "real memory  = 268435456 (256 MB)" / "avail memory = 226619392 (216 MB)"

IDS : I tried but it always fail with "kernel: pid 62902 (suricata), uid 0, was killed: out of swap space"

As far as disk space, root filesystem has 38% free / 645 Mb available which is quite large for what I'm exepcting to do (no squid cache or things like that, just firewall / dchp / dns / ntp and possibly IDS.


=> To upgrade sucessfully I had to
1) disable the "/var /mem in memory" parameter
2) reboot
3) upgrade
4) re-enable the "/var /mem in memory" parameter
5) reboot

Nota : at step 2 I had to play with my .ssh/known_host since the RSA fingerprint of the OPNsens had changed...

Suggestion : why not putting the /var/cache/pkg on disk rather than memory to ensure upgrade will work ? (this should not be written frequently ?).

Hello,

I have a recently reflashed 4 GB CF (reflashed with 15.7.11 nano 386 image). When trying to upgrade to 15.7.12 it fails with :

"pkg: Not enough space in /var/cache/pkg, needed 25 MiB available 5300 KiB"

df -h brings :
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ufs/OPNsense0    1.8G    645M    1.0G    38%    /
devfs                 1.0K    1.0K      0B   100%    /dev
tmpfs                  11M    3.5M    7.7M    31%    /tmp
tmpfs                  25M     17M    7.7M    69%    /var
devfs                 1.0K    1.0K      0B   100%    /var/dhcpd/dev

What should i do ??

Thanks for your help.

Regards

Hello,

Upgrading to 15.7.5 doesn't seem to work on Alix with 4 Gb compact flash :

From GUI :

***GOT REQUEST TO UPGRADE: all***
***STARTING UPGRADE***
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (61 candidates): .......... done
Processing candidates (61 candidates): . done
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
   opnsense: 15.7.4 -> 15.7.5

The process will require 4 KiB more space.
9 MiB to be downloaded.
Fetching opnsense-15.7.5.txz: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading opnsense from 15.7.4 to 15.7.5...
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Removing OPNsense version
You may need to manually remove /usr/local/etc/config.xml if it's no longer needed.
[1/1] Extracting opnsense-15.7.5: .......... done
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Writing OPNsense version
Stopping configd...done
Starting configd.
Flush Phalcon volt templates
Message for opnsense-15.7.5:
Follow the brave badger!
Checking integrity... done (0 conflicting)
Nothing to do.
The following package files will be deleted:
   /var/cache/pkg/opnsense-15.7.4-ddec3dfa3d.txz
   /var/cache/pkg/opnsense-15.7.4.txz
The cleanup will free 9 MiB
Deleting files: .. done
All done
Restarting webConfigurator....done.
!!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!!!
! A kernel/base upgrade is in progress. !
!  Please do not turn off the system.   !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Fetching kernel-15.7.4-i386.txz... ok
Fetching base-15.7.4-i386.txz... failed
***DONE***


Then retried from Console :

Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.       
All repositories are up-to-date.         
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.       
All repositories are up-to-date.         
Checking for upgrades (60 candidates): 100%
Processing candidates (60 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.             
Checking integrity... done (0 conflicting)
Nothing to do.                             
Nothing to do.                             

Restarting webConfigurator...done.

There are updates available.
!!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!!!
! A kernel/base upgrade is in progress. !
!  Please do not turn off the system.   !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Fetching kernel-15.7.4-i386.txz... ok
Fetching base-15.7.4-i386.txz... fetch: /tmp/opnsense-update.56118/base-15.7.4-i386.txz: No space left on device
failed


df -H in shell gives :
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ufs/OPNsense0    981M    693M    210M    77%    /
devfs                 1.0k    1.0k      0B   100%    /dev
tmpfs                  35M     24M     11M    68%    /tmp
tmpfs                  42M     31M     11M    73%    /var
devfs                 1.0k    1.0k      0B   100%    /var/dhcpd/dev

It's quite a fresh install (CF re-formated for installing 15.7.2). I don't understand why various partitions (and especially /tmp) are so small by default. Is there something I could do to increase their sizes ?

Thanks for advice.

Best regards

Thanks for reply. Basically I did a brand new fresh install based on new nano image.