"
This morning I updated to 25.1 and the firewall was not restarted. I logged in with ssh and restarted from menu "6) Reboot" option and then I saw a process that prevented the restart. I connected from another console by ssh and killed the process monit which was the process that prevented restarting. Finally, the firewall has been restarted and seems to working as expected.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
23.1 Legacy Series / Re: 23.1.7 - Aliases issue
September 19, 2023, 10:05:23 AM
This morning I upgraded to 23.1.11 and all went fine. The deleted/renamed aliases are not present now without doing nothing special. After the upgrade and rebooted the firewall all is working as expected.
#3
23.1 Legacy Series / Re: 23.1.7 - Aliases issue
September 14, 2023, 11:54:42 AM
I will try this solution as soon as I can.
Thanks
Thanks
#4
23.1 Legacy Series / 23.1.7 - Aliases issue
September 12, 2023, 03:29:16 PM
Our firewall is on 23.1.7 version. Yesterday I created a Host(s) alias OriginalAlias with one IP for testing. I created then some rules to deny connections from this IP. Today I renamed OriginalAlias to RenamedAlias then I deleted the firewall rules.
Now in Firewall: Diagnostics: Aliases I can see listed both aliases OriginalAlias and RenamedAlias. I have to restart something?.
Listing the /var/db/aliastables folder I can see in it both alias *.txt files. In a config backup file there is only the RenamedAlias.
I read in the forum that I can use /usr/local/opnsense/scripts/filter/update_tables.py to renew the /var/db/aliastables folder content. It's safe to run this command?
I'm planning to upgrade the firewall Thursday to the latest version and I don't want to have problems with a configuration error during the update.
Now in Firewall: Diagnostics: Aliases I can see listed both aliases OriginalAlias and RenamedAlias. I have to restart something?.
Listing the /var/db/aliastables folder I can see in it both alias *.txt files. In a config backup file there is only the RenamedAlias.
I read in the forum that I can use /usr/local/opnsense/scripts/filter/update_tables.py to renew the /var/db/aliastables folder content. It's safe to run this command?
I'm planning to upgrade the firewall Thursday to the latest version and I don't want to have problems with a configuration error during the update.
#5
23.1 Legacy Series / Upgrade to OPNsense 23.1.7_3-amd64
May 24, 2023, 04:29:45 PM
This morning I upgraded to OPNsense 23.1.7_3-amd64 - FreeBSD 13.1-RELEASE-p7 - OpenSSL 1.1.1t 7 Feb 2023 from 23.1.4.
After a few hours the firewall is still working as expected, zero errors during the upgrade.
8) 8) 8)
After a few hours the firewall is still working as expected, zero errors during the upgrade.
8) 8) 8)
#6
23.1 Legacy Series / Re: [SOLVED] Cannot update to lastest patches
March 22, 2023, 07:20:18 AM
I just upgraded the OPNSense box to 23.1.4 and it seems that all is working as expected for now.
Many thaks Franco
Many thaks Franco
#7
23.1 Legacy Series / [SOLVED] Re: Cannot update to lastest patches
March 21, 2023, 03:16:44 PM
I was missing this config as explained in this topic https://forum.opnsense.org/index.php?topic=32539.msg158377#msg158377
I had to disable HW Offload checkboxes and re-enable IPS mode and it now works. Tomorrow morning I'll do the pending updates.
I had to disable HW Offload checkboxes and re-enable IPS mode and it now works. Tomorrow morning I'll do the pending updates.
#8
23.1 Legacy Series / Re: Cannot update to lastest patches
March 21, 2023, 09:16:06 AM
I stopped Intrusion detection and updates seems to work now. Enabling Intrusion detections with IPS Mode disabled seems to work too.
I'll try to upgrade later.
I'll try to upgrade later.
#9
23.1 Legacy Series / Re: Cannot update to lastest patches
March 21, 2023, 08:56:09 AM
More info from Health Audit
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1_6 at Tue Mar 21 08:54:39 CET 2023
>>> Check installed kernel version
Version 23.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-clamav 1.8
os-ddclient 1.9_2
os-dmidecode 1.1_1
os-dyndns 1.27_3
os-net-snmp 1.5_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.87 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dnsmasq-2.88_1,1 has no upstream equivalent
Checking packages: .
dpinger-3.2 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10_5 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.3P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.3P1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.67 has no upstream equivalent
Checking packages: .
monit-5.32.0 has no upstream equivalent
Checking packages: .
mpd5-5.9_13 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_5 has no upstream equivalent
Checking packages: .
openssh-portable-8.9.p1_4,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1s,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.8 has no upstream equivalent
Checking packages: .
opnsense-23.1_6 has no upstream equivalent
Checking packages: .
opnsense-installer-23.1 has no upstream equivalent
Checking packages: .
opnsense-lang-22.7.3 has no upstream equivalent
Checking packages: .
opnsense-update-23.1 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.8_2 has no upstream equivalent
Checking packages: .
php81-ctype-8.1.14 has no upstream equivalent
Checking packages: .
php81-curl-8.1.14 has no upstream equivalent
Checking packages: .
php81-dom-8.1.14 has no upstream equivalent
Checking packages: .
php81-filter-8.1.14 has no upstream equivalent
Checking packages: .
php81-gettext-8.1.14 has no upstream equivalent
Checking packages: .
php81-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php81-ldap-8.1.14 has no upstream equivalent
Checking packages: .
php81-pdo-8.1.14 has no upstream equivalent
Checking packages: .
php81-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php81-phalcon-5.1.4 has no upstream equivalent
Checking packages: .
php81-phpseclib-3.0.18 has no upstream equivalent
Checking packages: .
php81-session-8.1.14 has no upstream equivalent
Checking packages: .
php81-simplexml-8.1.14 has no upstream equivalent
Checking packages: .
php81-sockets-8.1.14 has no upstream equivalent
Checking packages: .
php81-sqlite3-8.1.14 has no upstream equivalent
Checking packages: .
php81-xml-8.1.14 has no upstream equivalent
Checking packages: .
php81-zlib-8.1.14 has no upstream equivalent
Checking packages: .
pkg-1.19.1_1 has no upstream equivalent
Checking packages: .
py39-Jinja2-3.1.2 has no upstream equivalent
Checking packages: .
py39-dnspython-2.2.1_1,1 has no upstream equivalent
Checking packages: .
py39-duckdb-0.6.1 has no upstream equivalent
Checking packages: .
py39-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py39-numpy-1.23.5_1,1 has no upstream equivalent
Checking packages: .
py39-pandas-1.5.1,1 has no upstream equivalent
Checking packages: .
py39-requests-2.28.1_1 has no upstream equivalent
Checking packages: .
py39-sqlite3-3.9.16_7 has no upstream equivalent
Checking packages: .
py39-ujson-5.0.0 has no upstream equivalent
Checking packages: .
py39-vici-5.9.9 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.8.0_2 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-5.7 has no upstream equivalent
Checking packages: .
strongswan-5.9.9_1 has no upstream equivalent
Checking packages: .
sudo-1.9.12p2 has no upstream equivalent
Checking packages: .
suricata-6.0.9_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.38.1 has no upstream equivalent
Checking packages: .
unbound-1.17.1_1 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10_6 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***
#10
23.1 Legacy Series / Re: Cannot update to lastest patches
March 21, 2023, 08:53:23 AMCode Select
System: Firmware
Status
Settings
Changelog
Updates
Plugins
Packages
Type opnsense
Version 23.1_6
Architecture amd64
Flavour OpenSSL
Commit 6621e1999
Mirror https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Repositories OPNsense
Updated on Tue Mar 21 06:57:11 CET 2023
Checked on N/A
#11
23.1 Legacy Series / Re: Cannot update to lastest patches
March 21, 2023, 08:48:20 AM
I can ping to pkg.opnsense.org from console.
Code Select
ping pkg.opnsense.org
PING pkg.opnsense.org (89.149.211.205): 56 data bytes
64 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=58.724 ms
64 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=59.299 ms
64 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=59.112 ms
64 bytes from 89.149.211.205: icmp_seq=3 ttl=50 time=58.237 ms
64 bytes from 89.149.211.205: icmp_seq=4 ttl=50 time=58.720 ms
64 bytes from 89.149.211.205: icmp_seq=5 ttl=50 time=59.095 ms
64 bytes from 89.149.211.205: icmp_seq=6 ttl=50 time=58.481 ms
64 bytes from 89.149.211.205: icmp_seq=7 ttl=50 time=58.477 ms
64 bytes from 89.149.211.205: icmp_seq=8 ttl=50 time=59.455 ms
64 bytes from 89.149.211.205: icmp_seq=9 ttl=50 time=58.424 ms
64 bytes from 89.149.211.205: icmp_seq=10 ttl=50 time=58.432 ms
64 bytes from 89.149.211.205: icmp_seq=11 ttl=50 time=58.549 ms
64 bytes from 89.149.211.205: icmp_seq=12 ttl=50 time=65.933 ms
64 bytes from 89.149.211.205: icmp_seq=13 ttl=50 time=58.496 ms
64 bytes from 89.149.211.205: icmp_seq=14 ttl=50 time=58.185 ms
64 bytes from 89.149.211.205: icmp_seq=15 ttl=50 time=59.128 ms
64 bytes from 89.149.211.205: icmp_seq=16 ttl=50 time=59.122 ms
64 bytes from 89.149.211.205: icmp_seq=17 ttl=50 time=59.091 ms
64 bytes from 89.149.211.205: icmp_seq=18 ttl=50 time=58.743 ms
^C
--- pkg.opnsense.org ping statistics ---
19 packets transmitted, 19 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 58.185/59.142/65.933/1.641 ms
#12
23.1 Legacy Series / [SOLVED] Cannot update to lastest patches
March 21, 2023, 08:41:54 AM
I upgraded to OPNSense 23.1 and I get this errors in audit connectivity.
Suricata emerging rules not updating
Suricata emerging rules not updating
Code Select
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1_6 at Tue Mar 21 08:13:21 CET 2023
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=59.467 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=62.226 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=59.678 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=50 time=59.301 ms
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.301/60.168/62.226/1.196 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
#13
22.7 Legacy Series / Re: Upgrade to 22.7.7/8 from 22.7.6
November 30, 2022, 11:20:19 AM
Anyone can answer this question post, I'ts safe to upgrade with this audit results?.
#14
22.7 Legacy Series / Upgrade to 22.7.7/8 from 22.7.6
November 21, 2022, 03:17:20 PM
Our firewall runs on version OPNsense 22.7.6 (amd64/OpenSSL). I made an audit Health and connectivity and I get this results.
My question is, it's safe to upgrade to the lastest version?.
My question is, it's safe to upgrade to the lastest version?.
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.6 (amd64/OpenSSL) at Mon Nov 21 15:09:19 CET 2022
>>> Check installed kernel version
Version 22.7.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-clamav 1.7_1
os-ddclient 1.9
os-dmidecode 1.1_1
os-dyndns 1.27_3
os-net-snmp 1.5_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ...................
mpd5-5.9_11 version mismatch, expected 5.9_12
Checking packages: ...
openssl-1.1.1q,1 version mismatch, expected 1.1.1s,1
Checking packages: .
openvpn-2.5.7 version mismatch, expected 2.5.8
Checking packages: .
opnsense-22.7.6 version mismatch, expected 22.7.8
Checking packages: ...
opnsense-update-22.7.5 version mismatch, expected 22.7.7
Checking packages: ...
php80-ctype-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-curl-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-dom-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-filter-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-gettext-8.0.24 version mismatch, expected 8.0.25
Checking packages: ..
php80-ldap-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-pdo-8.0.24 version mismatch, expected 8.0.25
Checking packages: ..
php80-phalcon-5.0.3 version mismatch, expected 5.1.1
Checking packages: ..
php80-session-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-simplexml-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-sockets-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-sqlite3-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-xml-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-zlib-8.0.24 version mismatch, expected 8.0.25
Checking packages: ..
py39-Jinja2-3.0.1 version mismatch, expected 3.1.2
Checking packages: ....
py39-sqlite3-3.9.14_7 version mismatch, expected 3.9.15_7
Checking packages: .......
strongswan-5.9.8 version mismatch, expected 5.9.8_1
Checking packages: .
sudo-1.9.11p3 version mismatch, expected 1.9.12p1
Checking packages: .
suricata-6.0.8 version mismatch, expected 6.0.8_1
Checking packages: ..
unbound-1.16.3 version mismatch, expected 1.17.0
Checking packages: .. done
***DONE***
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.6 (amd64/OpenSSL) at Mon Nov 21 15:13:12 CET 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=60.162 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=60.108 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=59.890 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=50 time=60.095 ms
--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.890/60.064/60.162/0.103 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 809 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
#15
22.7 Legacy Series / Re: Upgraded to 22.7.4 now unable to check for updates
October 20, 2022, 08:08:00 AM
I upgraded today to 22.7.6 and then deactivated the NAT Rule and connections to internet from local box are working now.
Connectivity audits and check for updates ara working too.
Franco, If you need something that can help to debug this errors, how can I help?
Connectivity audits and check for updates ara working too.
Franco, If you need something that can help to debug this errors, how can I help?
