Messages

I am sorry but that is not entirely true. The opnsense dhcpd caused IP conflicts by giving out addresses that were already in use as reservations. That feels like a bug but if you are calling that expected behavior, we can agree to disagree. But even if you think dhcpd giving out reserved addresses to additional hosts and causing conflicts is a user error (because user configured a reservation from within the pool) it would improve user experience by making that clear in the help and documentation.

[edit]
Just to be clear, you are not having issues because you already know the "simple rule." Now that I do too I no longer have IP address conflicts. But since this rule is not intuitive to everyone, and I speak as someone with 25+ years IP networking experience and who has designed large-scale global networks, it would be kind to make it explicit in the online embedded help and the manual. Because opnsense will give out an address that is reserved to a random host, and then give it out a second time when the reservation-host does its DHCPREQ, causing a conflict.

[To avoid IP address conflicts, do not enter an IPv4 address that is within the pool(s).]

I know this thread is old but I am so glad I found it. I was having the exact same issue/confusion. In my 25+ years of working with dhcpd (big-iron UNIX and Linux) I have never encountered an implementation that worked this way of 1) creating IP conflicts by giving out the same address despite a reservation and 2) giving out addresses outside of the pool. To some degree this is just confusion over terminology, perhaps because I come from working with dhcpd from earlier days but I interpret these terms to mean:

• static - addresses configured on a device manually and not using dhcp
• pool - range of addresses which dhcpd can select from
• reservation - an address within the pool that will only ever be given to one and only one MAC address

I am sure we are not the only two people who run into this issue. May I humbly suggest to the maintainers that for clarity the embedded help for DHCP service should include:

• Services/DHCPv4/[interface] "Range": the pool of addresses from which DHCP will select addresses. To avoid address conflicts, there should be no static assignments or reservations within the pool(s).
• Services/DHCPv4/[interface]/Static DHCP Mapping "IP Address":
  If an IPv4 address is entered, the address must be within the interface subnet.
  To avoid IP address conflicts, do not enter an IPv4 address that is within the pool(s).
  If no IPv4 address is given, one will be dynamically allocated from the pool.

The documentation at https://docs.opnsense.org/ should also make clear how this DHCP implementation operates: The DHCP server will not respect reservations within the pool, but it can give out addresses outside of the pool; therefor reservation addresses should be outside the pool to avoid potential address conflicts.

Ok, good. Just reinstall "opnsense" package from System: Firmware: Packages tab. Or from the shell:

# opnsense-revert opnsense

That did it, thanks! Now running 21.7.2 with no issues!

EDIT: I am good to go, see below.

Please run a health audit. This doesn't look right?

> Proceed with this action? [y/N]: y

That's not how to invoke a major upgrade and also it should tell you about "21.7" which is the correct input...

Thanks. So this is probably my fault, as I deleted these files based on another post related to the signature issue...before I found this topic.

Code Select Expand


opnsense-21.1.9_1: missing file /usr/local/opnsense/firmware-message
opnsense-21.1.9_1: missing file /usr/local/opnsense/firmware-upgrade


I assume I can manually pull those files down from a mirror?

EDIT: I reinstalled the opnsense package and it replaced those files. Then I checked for an upgrade and everything went smoothly!

Thanks for the prompt reply and help!

Full health check output:

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.9_1 (amd64/OpenSSL) at Tue Sep  7 15:07:54 EDT 2021
>>> Check installed kernel version
Version 21.1.8 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.8 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: ....
opnsense-21.1.9_1: missing file /usr/local/opnsense/firmware-message
opnsense-21.1.9_1: missing file /usr/local/opnsense/firmware-upgrade
Checking all packages......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***


I have tried all of the solutions in this topic and am still stuck and my system does not see an upgrade path. I have tried a variety of mirrors.

Code Select Expand


Type opnsense
Version 21.1.9_1
Architecture amd64
Flavour OpenSSL
Commit e10896164
Mirror https://pkg.opnsense.org/FreeBSD:12:amd64/21.1
Repositories OPNsense
Updated on Wed Jul 28 11:47:08 EDT 2021
Checked on N/A

And when I run update in console or at CLI:

Code Select Expand


  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

Proceed with this action? [y/N]: y

Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/opnsense-update-21.1.8_2~7e3799d419.txz
/var/cache/pkg/opnsense-update-21.1.8_2.txz
The cleanup will free 63 KiB
Deleting files: .. done
All done
Your system is up to date.


Is there any way to see more detailed logs or otherwise troubleshoot why it cannot see the upgrade?