Messages

For now I wound up just upgrading in place. I would like to take advantage of the snapshot function since I originally set this up in UFS instead of ZFS.

On a related note, for a test I did a brand new install in another VM and it went great. The importer method hangs at this point above though. (I'm doing this to format the drive using ZFS)

Was curious if anyone has experience with upgrading to 26.1 via the importer method on a QEMU/KVM VM.

I took a VM snapshot to revert if needed, upgraded via the importer method using attached ISO, it gets through the process and this is what it shows and I have no way to know what it's doing at this point.



Any ideas?

Did you ever resolve this?

My system log is getting flooded with the following message:

Severity:Notice | Process:kernel | UDP6: M_MCAST is set in a unicast packet.

1. What is likely to cause this?
2. How would I track down what is causing this?
3. Should I even bother?

I'll pass this on, thanks!


Cheers,
Franco

One more note: to narrow it down further after playing with it, it appears to happen when there's an interface specific rule. Another rule set I setup that doesn't use interface seems to appear normally. Maybe just a javascript repeat/cascading issue or something.

Thanks all for the feedback! There's also this one now.

https://github.com/opnsense/core/commit/87345016d4fe9aee1

And we're probably shipping all later this week in 25.7.7.


Cheers,
Franco

Thanks for 25.7.7 today! Really appreciate the teams' work on all of this. Really great.

Just wanted to note I still see an issue on the live firewall log with the rules text that is presented (not in design/color, that's fixed) but in what is displayed. For instance, I have a rule for "interface is WAN" but then subsequent rules that are related to src or port will say "src does not contain WAN" or "dstport does not contain WAN" or "protoname does not contain 'WAN'" when that's not what the rule is at all. To be clear, the rules work, but after saving them, they then appear as this when selecting a saved template.

Here's a picture:

New issue: Live log applied filter "bubble" is blank under both browsers. Filters still work, and filters may be deleted by poking where the "X" would normally be. Friggin' browsers! Heh.

Mine were "blank" when using dark mode (white text on white background), but using default theme, it shows this text in the bubbles (as an example):

Anecdotally after the most recent update, WireGuard seems to be having issues after a reboot of OPNsense now. WG clients aren't able to connect, I restart the WG service, and they're able to connect again. Easy to mitigate, but it's very manual intervention, and not sure why it started happening. Just thought I'd mention it.

I've tracked down what is happening on my simple setup (address only, no prefix) and created a PR for discussion:-

https://github.com/opnsense/dhcp6c/pull/36

Wondering if my situation over the past couple of weeks could be related, this was working before:

1. WAN pulls IPv6 fine via DHCPv6 client.
2. LAN has a static IPv6 address. Clients pull an IPv6 address via routing advertisement (managed mode) and DHCPv6 server (so I can control the address they receive). This stopped working though I noticed one day on my phone when I saw it didn't pull an IPv6 address.
3. So I dropped back versions of dhcpv6c and opnsense proper ( 24.1.8 ) as stated in the thread. This only allowed me to serve out clients via unmanaged routing advertisements and not via the DHCPv6 server I have running.

So with that background, the question is does anyone think this issue would affect the ability to use the DHCPv6 server to serve out static-mapped addresses with routing advertisements set to managed (not working) instead of unmanaged (working) as it is now?

Thanks for the quick reply! That was definitely it.

Upgraded to 24.1_1, cannot ping out to the internet now. Not sure what changed.

Pinging from OPNsense command line:

PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host

Has anyone else seen this?

I have stopped suricata, zenarmor, crowdsec, and nothing seems to help.

Upgraded yesterday and I must say: superb job! I've been up almost 24 hours and it's smooth sailing so far.

Yeah I updated mid-typing.

Update: whatever was fixed regarding IPv6, DHCPv6 and delegated prefixes in the 23.1.8 update seems to have resolved my IPv6 dropping issues. I rebooted afterward and at the very least, so far, have not had to touch it. It just works.  ;D

Understood.

Question on ZenArmor config: Do I need to use the Emulated driver for this or can I use Native?