Messages

Hi,

there is a way via CLI:

Code Select Expand

$ configctl interface carp_set_status maintenance

This toggles the maintenance mode on / off, depending on the previous state.

If you want to find out more about the options of this command, look at /usr/local/opnsense/scripts/interfaces/carp_set_status.php .

Best regards,
Ian

Changing from flavour 'latest' to 'default' updated the mirror again, now everything works :)

I was running business edition 22.10 but had some problems, so I wanted to test 23.1.6.

Went ahead and changed to community, also removing the subscription and changing the mirror.

Downgraded to 22.7, then upgraded to 23.1.6.

Now it seems OPNsense still remembers my subscription key, and tries to upgrade to 23.4, which doesn't exists, and especially doesn't exists on the new mirror.

I tried this

Code Select Expand


cat /var/cache/opnsense-update/61111/OPNsense.conf > /usr/local/etc/pkg/repos/OPNsense.conf

, as the

Code Select Expand

/usr/local/etc/pkg/repos/OPNsense.conf still contained the mirror with the subscription key.

The output of trying to update was:

Code Select Expand


***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.6 at Fri Apr 21 13:04:11 CEST 2023
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 819 packages processed.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (147 candidates): .......... done
Processing candidates (147 candidates): .......... done
Checking integrity... done (0 conflicting)
The following 147 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
beep-1.0_1
ca_root_nss-3.89
choparp-20150613
cpdup-1.22
cpustats-0.1
curl-8.0.1
cyrus-sasl-2.1.28
cyrus-sasl-gssapi-2.1.28
dhcp6c-20200512_1
dmidecode-3.5
dnsmasq-2.89_1,1
dpinger-3.3
e2fsprogs-libuuid-1.47.0
expat-2.5.0
expiretable-0.6_2
filterlog-0.7
flock-2.37.2
flowd-0.9.1_3
gettext-runtime-0.21.1
git-2.40.0
glib-2.76.1,2
gmp-6.2.1
hostapd-2.10_5
hyperscan-5.4.0
icu-73.1,1
ifinfo-13.0_1
iftop-1.0.p4
indexinfo-0.3.1
iperf3-3.13
isc-dhcp44-relay-4.4.3P1
isc-dhcp44-server-4.4.3P1
jansson-2.14
json-c-0.16
krb5-1.20.1
ldns-1.8.3
libargon2-20190702
libcbor-0.10.2
libcjson-1.7.15_1
libedit-3.1.20221030,1
libevent-2.1.12
libffi-3.4.4
libfido2-1.13.0
libiconv-1.17
libidn2-2.3.4
liblz4-1.9.4,1
libnet-1.2,1
libnghttp2-1.52.0
libpsl-0.21.2_3
libsodium-1.0.18
libucl-0.8.2
libunistring-1.1
libunwind-20211201_2
libxml2-2.10.3_2
libyaml-0.2.5
lighttpd-1.4.69
lzo2-2.10_1
monit-5.33.0
mpd5-5.9_14
mpdecimal-2.5.1
nettle-3.8.1
node_exporter-1.5.0_5
nspr-4.35
nss-3.89
ntp-4.2.8p15_5
oniguruma-6.9.8_1
openldap26-client-2.6.4
openssh-portable-9.2.p1,1
openssl-1.1.1t_2,1
openvpn-2.5.8
opnsense-23.1.6
opnsense-installer-23.1
opnsense-lang-22.7.3
opnsense-update-23.1.6
os-dmidecode-1.1_1
os-git-backup-1.0_3
os-iperf-1.0_1
os-node_exporter-1.1
p5-Error-0.17029
pam_opnsense-19.1.3
pcre-8.45_3
pcre2-10.42
perl5-5.32.1_3
pftop-0.8_2
php81-8.1.18
php81-ctype-8.1.18
php81-curl-8.1.18
php81-dom-8.1.18
php81-filter-8.1.18
php81-gettext-8.1.18
php81-google-api-php-client-2.4.0
php81-ldap-8.1.18
php81-mbstring-8.1.18
php81-pdo-8.1.18
php81-pecl-radius-1.4.0b1_2
php81-phalcon-5.2.1
php81-phpseclib-3.0.19
php81-session-8.1.18
php81-simplexml-8.1.18
php81-sockets-8.1.18
php81-sqlite3-8.1.18
php81-xml-8.1.18
php81-zlib-8.1.18
pkg-1.19.1_1
py39-Babel-2.12.1
py39-Jinja2-3.1.2
py39-bottleneck-1.3.7
py39-certifi-2022.12.7
py39-cffi-1.15.1
py39-charset-normalizer-3.1.0
py39-cryptography-3.4.8_1,1
py39-cython-0.29.34
py39-dateutil-2.8.2
py39-dnspython-2.3.0,1
py39-duckdb-0.6.1
py39-idna-3.4_1
py39-markupsafe-2.1.2
py39-netaddr-0.8.0
py39-numexpr-2.8.4
py39-numpy-1.24.1,1
py39-openssl-20.0.1,1
py39-pandas-1.5.3,1
py39-pycparser-2.21
py39-pysocks-1.7.1
py39-pytz-2022.7,1
py39-requests-2.28.2
py39-setuptools-63.1.0
py39-six-1.16.0
py39-sqlite3-3.9.16_7
py39-ujson-5.7.0
py39-urllib3-1.26.15,1
py39-vici-5.9.10
py39-yaml-6.0
python39-3.9.16_2
radvd-2.19_2
readline-8.2.1
rrdtool-1.8.0_2
ruby-3.1.3_2,1
samplicator-1.3.8.r1_1
sqlite3-3.41.0_2,1
squid-5.8
strongswan-5.9.10_1
sudo-1.9.13p3
suricata-6.0.9_1
syslog-ng-3.38.1
unbound-1.17.1_2
wpa_supplicant-2.10_6
zip-3.0_1

Number of packages to be reinstalled: 147
[1/147] Reinstalling indexinfo-0.3.1...
[1/147] Extracting indexinfo-0.3.1: .... done
[2/147] Reinstalling mpdecimal-2.5.1...
[2/147] Extracting mpdecimal-2.5.1: .......... done
[3/147] Reinstalling openssl-1.1.1t_2,1...
[3/147] Extracting openssl-1.1.1t_2,1: .......... done
[4/147] Reinstalling readline-8.2.1...
[4/147] Extracting readline-8.2.1: .......... done
[5/147] Reinstalling libffi-3.4.4...
[5/147] Extracting libffi-3.4.4: .......... done
[6/147] Reinstalling python39-3.9.16_2...
[6/147] Extracting python39-3.9.16_2: .......... done
[7/147] Reinstalling py39-setuptools-63.1.0...
[7/147] Extracting py39-setuptools-63.1.0: .......... done
[8/147] Reinstalling py39-pycparser-2.21...
[8/147] Extracting py39-pycparser-2.21: .......... done
[9/147] Reinstalling libunistring-1.1...
[9/147] Extracting libunistring-1.1: .......... done
[10/147] Reinstalling libedit-3.1.20221030,1...
[10/147] Extracting libedit-3.1.20221030,1: .......... done
[11/147] Reinstalling gettext-runtime-0.21.1...
[11/147] Extracting gettext-runtime-0.21.1: .......... done
[12/147] Reinstalling py39-cffi-1.15.1...
[12/147] Extracting py39-cffi-1.15.1: .......... done
[13/147] Reinstalling libidn2-2.3.4...
[13/147] Extracting libidn2-2.3.4: .......... done
[14/147] Reinstalling py39-cryptography-3.4.8_1,1...
[14/147] Extracting py39-cryptography-3.4.8_1,1: .......... done
[15/147] Reinstalling py39-numpy-1.24.1,1...
[15/147] Extracting py39-numpy-1.24.1,1: .......... done
[16/147] Reinstalling krb5-1.20.1...
[16/147] Extracting krb5-1.20.1: .......... done
[17/147] Reinstalling libxml2-2.10.3_2...
[17/147] Extracting libxml2-2.10.3_2: .......... done
[18/147] Reinstalling libargon2-20190702...
[18/147] Extracting libargon2-20190702: .......... done
[19/147] Reinstalling libcjson-1.7.15_1...
[19/147] Extracting libcjson-1.7.15_1: .......... done
[20/147] Reinstalling pcre2-10.42...
[20/147] Extracting pcre2-10.42: .......... done
[21/147] Reinstalling py39-six-1.16.0...
[21/147] Extracting py39-six-1.16.0: .......... done
[22/147] Reinstalling cyrus-sasl-2.1.28...
*** Updated user `cyrus'.
[22/147] Extracting cyrus-sasl-2.1.28: .......... done
[23/147] Reinstalling sqlite3-3.41.0_2,1...
[23/147] Extracting sqlite3-3.41.0_2,1: .......... done
[24/147] Reinstalling libyaml-0.2.5...
[24/147] Extracting libyaml-0.2.5: ......... done
[25/147] Reinstalling libiconv-1.17...
[25/147] Extracting libiconv-1.17: .......... done
[26/147] Reinstalling py39-bottleneck-1.3.7...
[26/147] Extracting py39-bottleneck-1.3.7: .......... done
[27/147] Reinstalling libcbor-0.10.2...
[27/147] Extracting libcbor-0.10.2: .......... done
[28/147] Reinstalling py39-openssl-20.0.1,1...
[28/147] Extracting py39-openssl-20.0.1,1: .......... done
[29/147] Reinstalling py39-cython-0.29.34...
[29/147] Extracting py39-cython-0.29.34: .......... done
[30/147] Reinstalling cyrus-sasl-gssapi-2.1.28...
[30/147] Extracting cyrus-sasl-gssapi-2.1.28: .......... done
[31/147] Reinstalling libnghttp2-1.52.0...
[31/147] Extracting libnghttp2-1.52.0: .......... done
[32/147] Reinstalling php81-8.1.18...
[32/147] Extracting php81-8.1.18: .......... done
[33/147] Reinstalling py39-sqlite3-3.9.16_7...
[33/147] Extracting py39-sqlite3-3.9.16_7: ........ done
[34/147] Reinstalling libpsl-0.21.2_3...
[34/147] Extracting libpsl-0.21.2_3: .......... done
[35/147] Reinstalling py39-numexpr-2.8.4...
[35/147] Extracting py39-numexpr-2.8.4: .......... done
[36/147] Reinstalling ca_root_nss-3.89...
[36/147] Extracting ca_root_nss-3.89: ...... done
[37/147] Reinstalling py39-dateutil-2.8.2...
[37/147] Extracting py39-dateutil-2.8.2: .......... done
[38/147] Reinstalling nspr-4.35...
[38/147] Extracting nspr-4.35: .......... done
[39/147] Reinstalling gmp-6.2.1...
[39/147] Extracting gmp-6.2.1: .......... done
[40/147] Reinstalling py39-pytz-2022.7,1...
[40/147] Extracting py39-pytz-2022.7,1: .......... done
[41/147] Reinstalling py39-certifi-2022.12.7...
[41/147] Extracting py39-certifi-2022.12.7: .......... done
[42/147] Reinstalling py39-pysocks-1.7.1...
[42/147] Extracting py39-pysocks-1.7.1: .......... done
[43/147] Reinstalling perl5-5.32.1_3...
[43/147] Extracting perl5-5.32.1_3: .......... done
[44/147] Reinstalling oniguruma-6.9.8_1...
[44/147] Extracting oniguruma-6.9.8_1: .......... done
[45/147] Reinstalling py39-idna-3.4_1...
[45/147] Extracting py39-idna-3.4_1: .......... done
[46/147] Reinstalling nettle-3.8.1...
[46/147] Extracting nettle-3.8.1: .......... done
[47/147] Reinstalling lzo2-2.10_1...
[47/147] Extracting lzo2-2.10_1: .......... done
[48/147] Reinstalling nss-3.89...
[48/147] Extracting nss-3.89: .......... done
[49/147] Reinstalling cpdup-1.22...
[49/147] Extracting cpdup-1.22: ..... done
[50/147] Reinstalling py39-markupsafe-2.1.2...
[50/147] Extracting py39-markupsafe-2.1.2: .......... done
[51/147] Reinstalling p5-Error-0.17029...
[51/147] Extracting p5-Error-0.17029: ......... done
[52/147] Reinstalling json-c-0.16...
[52/147] Extracting json-c-0.16: .......... done
[53/147] Reinstalling ldns-1.8.3...
[53/147] Extracting ldns-1.8.3: .......... done
[54/147] Reinstalling e2fsprogs-libuuid-1.47.0...
[54/147] Extracting e2fsprogs-libuuid-1.47.0: .......... done
[55/147] Reinstalling py39-yaml-6.0...
[55/147] Extracting py39-yaml-6.0: .......... done
[56/147] Reinstalling py39-pandas-1.5.3,1...
[56/147] Extracting py39-pandas-1.5.3,1: .......... done
[57/147] Reinstalling py39-urllib3-1.26.15,1...
[57/147] Extracting py39-urllib3-1.26.15,1: .......... done
[58/147] Reinstalling py39-charset-normalizer-3.1.0...
[58/147] Extracting py39-charset-normalizer-3.1.0: .......... done
[59/147] Reinstalling libfido2-1.13.0...
[59/147] Extracting libfido2-1.13.0: .......... done
[60/147] Reinstalling libevent-2.1.12...
[60/147] Extracting libevent-2.1.12: .......... done
[61/147] Reinstalling php81-session-8.1.18...
[61/147] Extracting php81-session-8.1.18: .......... done
[62/147] Reinstalling liblz4-1.9.4,1...
[62/147] Extracting liblz4-1.9.4,1: .......... done
[63/147] Reinstalling libunwind-20211201_2...
[63/147] Extracting libunwind-20211201_2: .......... done
[64/147] Reinstalling curl-8.0.1...
[64/147] Extracting curl-8.0.1: .......... done
[65/147] Reinstalling jansson-2.14...
[65/147] Extracting jansson-2.14: .......... done
[66/147] Reinstalling hyperscan-5.4.0...
[66/147] Extracting hyperscan-5.4.0: .......... done
[67/147] Reinstalling libnet-1.2,1...
[67/147] Extracting libnet-1.2,1: .......... done
[68/147] Reinstalling pcre-8.45_3...
[68/147] Extracting pcre-8.45_3: .......... done
[69/147] Reinstalling py39-Babel-2.12.1...
[69/147] Extracting py39-Babel-2.12.1: .......... done
[70/147] Reinstalling openldap26-client-2.6.4...
[70/147] Extracting openldap26-client-2.6.4: .......... done
[71/147] Reinstalling php81-pdo-8.1.18...
[71/147] Extracting php81-pdo-8.1.18: .......... done
[72/147] Reinstalling glib-2.76.1,2...
[72/147] Extracting glib-2.76.1,2: .......... done
[73/147] Reinstalling libucl-0.8.2...
[73/147] Extracting libucl-0.8.2: .......... done
[74/147] Reinstalling libsodium-1.0.18...
[74/147] Extracting libsodium-1.0.18: .......... done
[75/147] Reinstalling php81-mbstring-8.1.18...
[75/147] Extracting php81-mbstring-8.1.18: .......... done
[76/147] Reinstalling expat-2.5.0...
[76/147] Extracting expat-2.5.0: .......... done
[77/147] Reinstalling unbound-1.17.1_2...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[77/147] Extracting unbound-1.17.1_2: .......... done
[78/147] Reinstalling wpa_supplicant-2.10_6...
[78/147] Extracting wpa_supplicant-2.10_6: ....... done
[79/147] Reinstalling php81-sqlite3-8.1.18...
[79/147] Extracting php81-sqlite3-8.1.18: ......... done
[80/147] Reinstalling php81-sockets-8.1.18...
[80/147] Extracting php81-sockets-8.1.18: .......... done
[81/147] Reinstalling flock-2.37.2...
[81/147] Extracting flock-2.37.2: ...... done
[82/147] Reinstalling filterlog-0.7...
[82/147] Extracting filterlog-0.7: .... done
[83/147] Reinstalling dpinger-3.3...
[83/147] Extracting dpinger-3.3: .... done
[84/147] Reinstalling lighttpd-1.4.69...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[84/147] Extracting lighttpd-1.4.69: .......... done
[85/147] Reinstalling opnsense-update-23.1.6...
[85/147] Extracting opnsense-update-23.1.6: .......... done
[86/147] Reinstalling hostapd-2.10_5...
[86/147] Extracting hostapd-2.10_5: ....... done
[87/147] Reinstalling flowd-0.9.1_3...
===> Creating groups.
Using existing group '_flowd'.
===> Creating users
Using existing user '_flowd'.
[87/147] Extracting flowd-0.9.1_3: .......... done
[88/147] Reinstalling monit-5.33.0...
[88/147] Extracting monit-5.33.0: ....... done
[89/147] Reinstalling php81-google-api-php-client-2.4.0...
[89/147] Extracting php81-google-api-php-client-2.4.0: .......... done
[90/147] Reinstalling choparp-20150613...
[90/147] Extracting choparp-20150613: ...... done
[91/147] Reinstalling git-2.40.0...
===> Creating groups.
Using existing group 'git_daemon'.
===> Creating users
Using existing user 'git_daemon'.
[91/147] Extracting git-2.40.0: .......... done
[92/147] Reinstalling openvpn-2.5.8...
===> Creating groups.
Using existing group 'openvpn'.
===> Creating users
Using existing user 'openvpn'.
[92/147] Extracting openvpn-2.5.8: .......... done
[93/147] Reinstalling cpustats-0.1...
[93/147] Extracting cpustats-0.1: . done
[94/147] Reinstalling py39-Jinja2-3.1.2...
[94/147] Extracting py39-Jinja2-3.1.2: .......... done
[95/147] Reinstalling php81-filter-8.1.18...
[95/147] Extracting php81-filter-8.1.18: ......... done
[96/147] Reinstalling py39-dnspython-2.3.0,1...
[96/147] Extracting py39-dnspython-2.3.0,1: .......... done
[97/147] Reinstalling php81-pecl-radius-1.4.0b1_2...
[97/147] Extracting php81-pecl-radius-1.4.0b1_2: .......... done
[98/147] Reinstalling ruby-3.1.3_2,1...
[98/147] Extracting ruby-3.1.3_2,1: .......... done
[99/147] Reinstalling dnsmasq-2.89_1,1...
[99/147] Extracting dnsmasq-2.89_1,1: .......... done
[100/147] Reinstalling py39-duckdb-0.6.1...
[100/147] Extracting py39-duckdb-0.6.1: .......... done
[101/147] Reinstalling rrdtool-1.8.0_2...
[101/147] Extracting rrdtool-1.8.0_2: .......... done
[102/147] Reinstalling dhcp6c-20200512_1...
[102/147] Extracting dhcp6c-20200512_1: ........ done
[103/147] Reinstalling py39-requests-2.28.2...
[103/147] Extracting py39-requests-2.28.2: .......... done
[104/147] Reinstalling radvd-2.19_2...
[104/147] Extracting radvd-2.19_2: .......... done
[105/147] Reinstalling isc-dhcp44-server-4.4.3P1...
===> Creating groups.
Using existing group 'dhcpd'.
===> Creating users
Using existing user 'dhcpd'.
[105/147] Extracting isc-dhcp44-server-4.4.3P1: .......... done
[106/147] Reinstalling ntp-4.2.8p15_5...
[106/147] Extracting ntp-4.2.8p15_5: .......... done
[107/147] Reinstalling syslog-ng-3.38.1...
[107/147] Extracting syslog-ng-3.38.1: .......... done
[108/147] Reinstalling py39-ujson-5.7.0...
[108/147] Extracting py39-ujson-5.7.0: ......... done
[109/147] Reinstalling dmidecode-3.5...
[109/147] Extracting dmidecode-3.5: .......... done
[110/147] Reinstalling py39-vici-5.9.10...
[110/147] Extracting py39-vici-5.9.10: .......... done
[111/147] Reinstalling iperf3-3.13...
[111/147] Extracting iperf3-3.13: .......... done
[112/147] Reinstalling php81-ctype-8.1.18...
[112/147] Extracting php81-ctype-8.1.18: ........ done
[113/147] Reinstalling php81-simplexml-8.1.18...
[113/147] Extracting php81-simplexml-8.1.18: ......... done
[114/147] Reinstalling beep-1.0_1...
[114/147] Extracting beep-1.0_1: ..... done
[115/147] Reinstalling iftop-1.0.p4...
[115/147] Extracting iftop-1.0.p4: ..... done
[116/147] Reinstalling ifinfo-13.0_1...
[116/147] Extracting ifinfo-13.0_1: .... done
[117/147] Reinstalling node_exporter-1.5.0_5...
[117/147] Extracting node_exporter-1.5.0_5: ..... done
[118/147] Reinstalling samplicator-1.3.8.r1_1...
[118/147] Extracting samplicator-1.3.8.r1_1: ..... done
[119/147] Reinstalling expiretable-0.6_2...
[119/147] Extracting expiretable-0.6_2: ... done
[120/147] Reinstalling php81-zlib-8.1.18...
[120/147] Extracting php81-zlib-8.1.18: ........ done
[121/147] Reinstalling php81-phalcon-5.2.1...
[121/147] Extracting php81-phalcon-5.2.1: ........ done
[122/147] Reinstalling php81-phpseclib-3.0.19...
[122/147] Extracting php81-phpseclib-3.0.19: ......... done
[123/147] Reinstalling pkg-1.19.1_1...
[123/147] Extracting pkg-1.19.1_1: .......... done
[124/147] Reinstalling openssh-portable-9.2.p1,1...
[124/147] Extracting openssh-portable-9.2.p1,1: .......... done
[125/147] Reinstalling php81-dom-8.1.18...
[125/147] Extracting php81-dom-8.1.18: .......... done
[126/147] Reinstalling suricata-6.0.9_1...
[126/147] Extracting suricata-6.0.9_1: .......... done
[127/147] Reinstalling zip-3.0_1...
[127/147] Extracting zip-3.0_1: .......... done
[128/147] Reinstalling mpd5-5.9_14...
[128/147] Extracting mpd5-5.9_14: .......... done
[129/147] Reinstalling php81-ldap-8.1.18...
[129/147] Extracting php81-ldap-8.1.18: ........ done
[130/147] Reinstalling php81-xml-8.1.18...
[130/147] Extracting php81-xml-8.1.18: ......... done
[131/147] Reinstalling php81-curl-8.1.18...
[131/147] Extracting php81-curl-8.1.18: .......... done
[132/147] Reinstalling squid-5.8...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-5.8
[132/147] Extracting squid-5.8: .......... done
[133/147] Reinstalling strongswan-5.9.10_1...
[133/147] Extracting strongswan-5.9.10_1: .......... done
[134/147] Reinstalling sudo-1.9.13p3...
[134/147] Extracting sudo-1.9.13p3: .......... done
[135/147] Reinstalling php81-gettext-8.1.18...
[135/147] Extracting php81-gettext-8.1.18: ........ done
[136/147] Reinstalling opnsense-installer-23.1...
[136/147] Extracting opnsense-installer-23.1: .......... done
[137/147] Reinstalling opnsense-lang-22.7.3...
[137/147] Extracting opnsense-lang-22.7.3: .......... done
[138/147] Reinstalling py39-netaddr-0.8.0...
[138/147] Extracting py39-netaddr-0.8.0: .......... done
[139/147] Reinstalling isc-dhcp44-relay-4.4.3P1...
[139/147] Extracting isc-dhcp44-relay-4.4.3P1: ....... done
[140/147] Reinstalling pftop-0.8_2...
[140/147] Extracting pftop-0.8_2: ..... done
[141/147] Reinstalling pam_opnsense-19.1.3...
[141/147] Extracting pam_opnsense-19.1.3: ........ done
[142/147] Reinstalling os-iperf-1.0_1...
[142/147] Extracting os-iperf-1.0_1: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
[143/147] Reinstalling icu-73.1,1...
[143/147] Extracting icu-73.1,1: .......... done
[144/147] Reinstalling os-dmidecode-1.1_1...
[144/147] Extracting os-dmidecode-1.1_1: .... done
Stopping configd...done
Starting configd.
[145/147] Reinstalling os-node_exporter-1.1...
[145/147] Extracting os-node_exporter-1.1: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/NodeExporter: OK
[146/147] Reinstalling opnsense-23.1.6...
[146/147] Extracting opnsense-23.1.6: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
[147/147] Reinstalling os-git-backup-1.0_3...
[147/147] Extracting os-git-backup-1.0_3: ..... done
Reloading plugin configuration
Configuring system logging...done.
Compiling glib schemas
No schema files found: doing nothing.
Generating GIO modules cache
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
You may need to manually remove /usr/local/openssl/cert.pem if it is no longer needed.
=====
Message from py39-urllib3-1.26.15,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
=====
Message from openvpn-2.5.8:

--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
=====
Message from dnsmasq-2.89_1,1:

--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]

Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq

SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
=====
Message from node_exporter-1.5.0_5:

--
Text collector examples have been moved to a new repository at
https://github.com/prometheus-community/node-exporter-textfile-collector-scripts.

The netdev collector CLI argument `--collector.netdev.ignored-devices` was
renamed to `--collector.netdev.device-blacklist`.

Additional label `mountaddr` added to NFS device metrics to distinguish mounts
from the same URL, but different IP addresses.

Metrics `node_cpu_scaling_frequency_min_hrts` and
`node_cpu_scaling_frequency_max_hrts` of the cpufreq collector were renamed to
`node_cpu_scaling_frequency_min_hertz` and
`node_cpu_scaling_frequency_max_hertz`.

Collectors that are enabled, but are unable to find data to collect, now return
`0` for `node_scrape_collector_success`.
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/squid/squid.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/strongswan.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/swanctl/swanctl.conf if it is no longer needed.
=====
Message from strongswan-5.9.10_1:

--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from opnsense-23.1.6:

--
I'm no chicken
Files /var/cache/opnsense-update/87942/OPNsense.conf and /usr/local/etc/pkg/repos/OPNsense.conf differ
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
pkg-static: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg-static: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/packagesite.pkg: Not Found
pkg-static: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-23.1.6-amd64.txz: ..[fetch: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/sets/base-23.1.6-amd64.txz.sig: Not Found] failed, no signature found
***DONE***


Now the output of looking for updates is:

Code Select Expand


***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.1.6 at Fri Apr 21 13:27:15 CEST 2023
Fetching subscription information, please wait... fetch: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/subscription: Not Found
Fetching changelog information, please wait... fetch: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/sets/changelog.txz: Not Found
Updating OPNsense repository catalogue...
pkg: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/packagesite.pkg: Not Found
pkg: http://mirror.fra10.de.leaseweb.net/opnsense/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***


I've also tried manually removing the subscription key from the config and uploading it again, and changing to another community mirror.

[Setup]

Hi all,

We have been experiencing multiple issues on OPNsense 23.1, then switched to 22.10 (business), but since 22.10 is running 22.7 under the hood I thought I should post here:

Setup
2x DEC3850
SFP+ ports ax0,ax1 -> lagg0 - connected to D-Link DXS-3400-24SC
igb0 -> WAN
igb3 -> PFSYNC direct cable between OPNsenses

All networks on LAN side are running in VLANs, configured on lagg0. lagg0 is also assigned and enabled, but not configured.

Errors
1. (the worst one) Packets being dropped with Symbol-Errors on Switch
Our APs (ubiquiti u6-lite) and switches are located in vlan01.98 (lagg0, tag: 98).
Our domain controller running a RADIUS server is located in vlan01.100 (lagg0, tag: 100).
When logging in to the WiFi via WPA2 Enterprise with RADIUS backend, I can see the RADIUS packet as follows (captured on both vlan01.98 and vlan01.100, packets visible on both):

Code Select Expand

- Access-Request, AP -> DC
- Access-Challenge, DC -> AP
- Access-Request, AP -> DC
- IP Fragment containing first 1480 Bytes of an Access-Challenge, DC -> AP
- missing bytes of Access-Challenge, DC -> AP
When logging the packets I can also see the packets being passed on to the next hop.
However, the only packets being logged on the DXS-3400-24SC are:

Code Select Expand

- Access-Request, AP -> DC
- Access-Challenge, DC -> AP
- Access-Request, AP -> DC
- missing bytes of Access-Challenge, DC -> AP
The Switch also reports a Symbol-Err for the dropped packed. When debugging this with the D-Link support, they asked me to swap the cables and ports. However, even when I switch to the backup OPNsense, the error stays exactly the same. This behaviour is 100% reproducible accross both devices. The Symbol-Err counter increases for other packets as well, this is just the only one I have been able to capture and reproduce.

On the OPNsense Interface Statistics I can see a number of "Errors Out" in multiple vlans, with many on the LAGG interface.

2. (annoying) CARP seems to not be working properly
When we access the Interfaces -> Virtual IPs -> Status page, often this message is displayed:

Code Select Expand

CARP has detected a problem and this unit has been demoted to BACKUP status.
Check link status on all interfaces with configured CARP VIPs.
This happens on both OPNsenses regularly, and has led to us having to shutdown the MASTER whenever we want to update/reboot it, to make the BACKUP become MASTER, since Persistent CARP Maintenance Mode doesn't work.

3. (not that important) ARP error messages on Backup OPNsense
The backup OPNsense has constant arp error messages stating:

Code Select Expand

arp: 00:0e:08:17:87:63 is using my IP address 172.1.1.3 on vlan01.11!
However, when I switch the IP to e.g. 172.1.1.4 the error messages still appear, just with the new IP.
This isn't really an issue, I just thought it might have something to do with the CARP problem.

I put all of these errors into one thread, as I'm not sure whether they might be relevant to one another.

Thanks for any ideas and help!

Best,
Ian

Core temps sit between 34 and 39°C, so I guess RAM or CPU. I'll look into replacing our unit then.

dmesg shows a bunch of errors:

Code Select Expand


pid 88001 (php-cgi), jid 0, uid 0: exited on signal 10 (core dumped)
pid 42076 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
...
sonewconn: pcb 0xfffff800210a0900 (local:/var/run/configd.socket): Listen queue overflow: 46 already in queue awaiting acceptance (53 occurrences)
sonewconn: pcb 0xfffff800210a0900 (local:/var/run/configd.socket): Listen queue overflow: 46 already in queue awaiting acceptance (62 occurrences)
sonewconn: pcb 0xfffff800210a0900 (local:/var/run/configd.socket): Listen queue overflow: 46 already in queue awaiting acceptance (62 occurrences)
sonewconn: pcb 0xfffff800210a0900 (local:/var/run/configd.socket): Listen queue overflow: 46 already in queue awaiting acceptance (135 occurrences)
...
pid 12580 (php), jid 0, uid 0: exited on signal 11 (core dumped)
pid 50157 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
pid 21 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
pid 41295 (python3.9), jid 0, uid 0: exited on signal 10 (core dumped)
pid 61620 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
pid 53937 (php), jid 0, uid 0: exited on signal 11 (core dumped)
pid 10294 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
pid 85021 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
pid 26932 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
...


those are the ones I'm seing the most, apart from arp changes.

I guess that might be the case. We've reinstalled multiple times by now, and as it's not stayed better, I guess hardware has the highest probability. Do you or anyone else have any insights on what the `Bus error` could stand for?

Update:

I just updated to opnsense-22.7.9_3, and the logs supported my suspicion of configd being broken:

From the update logs:

Code Select Expand


...
Starting configd.
Bus error (core dumped)
/usr/local/etc/rc.d/configd: WARNING: failed to start configd
...


Does anyone know how to fix this?

[How I found it:]

Update:
I found a workaround:
1. restart configd through webgui
2. disable monit
3. restart the monit service via ssh:

Code Select Expand

# configctl monit restart
4. enable monit

How I found it:
I looked at zombie processes, as I thought those might give me an idea of what could be the problem.

Code Select Expand


# ps aux | grep 'Z'
USER       PID  %CPU %MEM    VSZ   RSS TT  STAT STARTED        TIME COMMAND
root     11085   0.0  0.0      0     0  -  Z    12:51       0:00.11 <defunct>

# ps -o ppid= -p 11085
80828

# ps aux -p 80828
USER   PID %CPU %MEM   VSZ  RSS TT  STAT STARTED    TIME COMMAND
root 80828  0.0  0.1 22572 8976  -  I    Sat00   0:09.21 /usr/local/bin/monit -c /usr/local/etc/monitrc


Now I knew it had to do with monit. I disabled it first, but that didn't help. I tried restarting through configctl:

Code Select Expand


# configctl monit restart
unable to connect to configd socket (@/var/run/configd.socket)

Therefore I knew configctl was not working properly, and I restarted configd from the webgui.

Now I was able to run the restart command from above, which led to a much more responsive webserver already. Now I just re-enabled monit, and it's running fine.

I hope it stays that way, otherwise I know at least have a workaround.

For me this isn't the case. Even via IP the webgui is basically unusable.

Sadly I have to come back to this.

After deactivating the logs it has gotten better, until just now, we experienced another web GUI crash. It's no longer responsive whatsoever, the page doesn't even load. I ran /usr/local/etc/rc.restart_webgui in hopes that would help, as all other services are running just fine. This took about 3 minutes to complete, but I'm still left with a non-responding OPNSense web server.

Update: I was finally able to access the webgui after 5+ minutes, but still everything takes ages to do, nothing loads, errors everywhere..

Any help is appreciated.

I deleted most of the logs, sized down the latest.log as well.
After logging out and back in, issues persisted. I deleted all logs via GUI. Issues still persisted. After a reboot it seems to now be running better, I clicked around a bit and it seems to stay responsive.
I'll update again, if anything changes.

Thanks already for all your help!

I'm currently looking at around 186GB of logs. I have a feeling this might be it :). Currently working on getting them off the drive, thanks already.
I'll update once I'm done!

Could you do a DNS lookup of the hostname you are using to access the GUI and see if it returns a single address or multiple values, some of which might not be reachable beacuse of firewall rules?

I'll double check, but I'm quite sure it's just one IP.

Running the DNS lookup via GUI didn't work (I never got a result). Through the shell I did confirm resolving it's FQDN @localhost returned one IP only.

I have now disabled logging for all rules (but default ones), but the issue still persists. A reboot shouldn't be necessary, am I right?

Also logging to memory was disabled already.

As of now I can't even read my system logs, because they just aren't loading.

Connecting via SSH and reading from there works great, only a bit slow right when I switch to the root user.