Messages

Many thanks  for your guidance.

I pleased to say I finally got it working by using the mirror at Leaseweb San Francisco  :)

The Default mirror and the one at Aalborg University don't work so it would seem those mirrors have corrupt images of 24.1.9.

Enjoy the rest of your weekend!

Thanks for the suggestion.

I've downloaded the base 24.1 image from a different mirror and installed it on a different Proxmox server using a minimal configuration. I did not  import  a previous configuration. I still get the error.

I also tried upgrading a production system which was running 24.1.6. This runs natively on hardware i.e. no Proxmox. I still get this error.

Given that I have been unable to update 24.1 on three seperate systems I get the feeling that  the update image being pulled by both the GUI and the console could be faulty. However I would have thought other people would have reported such an issue.

Any thoughts?

Is there a way to get the updates from a different mirror than the default one used by the GUI or the console?

Thanks.

Hi.

I'm running OPNsense 24.1 on Proxmox and am trying to upgrade to 24.1.9 but am getting the following errors:

[1/113] Fetching py311-pandas-2.0.3_2,1.pkg: ....... done
pkg-static: cached package py311-pandas-2.0.3_2,1: missing or size mismatch, fetching from remote
[2/113] Fetching py311-pandas-2.0.3_2,1.pkg: ........ done
pkg-static: cached package py311-pandas-2.0.3_2,1: missing or size mismatch, cannot continue
Consider running 'pkg update -f'

OPNsense 24.1 was a fresh install with an imported configuration.

Any thoughts? The 'pkg update -f'  does not help.

Thanks,

P.S. In case it is useful the full install log is below.



***GOT REQUEST TO UPDATE***
Currently running OPNsense 24.1 at Thu Jul  4 12:57:27 BST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (101 candidates): .......... done
Processing candidates (101 candidates): ........ done
The following 174 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
   py39-Babel: 2.14.0
   py39-Jinja2: 3.1.3
   py39-aioquic: 0.9.24
   py39-anyio: 4.2.0
   py39-async_generator: 1.10
   py39-attrs: 23.1.0
   py39-bottleneck: 1.3.7_1
   py39-certifi: 2023.11.17
   py39-cffi: 1.16.0
   py39-charset-normalizer: 3.3.2
   py39-cryptography: 41.0.7_2,1
   py39-dateutil: 2.8.2
   py39-dnspython: 2.5.0,1
   py39-duckdb: 0.9.2
   py39-exceptiongroup: 1.2.0
   py39-h11: 0.14.0
   py39-h2: 4.1.0
   py39-hpack: 4.0.0
   py39-httpcore: 1.0.2
   py39-httpx: 0.26.0
   py39-hyperframe: 6.0.0
   py39-idna: 3.6
   py39-markupsafe: 2.1.3
   py39-netaddr: 0.10.1
   py39-numexpr: 2.8.8
   py39-numpy: 1.25.0_5,1
   py39-openssl: 23.2.0,1
   py39-outcome: 1.3.0_1
   py39-pandas: 2.0.3_1,1
   py39-pyasn1: 0.5.0
   py39-pyasn1-modules: 0.3.0
   py39-pycparser: 2.21
   py39-pylsqpack: 0.3.18
   py39-pysocks: 1.7.1
   py39-pytz: 2023.3,1
   py39-requests: 2.31.0
   py39-service-identity: 23.1.0
   py39-setuptools: 63.1.0_1
   py39-six: 1.16.0
   py39-sniffio: 1.3.0
   py39-sortedcontainers: 2.4.0
   py39-sqlite3: 3.9.18_7
   py39-trio: 0.24.0
   py39-typing-extensions: 4.9.0
   py39-tzdata: 2023.4
   py39-ujson: 5.9.0
   py39-urllib3: 1.26.18,1
   py39-vici: 5.9.11
   py39-yaml: 6.0.1
   python39: 3.9.18_1

New packages to be INSTALLED:
   dhcrelay: 0.5
   py311-Babel: 2.14.0
   py311-Jinja2: 3.1.3
   py311-aioquic: 0.9.25
   py311-anyio: 4.4.0
   py311-async_generator: 1.10
   py311-attrs: 23.2.0
   py311-bottleneck: 1.3.8_1
   py311-certifi: 2024.6.2
   py311-cffi: 1.16.0
   py311-charset-normalizer: 3.3.2_1
   py311-cryptography: 42.0.8,1
   py311-dnspython: 2.6.1,1
   py311-duckdb: 1.0.0
   py311-h11: 0.14.0
   py311-h2: 4.1.0
   py311-hpack: 4.0.0
   py311-httpcore: 1.0.5
   py311-httpx: 0.27.0_1
   py311-hyperframe: 6.0.0
   py311-idna: 3.7
   py311-markupsafe: 2.1.5_1
   py311-netaddr: 1.3.0
   py311-numexpr: 2.9.0_1
   py311-numpy: 1.25.0_7,1
   py311-openssl: 23.2.0,1
   py311-outcome: 1.3.0_1
   py311-packaging: 24.0
   py311-pandas: 2.0.3_2,1
   py311-pyasn1: 0.6.0
   py311-pyasn1-modules: 0.4.0
   py311-pycparser: 2.22
   py311-pylsqpack: 0.3.18
   py311-pysocks: 1.7.1_1
   py311-python-dateutil: 2.9.0
   py311-pytz: 2024.1,1
   py311-requests: 2.32.3
   py311-service-identity: 24.1.0
   py311-setuptools: 63.1.0_1
   py311-six: 1.16.0
   py311-sniffio: 1.3.1
   py311-socksio: 1.0.0_1
   py311-sortedcontainers: 2.4.0
   py311-sqlite3: 3.11.9_7
   py311-trio: 0.25.1
   py311-tzdata: 2024.1
   py311-ujson: 5.10.0
   py311-urllib3: 1.26.18_1,1
   py311-vici: 5.9.11
   py311-yaml: 6.0.1
   python311: 3.11.9

Installed packages to be UPGRADED:
   boost-libs: 1.83.0_1 -> 1.84.0
   curl: 8.5.0 -> 8.8.0
   dhcp6c: 20230530 -> 20240607
   dnsmasq: 2.89_1,1 -> 2.90_1,1
   e2fsprogs-libuuid: 1.47.0 -> 1.47.1
   easy-rsa: 3.1.7 -> 3.2.0
   expat: 2.5.0_1 -> 2.6.2
   flowd: 0.9.1_3 -> 0.9.1_5
   gettext-runtime: 0.22.3_1 -> 0.22.5
   glib: 2.78.4,2 -> 2.80.2,2
   hostapd: 2.10_9 -> 2.10_10
   hyperscan: 5.4.0 -> 5.4.2
   icu: 74.2,1 -> 74.2_1,1
   isc-dhcp44-server: 4.4.3P1 -> 4.4.3P1_1
   ivykis: 0.42.4_1 -> 0.43_1
   kea: 2.4.1 -> 2.4.1_2
   krb5: 1.21.2 -> 1.21.2_3
   ldns: 1.8.3 -> 1.8.3_1
   libcbor: 0.10.2 -> 0.11.0
   libcjson: 1.7.16 -> 1.7.18_2
   libedit: 3.1.20230828_1,1 -> 3.1.20240517,1
   libffi: 3.4.4_1 -> 3.4.6
   libidn2: 2.3.4_2 -> 2.3.7
   libnghttp2: 1.58.0 -> 1.62.1
   libpfctl: 0.8 -> 0.11
   libpsl: 0.21.2_5 -> 0.21.5_1
   libsodium: 1.0.18 -> 1.0.19
   libucl: 0.8.2 -> 0.9.2
   libunistring: 1.1 -> 1.2
   libxml2: 2.11.6 -> 2.11.8
   lighttpd: 1.4.73 -> 1.4.76
   monit: 5.33.0 -> 5.33.0_1
   mpd5: 5.9_17 -> 5.9_18
   mpdecimal: 2.5.1 -> 4.0.0
   nss: 3.95 -> 3.100
   ntp: 4.2.8p17_1 -> 4.2.8p18
   openldap26-client: 2.6.6 -> 2.6.8
   openssh-portable: 9.6.p1_1,1 -> 9.7.p1,1
   openssl: 3.0.12_2,1 -> 3.0.14,1
   openvpn: 2.6.8_1 -> 2.6.10
   opnsense: 24.1 -> 24.1.9_4
   opnsense-update: 24.1 -> 24.1.8
   pcre2: 10.42 -> 10.43
   pftop: 0.10 -> 0.10_1
   php82: 8.2.15 -> 8.2.20
   php82-ctype: 8.2.15 -> 8.2.20
   php82-curl: 8.2.15 -> 8.2.20
   php82-dom: 8.2.15 -> 8.2.20
   php82-filter: 8.2.15 -> 8.2.20
   php82-gettext: 8.2.15 -> 8.2.20
   php82-ldap: 8.2.15 -> 8.2.20
   php82-mbstring: 8.2.15 -> 8.2.20
   php82-pcntl: 8.2.15 -> 8.2.20
   php82-pdo: 8.2.15 -> 8.2.20
   php82-pecl-mcrypt: 1.0.6 -> 1.0.7
   php82-phalcon: 5.3.1 -> 5.7.0
   php82-phpseclib: 3.0.34 -> 3.0.36
   php82-session: 8.2.15 -> 8.2.20
   php82-simplexml: 8.2.15 -> 8.2.20
   php82-sockets: 8.2.15 -> 8.2.20
   php82-sqlite3: 8.2.15 -> 8.2.20
   php82-xml: 8.2.15 -> 8.2.20
   php82-zlib: 8.2.15 -> 8.2.20
   pkcs11-helper: 1.29.0_2 -> 1.29.0_3
   radvd: 2.19_2 -> 2.19_3
   readline: 8.2.7_1 -> 8.2.10
   rrdtool: 1.8.0_3 -> 1.8.0_4
   sqlite3: 3.45.0_1,1 -> 3.46.0,1
   strongswan: 5.9.13 -> 5.9.14
   sudo: 1.9.15p5_3 -> 1.9.15p5_4
   suricata: 7.0.2_3 -> 7.0.5_1
   syslog-ng: 4.4.0 -> 4.7.1
   unbound: 1.19.0 -> 1.20.0_1

Number of packages to be removed: 50
Number of packages to be installed: 51
Number of packages to be upgraded: 73

The process will require 155 MiB more space.
152 MiB to be downloaded.
[1/113] Fetching py311-pandas-2.0.3_2,1.pkg: ....... done
pkg-static: cached package py311-pandas-2.0.3_2,1: missing or size mismatch, fetching from remote
[2/113] Fetching py311-pandas-2.0.3_2,1.pkg: ........ done
pkg-static: cached package py311-pandas-2.0.3_2,1: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

Thank you both for the quick and helpful responses.  :)

On my LAN interface I have a firewall rule that allows 'Access to Anything' . This allows any device on the LAN interface to connect to anything on the internet as well as all the internal VLANs.

The next rule on the LAN interface blocks everything.  This rule is for debugging/logging purposes and should not normally be reached.

The issue is that the 'Access to Anything' rule is being bypassed occasionally which should not be possible.

I have no idea why this is happening and would appreciate some guidance.

See the attached screen shots:
* Log showing bypassing of  the rule
* Overview of the firewalls rule
* Full details of the 'Access to Anything' rule that is occasionally failing.

Thanks.

Thank you.

Hi,

I'm confused about where to locate a file to verify the installation image I have downloaded.

The installation instructions talk about downloading four files, but I cannot find where the .sig file is located for OPNsense-23.1-OpenSSL-dvd-amd64.iso.bz2.

Can someone point me in the right direction.

Thanks

Thank you for the prompt and helpful answer.

Hi,

I've installed a test copy of OPNsense on a virtual machine on Proxmox in my home lab network.

When I boot from the installation ISO image,  my production firewall blocks two DNS requests from the WAN port of the test VM to 185.209.85.151 on port 53

This IP address is located in Russia. Is this to be expected ?

I obtained the software OPNsense-23.1-OpenSSL-dvd-amd64.iso.bz2 from the LeaseWeb repository via the https://opnsense.org/download/ website.

Thanks