Messages

During the upgrade process pkg is removing the opnsense package causing an error to be thrown in the GUI and stalling the log. This gives the appearance of a fatal error even though the upgrade process continues in the background.  We had the same problem when pkg was upgraded in the 25.7.6 upgrade.

Code Select Expand

<13>1 2026-03-09T09:00:13-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="38"] py313-vici-6.0.3 installed
<13>1 2026-03-09T09:00:14-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="39"] qemu-guest-agent upgraded: 10.2.0_1 -> 10.2.1
<13>1 2026-03-09T09:00:25-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="40"] ruby33-gems upgraded: 4.0.5 -> 4.0.6
<13>1 2026-03-09T09:00:27-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="41"] opnsense-26.1.2_5 deinstalled
<13>1 2026-03-09T09:00:27-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="42"] dnsmasq upgraded: 2.92,1 -> 2.92_2,1
<13>1 2026-03-09T09:00:45-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="43"] kea reinstalled: 3.0.2_1 -> 3.0.2_1
<13>1 2026-03-09T09:00:46-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="44"] opnsense-installer upgraded: 25.1_1 -> 25.1_2
<13>1 2026-03-09T09:00:47-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="45"] opnsense-update upgraded: 26.1.1_1 -> 26.1.3
...
<13>1 2026-03-09T09:16:53-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="8"] py313-dnspython-2.8.0_1,1 installed
<13>1 2026-03-09T09:16:56-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="9"] suricata reinstalled: 8.0.3_1 -> 8.0.3_1
<13>1 2026-03-09T09:16:59-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="10"] unbound reinstalled: 1.24.2_1 -> 1.24.2_1
<13>1 2026-03-09T09:19:05-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="1"] opnsense-26.1.3 installed
<13>1 2026-03-09T09:19:05-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="2"] os-ddclient-1.30 deinstalled
<13>1 2026-03-09T09:19:05-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="3"] py311-boto3-1.42.34 deinstalled
<13>1 2026-03-09T09:19:06-04:00 fw.lan.threesheets.org pkg-static 37238 - [meta sequenceId="4"] py311-s3transfer-0.16.0 deinstalled


Confirming I was able to successfully upgrade to 25.7.6 this morning.

Code Select Expand

root@fw:/var/log/pkg # cat pkg_20251024.log
<13>1 2025-10-24T08:35:18-04:00 fw.lan pkg-static 81937 - [meta sequenceId="1"] libcbor upgraded: 0.12.0_2 -> 0.13.0
<13>1 2025-10-24T08:35:20-04:00 fw.lan pkg-static 81937 - [meta sequenceId="2"] libunistring upgraded: 1.3 -> 1.4.1
<13>1 2025-10-24T08:35:26-04:00 fw.lan pkg-static 81937 - [meta sequenceId="3"] crowdsec-1.7.0 deinstalled
<13>1 2025-10-24T08:35:31-04:00 fw.lan pkg-static 81937 - [meta sequenceId="4"] crowdsec-firewall-bouncer upgraded: 0.0.32_5 -> 0.0.32_7
<13>1 2025-10-24T08:35:43-04:00 fw.lan pkg-static 81937 - [meta sequenceId="5"] crowdsec-1.7.0_2 installed
<13>1 2025-10-24T08:35:44-04:00 fw.lan pkg-static 81937 - [meta sequenceId="6"] git-2.51.0 deinstalled
<13>1 2025-10-24T08:35:47-04:00 fw.lan pkg-static 81937 - [meta sequenceId="7"] opnsense-25.7.4 deinstalled
<13>1 2025-10-24T08:35:49-04:00 fw.lan pkg-static 81937 - [meta sequenceId="8"] dnsmasq reinstalled: 2.91_1,1 -> 2.91_1,1
<13>1 2025-10-24T08:36:15-04:00 fw.lan pkg-static 81937 - [meta sequenceId="9"] php83-phpseclib upgraded: 3.0.46 -> 3.0.47
<13>1 2025-10-24T08:36:17-04:00 fw.lan pkg-static 81937 - [meta sequenceId="10"] kea-3.0.1_1 deinstalled
<13>1 2025-10-24T08:36:18-04:00 fw.lan pkg-static 81937 - [meta sequenceId="11"] ntp-4.2.8p18_4 deinstalled
<13>1 2025-10-24T08:36:18-04:00 fw.lan pkg-static 81937 - [meta sequenceId="12"] openssh-portable-10.0.p1_2,1 deinstalled
<13>1 2025-10-24T08:36:19-04:00 fw.lan pkg-static 81937 - [meta sequenceId="13"] openvpn-2.6.15 deinstalled
<13>1 2025-10-24T08:36:19-04:00 fw.lan pkg-static 81937 - [meta sequenceId="14"] opnsense-update-25.7.3 deinstalled
<13>1 2025-10-24T08:36:20-04:00 fw.lan pkg-static 81937 - [meta sequenceId="15"] os-ddclient-1.27_4 deinstalled
<13>1 2025-10-24T08:36:20-04:00 fw.lan pkg-static 81937 - [meta sequenceId="16"] php83-ldap-8.3.26 deinstalled
<13>1 2025-10-24T08:36:26-04:00 fw.lan pkg-static 81937 - [meta sequenceId="17"] openldap26-client-2.6.10 deinstalled
<13>1 2025-10-24T08:36:27-04:00 fw.lan pkg-static 81937 - [meta sequenceId="18"] cyrus-sasl-gssapi-2.1.28 deinstalled
<13>1 2025-10-24T08:36:27-04:00 fw.lan pkg-static 81937 - [meta sequenceId="19"] cyrus-sasl-2.1.28_5 deinstalled
<13>1 2025-10-24T08:36:29-04:00 fw.lan pkg-static 81937 - [meta sequenceId="20"] krb5-1.22.1 deinstalled
<13>1 2025-10-24T08:36:30-04:00 fw.lan pkg-static 81937 - [meta sequenceId="21"] py311-anyio-4.10.0 deinstalled
<13>1 2025-10-24T08:36:31-04:00 fw.lan pkg-static 81937 - [meta sequenceId="22"] py311-boto3-1.40.21 deinstalled
<13>1 2025-10-24T08:36:31-04:00 fw.lan pkg-static 81937 - [meta sequenceId="23"] py311-cryptography-44.0.3_3,1 deinstalled
<13>1 2025-10-24T08:36:32-04:00 fw.lan pkg-static 81937 - [meta sequenceId="24"] py311-markupsafe-3.0.2 deinstalled
<13>1 2025-10-24T08:36:32-04:00 fw.lan pkg-static 81937 - [meta sequenceId="25"] py311-numexpr-2.11.0 deinstalled
<13>1 2025-10-24T08:36:32-04:00 fw.lan pkg-static 81937 - [meta sequenceId="26"] py311-pycparser-2.22 deinstalled
<13>1 2025-10-24T08:36:33-04:00 fw.lan pkg-static 81937 - [meta sequenceId="27"] py311-s3transfer-0.13.1 deinstalled
<13>1 2025-10-24T08:36:37-04:00 fw.lan pkg-static 81937 - [meta sequenceId="28"] py311-botocore-1.40.21 deinstalled
<13>1 2025-10-24T08:36:38-04:00 fw.lan pkg-static 81937 - [meta sequenceId="29"] py311-sqlite3-3.11.13_11 deinstalled
<13>1 2025-10-24T08:36:38-04:00 fw.lan pkg-static 81937 - [meta sequenceId="30"] py311-urllib3-1.26.20,1 deinstalled
<13>1 2025-10-24T08:36:38-04:00 fw.lan pkg-static 81937 - [meta sequenceId="31"] qemu-guest-agent-10.1.0 deinstalled
<13>1 2025-10-24T08:36:39-04:00 fw.lan pkg-static 81937 - [meta sequenceId="32"] rrdtool-1.9.0_1 deinstalled
<13>1 2025-10-24T08:36:39-04:00 fw.lan pkg-static 81937 - [meta sequenceId="33"] rubygem-rexml-3.4.2 deinstalled
<13>1 2025-10-24T08:36:41-04:00 fw.lan pkg-static 81937 - [meta sequenceId="34"] ruby33-gems-3.7.1 deinstalled
<13>1 2025-10-24T08:36:47-04:00 fw.lan pkg-static 81937 - [meta sequenceId="35"] ruby-3.3.9,1 deinstalled
<13>1 2025-10-24T08:36:50-04:00 fw.lan pkg-static 81937 - [meta sequenceId="36"] strongswan-6.0.1 deinstalled
<13>1 2025-10-24T08:36:51-04:00 fw.lan pkg-static 81937 - [meta sequenceId="37"] sudo-1.9.17p2 deinstalled
<13>1 2025-10-24T08:36:52-04:00 fw.lan pkg-static 81937 - [meta sequenceId="38"] suricata-7.0.12 deinstalled
<13>1 2025-10-24T08:36:58-04:00 fw.lan pkg-static 81937 - [meta sequenceId="39"] nss upgraded: 3.116 -> 3.117
<13>1 2025-10-24T08:36:58-04:00 fw.lan pkg-static 81937 - [meta sequenceId="40"] py311-pyyaml-6.0.1_1 deinstalled
<13>1 2025-10-24T08:36:59-04:00 fw.lan pkg-static 81937 - [meta sequenceId="41"] syslog-ng-4.8.2_4 deinstalled
<13>1 2025-10-24T08:37:00-04:00 fw.lan pkg-static 81937 - [meta sequenceId="42"] curl-8.15.0 deinstalled
<13>1 2025-10-24T08:37:00-04:00 fw.lan pkg-static 81937 - [meta sequenceId="43"] glib-2.84.1_3,2 deinstalled
<13>1 2025-10-24T08:37:13-04:00 fw.lan pkg-static 81937 - [meta sequenceId="44"] pcre2 upgraded: 10.45_1 -> 10.46
<13>1 2025-10-24T08:37:13-04:00 fw.lan pkg-static 81937 - [meta sequenceId="45"] tailscale-1.88.1 deinstalled
<13>1 2025-10-24T08:37:14-04:00 fw.lan pkg-static 81937 - [meta sequenceId="46"] ca_root_nss upgraded: 3.115_2 -> 3.115_3
<13>1 2025-10-24T08:37:15-04:00 fw.lan pkg-static 81937 - [meta sequenceId="47"] tailscale-1.88.3_2 installed
<13>1 2025-10-24T08:37:15-04:00 fw.lan pkg-static 81937 - [meta sequenceId="48"] unbound-1.24.0 deinstalled
<13>1 2025-10-24T08:37:16-04:00 fw.lan pkg-static 81937 - [meta sequenceId="49"] expat upgraded: 2.7.1 -> 2.7.3
<13>1 2025-10-24T08:37:17-04:00 fw.lan pkg-static 81937 - [meta sequenceId="50"] libnghttp2 upgraded: 1.67.0 -> 1.67.1
<13>1 2025-10-24T08:37:19-04:00 fw.lan pkg-static 81937 - [meta sequenceId="51"] python311-3.11.13_1 deinstalled
<13>1 2025-10-24T08:37:19-04:00 fw.lan pkg-static 81937 - [meta sequenceId="52"] wpa_supplicant-2.11_5 deinstalled


Tried again because I'm stubborn and I was hoping to pull the contents of /var/log after the update. Once the update fails I am no longer able to login via ssh or the console:

> sh: /usr/local/libexec/opnsense-auth: not found

The system had been online for a while prior to the update so I rebooted and attempted the update again. Same problem, logs ended at the same place. I can run the update again and provide any additional logs if you tell me which ones to pull.

I've also experienced this error updating today updating from 25.7.4.  Error log linked below.

https://pastebin.com/HvPkPHLj

In my case opnsense is running as a VM and I rolled back to a pre-update snapshot.  If you need me to attempt the update again and perform any diagnostics before rolling back let me know.

Edit: I tried again from a clean reboot and exact same issue.

Definitely familiar with that issue. Yesterday I did power cycle the CM and then OpnSense in hopes that was part of the issue and it didn't immediately fix anything.

The toggle mentioned in my previous post came after that.

To be clear, IPv4 has been working flawlessly this whole time.

Going to keep adding my troubleshooting in hopes someone sees this and can help me out.

I saw a post online suggesting to check "Request only an IPv6 prefix".  I did this. Surprisingly pings from my test system out started working. Wanted to see if this was a reproducible solution I unchecked the box and saved, ping briefly dropped and then came back again. Once more I checked it and same thing, pings dropped briefly and came back.

I'm at a complete loss.  Checking the box, in and of itself, doesn't seem to be the solution just the fact that I toggled it.  I'm not in a position to reboot but tomorrow I plan on rebooting to see if a) the pings continue to work and if not, if b) toggling that checkbox fixes it again.

So, I do think it's OpnSense but i can't figure out what I'm doing wrong.

When I reboot, or reload services, there's a window where pings from one of my inside machines to google will work and once the services are done reloading they stop working again.  That leads me to believe there's something in the pf I'm missing but I don't know what. My rules are pretty basic.

But then again that doesn't explain why I see the outbound packets on the WAN interface during my testing.

I could really use some help on how to troubleshoot this further.

Yes, there's a ::/0 route with the next-hop of the fe80 of the router's vlan interface.

Also, if I run a packet capture I can see the outbound traffic but no return.

IPv6, length 118: 2603:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:3f80 > 2607:f8b0:4009:81c::200e: ICMP6, echo request, seq 16, length 64

Thanks for replying. I'm learning as I go with IPv6 so if I'm missing something obvious please let me know.  I'm starting to think this is an ISP issue.

I've recently switched to OpnSense and am trying to utilize the IPv6 prefixes provided to me by my ISP (Spectrum) but I cannot get LAN traffic to consistently route outside of my network.  IPv4 is working fine.

My WAN interface is configured for DHCP & DHCPv6. DHCPv6 Config:

• Prefix Delegation: 60
• Send IPv6 Prefix Hint: Checked

Interfaces > Overview > WAN shows both an IPv6 address and an IPv6 prefix which is a /60 as requested. Both GUA.

On my VLAN I'm testing this with I have a Static IPv4 that works fine and I have IPv6 set to track the WAN interface. Currently manual configuration is unchecked. I have tried checking it and several variations of settings in RA but right now I'm just trying to make this work as "out of the box" before I go tweaking.

Checking the VLAN in Interfaces > Overview shows IPv6 addressing. A link-local address as well as a GUA that out of the Prefix assigned to this interface and it has the correct mask (/64).

On my test system, it has a link-local fe80 and 2 GUAs with the correct prefix. One is a /64 and one is a /128. I can ping both of these from the OpnSense router and I can ping the OpnSense router from the test system.

When I try to ping a public address (i.e. google.com) from the test system it times out.  Traceroutes stop after the 1st hop.

When I try to ping a public address from OpnSense it works.
When I try to ping a public address from OpnSense, and source from the vlan interfaces (ping 6 -I vlan0.xxx) it also works fine and indicates it's sourcing using the GUA of that interface.

I could use some help trying to figure out where to go next to troubleshoot this issue. I've been digging through forum and reddit posts for a couple days now and nothing has worked.

Edit:
I left out that I do have an IPv6 rule in the firewall to allow traffic out from that network.