Messages

> Please remember, I'm not trying to be unfriendly. I merely want to share our side of the picture, because I feel it gets lost in the excitement and disappointment over trying something new.

Understand, and get it.  No unfriendlies taken at any time.  I also want to clarify that I didn't say "I moved and NEED this one thing", I simply said I really miss it.  ;)  Hearing the Dev side of it I can see why time hasn't been burnt on it, so thanks for sharing that.  But I still miss it.  :)

Regards and best

Completely agree with "Anything that improves the readability and maintainability of firewall rules is not in fact 'non-functional' ".  It's the same reason the "automatically generated" rules are collapsed and out of view.  You just don't want to see those most of the time, but still need them.  I moved from pfsense in the last year, and love OPNsense, but honestly, I miss this ONE feature a lot.  It's just the pure organization visually, and ability to quickly find sections to make adjustments.

In the meantime I just create a disabled "fake rule" with a recognizable comment separator such as:

****************************** Rules for routing clients to VPN ********************************

and put those rules below it.  The only downside is that it's not collapsible.  I hope this can be available some day in the future, but completely understand that resources are limited.

Thanks for all the hard work on OPNsense.

Hi Franco,

I just saw this a few minutes ago which is a duplicate that I didn't initially find in my search. 

https://forum.opnsense.org/index.php?topic=41870.0

It is quite strange that with OPEN auth it seems to function fine.  But the second I enable WPA it fails and gets hung until I completely remove the wifi device and interface. It looks like it's well noted and hopefully these tips can help solving it at some point.

Take care.

What I have figured out is there is something really broken with WPA.  This has always worked beautifully until I got to 24.7.

What I have found so far:
1) Remove the wireless device all together, and remove the interface (setup over from scratch)
2) Reboot and then add it back in under INTERFACE > WIRELESS > DEVICES (listed as run0)
3) When I look under WIRELESS STATUS and it's working!  It can scan and see other access points!
4) Then I set the wireless device to ACCESS POINT and leave as authentication OPEN.  It works!  I can connect to the AP.
5) Now here is where it breaks!  When I enable WPA by clicking the box, the access point disappears and ceases to work going forward

6) Kernel panic!  If I try to go back to open authentication by unchecking WPA, it kernel craps and hard reboots the device.  It shouldn't kernel panic regardless, but something with WPA in 24.7 is really amiss. Picture attached.

I have submitted crash logs through the GUI.  Please let me know how I can troubleshoot this to help get a fix.

Thank you.

Hardware: Qotom-Q355G4

After updating to 24.7, Ralink wifi gets broken and I cannot get it working again.  I use the built in basic wifi just as an isolated IoT for a few basic risky devices, so it's important.  Also I don't even see the SSID being broadcast anymore, so it has me wondering if it's loading properly.  It's there an look correct in Interfaces > Wiresless > Devices.

In the wireless logs I can see that right after upgrade it changes to "WPA rekeying GTK" repeating instead of doing proper handshakes.

Code Select Expand


# cat /var/log/wireless/latest.log

<31>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="23"] run0_wlan1: STA 22:6a:10:ba:15:73 WPA: received EAPOL-Key frame (2/2 Group)
<30>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="24"] run0_wlan1: STA 22:6a:10:ba:15:73 WPA: group key handshake completed (RSN)
<31>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="25"] run0_wlan1: STA 4c:a1:61:04:d8:27 WPA: received EAPOL-Key frame (2/2 Group)
<30>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="26"] run0_wlan1: STA 4c:a1:61:04:d8:27 WPA: group key handshake completed (RSN)
<31>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="27"] run0_wlan1: STA 22:6a:10:ba:14:e4 WPA: received EAPOL-Key frame (2/2 Group)
<30>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="28"] run0_wlan1: STA 22:6a:10:ba:14:e4 WPA: group key handshake completed (RSN)
<31>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="29"] run0_wlan1: STA 22:6a:10:ba:15:67 WPA: received EAPOL-Key frame (2/2 Group)
<30>1 2024-07-31T16:43:15-05:00 home.arpa hostapd 7345 - [meta sequenceId="30"] run0_wlan1: STA 22:6a:10:ba:15:67 WPA: group key handshake completed (RSN)
<31>1 2024-07-31T16:43:16-05:00 home.arpa hostapd 7345 - [meta sequenceId="31"] run0_wlan1: STA 33:61:32:3a:52:1c WPA: EAPOL-Key timeout
<31>1 2024-07-31T16:43:16-05:00 home.arpa hostapd 7345 - [meta sequenceId="32"] run0_wlan1: STA 33:61:32:3a:52:1c WPA: sending 1/2 msg of Group Key Handshake
<31>1 2024-07-31T16:43:16-05:00 home.arpa hostapd 7345 - [meta sequenceId="33"] run0_wlan1: STA 33:61:32:3a:52:1c WPA: received EAPOL-Key frame (2/2 Group)
<30>1 2024-07-31T16:43:16-05:00 home.arpa hostapd 7345 - [meta sequenceId="34"] run0_wlan1: STA 33:61:32:3a:52:1c WPA: group key handshake completed (RSN)
<31>1 2024-07-31T16:50:10-05:00 home.arpa hostapd 48511 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-07-31T16:51:11-05:00 home.arpa hostapd 48511 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-07-31T16:52:11-05:00 home.arpa hostapd 48511 - [meta sequenceId="2"] run0_wlan1: WPA rekeying GTK
<31>1 2024-07-31T16:53:10-05:00 home.arpa hostapd 48511 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-07-31T16:55:34-05:00 home.arpa hostapd 46747 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK


# dmesg | grep run0

Code Select Expand


run0 on uhub1
run0: <Ralink 802.11 n WLAN, class 0/0, rev 2.00/1.01, addr 1> on usbus0
run0: MAC/BBP RT5390 (rev 0x0503), RF RT5370 (MIMO 1T1R), address 24:0a:64:a0:fc:34
run0: [HT] Enabling 802.11n
wlan0: changing name to 'run0_wlan1'
run0: firmware RT3071 ver. 0.33 loaded
run0: firmware RT3071 ver. 0.33 loaded
run0: firmware RT3071 ver. 0.33 loaded


Code Select Expand

#  sysctl -n net.wlan.devices
run0


Anyone know how to troubleshoot this issue with 24.7?

To disable in logs, go to logging, Facilities, and turn off user-level messages, or just disable configd.py all together.

Everything worked flawlessly today with the download and no issues with the update to 27.1.1.  Great work everyone!

Regards

After 3.5 hours it finally gave ".................. failed, signature invalid".

Can anyone suggest a way to manually do the upgrade?

Thanks.

At nearly 2 hours and I think it's stuck.  :-\

Can anyone provide any guidance to anything I can do in terminal to get it moving?

Thanks

I have been stuck on this screen for 60 minutes now and it's making me a bit nervous.  Should I expect this to finish?  The dots are still printing across the screen, but it seems too long.

Looks like fetch is still running:

Code Select Expand

root@opnsense:~ # ps ax | grep fetch
78483  -  S      0:00.28 /bin/sh /usr/local/sbin/opnsense-fetch -a -w 1 -T 30 -q -o /var/cache/opnsense-update/65511/packages-24.1-amd64.tar https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/sets/packages-24.1-amd64.tar
79651  -  Is     0:00.00 daemon: fetch[80174] (daemon)
80174  -  I      0:01.27 fetch -a -w 1 -T 30 -q -o /var/cache/opnsense-update/65511/packages-24.1-amd64.tar https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/sets/packages-24.1-amd64.tar


Package doesn't seem to be increasing in size:

Code Select Expand

root@opnsense:~ # ll /var/cache/opnsense-update/65511/
total 283981
-rw-r-----  1 root  wheel  290586624 Feb 14 20:48 packages-24.1-amd64.tar
-rw-r-----  1 root  wheel       1332 Jan 31 05:46 packages-24.1-amd64.tar.sig
root@opnsense:~ #


Anything else I should check?

Is this normal for configd.py?  2-4 lines a second in notice log level? 

Code Select Expand

<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="305"] configd.py[289][a533a05a-f3fc-412e-bec6-383e3dfbba22] list gateway status
<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="306"] configd.py[289][8bf9474b-7bb2-4790-aad7-efe5063c6abd] Fetching service list ( )
<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="307"] configd.py[289][efe2bc56-0035-4855-a825-90c52c6843c3] request traffic stats
<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="308"] configd.py[289][b1ede4c3-609f-46e8-a4dd-c3814367785d] Retrieve firmware product info
<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="309"] configd.py[289][705e0eeb-2bbc-4097-b66f-f4a84102e3ee] get ddclient statistics
<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="310"] configd.py[289][d7a2e6bb-7076-472e-a423-daca59d3c277] IPsec list legacy VirtualTunnelInterfaces
<13>1 2024-02-08T04:53:19-06:00 opnsense.local configd.py 289 - [meta sequenceId="311"] configd.py[289][48cfee3e-4a94-4b72-9df9-a714c1ec98fd] Reading system temperature values
<13>1 2024-02-08T04:53:20-06:00 opnsense.local configd.py 289 - [meta sequenceId="312"] configd.py[289][3b5b2c0c-5fb2-44b3-a4cd-ab1a2d1e6861] requesting UPS Status
<13>1 2024-02-08T04:53:21-06:00 opnsense.local configd.py 289 - [meta sequenceId="313"] configd.py[289][e6b53181-5cdd-4961-9689-b68b13863c8a] Show log
<13>1 2024-02-08T04:53:21-06:00 opnsense.local configd.py 289 - [meta sequenceId="314"] configd.py[289][60c9c711-41d6-4432-8975-b4c2f417ba4b] request filter log output
<13>1 2024-02-08T04:53:22-06:00 opnsense.local configd.py 289 - [meta sequenceId="315"] configd.py[289][65e23f6f-084e-422e-9fa8-47b37e5596b5] List syslog applications
<13>1 2024-02-08T04:53:24-06:00 opnsense.local configd.py 289 - [meta sequenceId="316"] configd.py[289][d5408b19-3842-43d8-9283-e63adb229d4f] request filter log output
<13>1 2024-02-08T04:53:24-06:00 opnsense.local configd.py 289 - [meta sequenceId="317"] configd.py[289][9d378707-2af7-4455-bc43-4e71afbdf1a4] list gateway status
<13>1 2024-02-08T04:53:24-06:00 opnsense.local configd.py 289 - [meta sequenceId="318"] configd.py[289][394c07a9-7b77-4731-9483-e4ca30f23086] Fetching service list ( )
<13>1 2024-02-08T04:53:24-06:00 opnsense.local configd.py 289 - [meta sequenceId="319"] configd.py[289][c4e492cb-cf58-4c2d-8746-c8597ba7f25a] request traffic stats
<13>1 2024-02-08T04:53:24-06:00 opnsense.local configd.py 289 - [meta sequenceId="320"] configd.py[289][ce30e423-4526-4c99-b0dd-c95ef24d252b] get ddclient statistics
<13>1 2024-02-08T04:53:24-06:00 opnsense.local configd.py 289 - [meta sequenceId="321"] configd.py[289][05a9b244-471e-47b7-a7d2-a783c4729de4] IPsec list legacy VirtualTunnelInterfaces
<13>1 2024-02-08T04:53:25-06:00 opnsense.local configd.py 289 - [meta sequenceId="322"] configd.py[289][4c820400-1bea-4888-b815-3c35875314c3] show WireGuard statistics [dump]
<13>1 2024-02-08T04:53:25-06:00 opnsense.local configd.py 289 - [meta sequenceId="323"] configd.py[289][479943d9-a017-4dbb-8bc0-5ac095a53366] requesting UPS Status
<13>1 2024-02-08T04:53:25-06:00 opnsense.local configd.py 289 - [meta sequenceId="324"] configd.py[289][39192f09-4d6c-482f-bb9f-165a20b8e211] Retrieve firmware product info
<13>1 2024-02-08T04:53:26-06:00 opnsense.local configd.py 289 - [meta sequenceId="325"] configd.py[289][4c315306-4f07-455f-bfe4-02e8d9dcec68] Reading system temperature values
<13>1 2024-02-08T04:53:26-06:00 opnsense.local configd.py 289 - [meta sequenceId="326"] configd.py[289][5b3812a4-3822-499f-97bb-4b67c608e74f] request filter log output
<13>1 2024-02-08T04:53:29-06:00 opnsense.local configd.py 289 - [meta sequenceId="327"] configd.py[289][379de33b-be32-4a15-8dea-7bf1eb5db211] list gateway status
<13>1 2024-02-08T04:53:29-06:00 opnsense.local configd.py 289 - [meta sequenceId="328"] configd.py[289][5decd215-2ece-4281-8554-e4b2142ba1c8] request filter log output
<13>1 2024-02-08T04:53:29-06:00 opnsense.local configd.py 289 - [meta sequenceId="329"] configd.py[289][47c92b6d-4743-409e-921e-80421123ba35] request traffic stats
<13>1 2024-02-08T04:53:29-06:00 opnsense.local configd.py 289 - [meta sequenceId="330"] configd.py[289][0ecfb92e-315d-4795-a255-5a9ba36f8b00] Fetching service list ( )
<13>1 2024-02-08T04:53:29-06:00 opnsense.local configd.py 289 - [meta sequenceId="331"] configd.py[289][5bc38922-b135-41e2-abae-71a55628c247] get ddclient statistics
<13>1 2024-02-08T04:53:30-06:00 opnsense.local configd.py 289 - [meta sequenceId="332"] configd.py[289][65523d0f-dc90-4b88-9827-fe5986f28063] IPsec list legacy VirtualTunnelInterfaces
<13>1 2024-02-08T04:53:31-06:00 opnsense.local configd.py 289 - [meta sequenceId="333"] configd.py[289][d28181c3-a1a2-42ff-9403-f6c5203afbfb] Show log
<13>1 2024-02-08T04:53:31-06:00 opnsense.local configd.py 289 - [meta sequenceId="334"] configd.py[289][bca13508-b44a-4bdc-a081-a1ad9492f4f0] request filter log output
<13>1 2024-02-08T04:53:31-06:00 opnsense.local configd.py 289 - [meta sequenceId="335"] configd.py[289][f5230dff-151e-4df4-abf4-d5977f60b244] requesting UPS Status
<13>1 2024-02-08T04:53:31-06:00 opnsense.local configd.py 289 - [meta sequenceId="336"] configd.py[289][fc0dae87-bc9e-4923-ad3a-1c33e14d46b2] Retrieve firmware product info
<13>1 2024-02-08T04:53:32-06:00 opnsense.local configd.py 289 - [meta sequenceId="337"] configd.py[289][737355c6-61cd-4e0d-b508-ed7167406f76] Reading system temperature values
<13>1 2024-02-08T04:53:34-06:00 opnsense.local configd.py 289 - [meta sequenceId="338"] configd.py[289][3bc1dbb6-079d-459a-8648-5fd6b80fbca1] list gateway status
<13>1 2024-02-08T04:53:34-06:00 opnsense.local configd.py 289 - [meta sequenceId="339"] configd.py[289][4ee2ee83-cb6d-430c-8d3d-fc37384447dd] request filter log output
<13>1 2024-02-08T04:53:34-06:00 opnsense.local configd.py 289 - [meta sequenceId="340"] configd.py[289][f5a35474-55de-4b3d-a5e2-28e0e4474dd4] Fetching service list ( )
<13>1 2024-02-08T04:53:34-06:00 opnsense.local configd.py 289 - [meta sequenceId="341"] configd.py[289][650fc922-0f29-4fc5-bacc-154494799bab] request traffic stats
<13>1 2024-02-08T04:53:35-06:00 opnsense.local configd.py 289 - [meta sequenceId="342"] configd.py[289][c36b42a6-4a1c-4b3f-bed2-0a0866a0aab7] get ddclient statistics
<13>1 2024-02-08T04:53:35-06:00 opnsense.local configd.py 289 - [meta sequenceId="343"] configd.py[289][f5656f5a-f72a-45ce-b372-b5c6340eed16] IPsec list legacy VirtualTunnelInterfaces
<13>1 2024-02-08T04:53:36-06:00 opnsense.local configd.py 289 - [meta sequenceId="344"] configd.py[289][6166d3ca-4bc5-4b83-af33-7aa5900ad711] show WireGuard statistics [dump]
<13>1 2024-02-08T04:53:36-06:00 opnsense.local configd.py 289 - [meta sequenceId="345"] configd.py[289][ab452bd5-c00a-4b3c-b2a4-bf634579f083] request filter log output
<13>1 2024-02-08T04:53:37-06:00 opnsense.local configd.py 289 - [meta sequenceId="346"] configd.py[289][aba69f3f-749b-4fbd-bf5c-a95bef8c8cb0] requesting UPS Status

Assuming you backed up your config before upgrade, right?  Just install the previous version and upload your config.

It looks like "outgoing network interfaces" was removed completely.  I just moved over from pfsense and really surprised this is missing now.  Did you find another way to do this?  It's pretty critical.

Would love to know this as well.  I was playing with the widget to see how it works, but now I see it's making my backups larger and I cannot figure out how to delete it!