Messages

The bug appears to have been added 7 years ago. May have explained a few unclear cases in the past. I think what 25.7.3 has done is invalidate the cached alias and caused the bug to happen. Personally, I'm very glad it was reported and fixed.

It obviously goes without saying that host aliases with no way to resolve them are a problematic combination that can come back at any time and cause indeterministic results (at least from the top).


Thanks,
Franco

👍

thank you for yor time and work!

Nobody?


Cheers,
Franco

tried, but i cannot recreate the error (also reverting the configuration of the aliases before the last change).

Moreover, without adding 127.0.0.1 as a nameserver, I had dns resolution from the cli, but not from the gui

do you have in one of your alias the "content" populated with nameserver in letter ? example (site.com)
if yes which "type" of alias is ? (url or host/s)
if it is url try to change to host/s

Franco I applied the hot fix and rebooted and still have empty alias tables.

same problem

I think I found part of the problem. I had an alias with URLs in it that were failing to resolve because they didn't have https in front of them. This previously didn't cause an issue on older versions. But disalbing that alias allowed other aliases to populate. So there's an issue if an alias can't populate that it stops updating ones further down the list.

Example error message.

error fetching alias url us.archive.ubuntu.com (Invalid URL 'us.archive.ubuntu.com': No scheme supplied. Perhaps you meant https://us.archive.ubuntu.com?)

you're right, i resolved modifing the type from "url" to "Host/s" in the alias that in Content has "archive.ubuntu.com"

now the command /usr/local/opnsense/scripts/filter/update_tables.py --> {"status": "ok"}
aliases are populated now

Franco I applied the hot fix and rebooted and still have empty alias tables.

same problem

update from 25.7 to 25.7.1, went well, no errors, with intel microcode plugin installed.

Upgrade went well,
 however i've some problem of packet loss on the gateway of wireguard vpn.
 Unistalled microcode plugin, no more "loss" on wireguard vpn gateway.

i investigated the anomaly of the lost packages, it was due to vpn server side causes and not the opnsense router.

[*** OPNsense\Kea\KeaDhcpv4 migration failed from 1.0.3 to 1.0.4, check log for details]

As I am stubborn, I re-upgraded my system to version 25.7 (uninstalling the microcode-intel plugin first).
By reinstalling the microcode-intel plugin at the end of the update (successfully passed), I find the following output in the GUI:

Code Select Expand

The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    cpu-microcode-intel: 20250512 [OPNsense]
    cpu-microcode-rc: 1.0_2 [OPNsense]
    libpci: 3.14.0 [OPNsense]
    os-cpu-microcode-intel: 1.1 [OPNsense]
    pciids: 20250621 [OPNsense]
    x86info: 1.31.s03_1 [OPNsense]

Number of packages to be installed: 6

The process will require 29 MiB more space.
21 MiB to be downloaded.
[1/6] Fetching x86info-1.31.s03_1.pkg: ......... done
[2/6] Fetching pciids-20250621.pkg: .......... done
[3/6] Fetching cpu-microcode-rc-1.0_2.pkg: . done
[4/6] Fetching libpci-3.14.0.pkg: ......... done
[5/6] Fetching cpu-microcode-intel-20250512.pkg: .......... done
[6/6] Fetching os-cpu-microcode-intel-1.1.pkg: . done
Checking integrity... done (0 conflicting)
[1/6] Installing pciids-20250621...
[1/6] Extracting pciids-20250621: ..... done
[2/6] Installing cpu-microcode-rc-1.0_2...
[2/6] Extracting cpu-microcode-rc-1.0_2: .... done
[3/6] Installing libpci-3.14.0...
[3/6] Extracting libpci-3.14.0: .......... done
[4/6] Installing x86info-1.31.s03_1...
[4/6] Extracting x86info-1.31.s03_1: ....... done
[5/6] Installing cpu-microcode-intel-20250512...
[5/6] Extracting cpu-microcode-intel-20250512: .......... done
[6/6] Installing os-cpu-microcode-intel-1.1...
[6/6] Extracting os-cpu-microcode-intel-1.1: .. done
Reloading firmware configuration
*** OPNsense\Kea\KeaDhcpv4 migration failed from 1.0.3 to 1.0.4, check log for details
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from cpu-microcode-rc-1.0_2:

--
This port includes an RC script, which is one of two methods to update
the CPU microcode on a FreeBSD system.
What does that mean?
*** OPNsense\Kea\KeaDhcpv4 migration failed from 1.0.3 to 1.0.4, check log for details

Why does it show up right after this line:
Reloading firmware configuration

which is the last line of text i can see on video before it crashes, when i try to upgrade from 25.1.12 to 25.7 with microcode plugin installed.

is there a correlation between the two situations or is it just random?




addendum:
i used kea in the past. In KEA DHCPv4 - Reservation was populated with reservation for the router ip. Deleted this line, the installation of the plugin didn't encour the error

Code Select Expand

......
[4/6] Extracting x86info-1.31.s03_1: ....... done
[5/6] Installing cpu-microcode-intel-20250512...
[5/6] Extracting cpu-microcode-intel-20250512: .......... done
[6/6] Installing os-cpu-microcode-intel-1.1...
[6/6] Extracting os-cpu-microcode-intel-1.1: .. done
Reloading firmware configuration
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from cpu-microcode-rc-1.0_2:

i tried to delete this line in the backup router and then perform the upgrade from 21.1.12 to 25.7, but it hungs always at Reloading firmware configuration

[not]

Here are the details:

Code Select Expand

Reloading firmware configuration
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from cpu-microcode-rc-1.0_2:

--
This port includes an RC script, which is one of two methods to update
the CPU microcode on a FreeBSD system.

1. Early loading.
   This method does not use the RC script included here.
   This is the preferred method, because it ensures that any CPU features
   added or removed by a microcode update are visible to the kernel by
   applying the update before the kernel performs CPU feature detection.

   To enable updates using early loading, add the following lines to
   /boot/loader.conf:

   cpu_microcode_load="YES"

   and the appropriate one of these lines:

   cpu_microcode_name="/boot/firmware/intel-ucode.bin"
   cpu_microcode_name="/boot/firmware/amd-ucode.bin"

   The microcode update will be loaded when the system is rebooted.

   AMD systems running FreeBSD prior to 2024-02-22 snapshot
   34467bd76 only support late loading.


2. Late loading.
   This method, which does use the RC script included here, is enabled by
   adding the following line to /etc/rc.conf:

   microcode_update_enable="YES"

   The microcode update is then applied upon reboot or when the microcode
   update service is run via:

   # service microcode_update start

   If the CPU requires a microcode update, a console message such as the
   following will appear:

   Updating CPU Microcode...
   /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl0 from rev 0x17 to rev 0x22... done.
   /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl2 from rev 0x17 to rev 0x22... done.
   /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl4 from rev 0x17 to rev 0x22... done.
   /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl6 from rev 0x17 to rev 0x22... done.
   Done.

It is safe to enable both methods.
=====
Message from x86info-1.31.s03_1:

--
===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

Abandoned upstream, fails to identify anything remotely new according to upstream issue reports.

It is scheduled to be removed on or after 2025-06-30.
=====
Message from cpu-microcode-amd-20241121:

--
Refer to the cpu-microcode-rc installation notes to enable AMD microcode
updates.
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

And as you can see, the notice pertains only to the x86info package, which installs alongside the microcode update in order to be able to actually query which microcode is loaded, not to the microcode package itself.

thanks for the clarification, i misread the output

i tried update the backup router, topton with intel j6413, also with microcode plugin installed, also with ami bios (but different version/type from qotom one on my primary router); upgrade stuck with the same error.
I also tried to contact vendor to upgrade bios, qotom answered, i've upgraded to last firmware, but upgrade still stuck with same error.

i'm consider to remove the plugin and then upgrade to 25.7.

Is there a downside to run opnsense without microcode plugin installed (are there security risk?).
If the plugin wil be deprecated, why bothering about it?
Thanks

Thanks @nbca2

This info certainly helps a lot. Thus I'll uninstall the microcode plugin before the upgrade and won't install it afterwards.

P.S.: I don't know how to mention a user in this forum.

remember i'm not a tech guy, but a tech enthusiast
i don't understand if microcode is necessary for system security.
I have the concept of the microcode update and why I installed it.
However, I don't know why it conflicts with this version of opnsense and I don't know what it means by uninstalling the plugin (in addition to not have the CPU microcode updated).

My experience:
Qotom Q355G4 ugrade to 25.7 with microcode installed, upgrade hung on reload firwmare.
Reinstalled 25.1, reload backup and other settings/plugins/etc, updated to last version, unistalled microcode plugin, reboot, upgrade to 25.7, reinstalled microcode, reboot.

Upgrade went well,
however i've some problem of packet loss on the gateway of wireguard vpn.
Unistalled microcode plugin, no more "loss" on wireguard vpn gateway.
(post scriptum:
i investigated the anomaly of the lost packages, it was due to vpn server side causes and not the opnsense router)

We all make mistakes.

Glad you got it resolved.

...me then many :)

We all make mistakes.

In a future update you will be able to set the domain to the interface of a range as well, e.g. thats needed for partial IPv6 dns registration.

https://github.com/opnsense/core/pull/8814

very cool feature

anyway thanks for the help!

reading your answer I realized that the assigned IP was not in the dhcp range (since in other configurations I kept it outside the dhcp range) while in the opnsnese guide/manual it says "The reservation can also be outside the dynamic range, but it is not recommended for simple setups as the dynamic dns registration with dhcp-fqdn will not work correctly."

Modified accordingly (dhcp range include ip in host reservation) , everything works perfectly.
My mistake of superficiality.
Thanks for the support and attention!

already done, and it's not working as i intended.



I think that putting it in the range is still valid for leases that are assigned via dhcp and not via host reservation (what i'm triyng to achieve).