Messages

During my upgrade to 24.7.6, everything looks smooth though a log entry like following flash in the log:

Code Select Expand

Failed to install ruby31-gems: failed to move /tmp/<a-random-path> to /usr/local/bin/gem: No such file

I did not remember the exact error log and could not find the update log on the disk. /var/log/pkg/latest.log does not give anything fruitful.

After that, the box boots back and I did a firmware health check and it reports back files from ruby31-gems is missing. I did a reinstall of the package and the health check again. This time the missing files log goes away.

Apart from those things, nothing affects the function of the FW happens. Do anyone knows why this happens and if my fix is correct?

The machine has far enough space on its 128GB disk (98% empty despite 3 snapshots from .3 are kept). My /tmp is mounted as

Code Select Expand

zroot/var/tmp on /var/tmp (zfs, local, noatime, nosuid, nfsv4acls)

A major change in macOS Sequoia is that it by default will limit application's access to local network (basically the hosts on the same subnet) for privacy reason [1].

Personally I experienced a similar problem after upgrading doing SSH and the error message is hard to understand. If this is the case, the errno will be -65 (EHOSTUNREACH) but SSH seems to not expose this error code well (the detail is from my node.js application).

You can try grant your terminal emulator Local Network access in your Settings and try again.

[1] https://support.apple.com/en-us/102229
(linked for iOS counterpart that rolled out few years ago since no obvious documentation is up on Apple's website for macOS. The principle is the same.)

Thanks Franco!

On my side I tried to assign pfsyncinterface to an existing not-in-use Interface on UI and do a save without enabling HA. It seems to work since I can see the entry being written to config.xml (the previous version tracked by git has no such entry). I think this would be a workaround.

It seems to be related to the Migration at:
* https://github.com/opnsense/core/blob/9f4331424699cce931418d7cb97e4e60f9afc51d/src/opnsense/mvc/app/models/OPNsense/Core/Migrations/MHA1_0_0.php#L36
* https://github.com/opnsense/core/blob/9f4331424699cce931418d7cb97e4e60f9afc51d/src/opnsense/mvc/app/models/OPNsense/Core/Hasync.xml#L21

The default value here is lan but there is no lan interface exists in my setup because I deleted it when setting up VLANs over a LAGG interface.

I suspect this is the issue and a force re-saving via UI (/ui/core/hasync) will solve this?

I was updating from 24.7.2 to 24.7.3 and subsequent to 3_1. Both upgrade process seems to be smooth but the upgrade log shows the following message:

*** OPNsense\Core\Hasync Migration failed, check log for details

I checked the log. The log has the following relevant entries:

2024-08-29T19:52:39   Error   config   #2 {main} )   
2024-08-29T19:52:39   Error   config   #1 /usr/local/opnsense/mvc/script/run_migrations.php(54): OPNsense\Base\BaseModel->runMigrations()   
2024-08-29T19:52:39   Error   config   #0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(791): OPNsense\Base\BaseModel->serializeToConfig()   
2024-08-29T19:52:39   Error   config   Stack trace:   
2024-08-29T19:52:39   Error   config   in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:666   
2024-08-29T19:52:39   Error   config   Model OPNsense\Core\Hasync can't be saved, skip ( OPNsense\Base\ValidationException: [OPNsense\Core\Hasync:pfsyncinterface] Option not in list.{lan}   
2024-08-29T19:52:39   Error   config   [OPNsense\Core\Hasync:pfsyncinterface] Option not in list.{lan}

I am not using pfsync or any HA setup but the error seems to be relating to HA?

The machine is a bare metal ThinkCentre M720q with an Intel I350 NIC

Same issue here after a two hops upgrade 24.1.10 -> 24.7 -> 24.7.1.

mtr is not working on Ubuntu Linux and macOS clients. The macOS traceroute is working though.

Can see the ICMP Echo Reply being blocked on WAN in firewall log for state violation. Opening all incoming ICMP on WAN does not help.

My first bet is also that it is related to the ICMPv6 security fix.