Messages

-issue similar to my case:
https://forum.opnsense.org/index.php?topic=45548.0

- problem exists with android but not with windows client

- although patched with the same fix and reboot

- issue solved

- update then to 25.1.1: although all fine

strange that you have no success with the fix

Thank you very much for all views.

You should keep in mind that central, comprehensible quality management, knowing what doesn't work and how to fix it using a workaround, is an important level for software quality. The software user immediately collects all information in one place.

This has nothing to do with whether you use the first final release version in production. Even in stage testing, you want to see at a glance what's not working and how or whether you can fix it.
And by the way, the update to 24.10.12_4 shows in the webinterface the message that the 24.10 branch is being replaced by 25.1 and 24.10 could be outdated soon. This means that you should look into whether you can switch to 25.1.

My post was intended to be a suggestion as  how the release notes could be improved. If you look at the major world market leaders, you will see that bug tracking is written transparently in the release notes (known issues).
 
I need more coffee if I don't know very well what's wrong and how to fix it :-).

Every supposed report gets a running number in the bug tracking (like in github) and the links to fixes or discussions are noted.
This would be much easier than searching through the entries in the forum manually or search in github.
But in github there are totally 243 entries. There are posts with no comment except the thread owner, there are feature requests, configuration issues ans so on.
And there is a form of redundancy concerning issues in github and discussion here in our forum. So the idea is to better list at one place the known issues per release.
It is not my intend to make unneccessary work. I thinks this might be a better transparency concerning software issues and their handling.

I would like to promote it again.
Thanks all for your input and discussion about.

Dear community,

is it possible to summarize the known issues and their workarounds dynamically in the release notes as a separate section ?
Yes there is a bug tracking in github.
But it is not really comfortable to give an easy full view.

This might be
- a better transparency for the user
- a good tracking overview.

F.ex.:

- issue 54321: "mtu change" / workaround 12345 / link to the thread

What are your opinions to this ?

My issue is gone by patching 83975b5.
The opnsense team should build a 25.1_1 release with this patch for avoiding others have the issue after the upgrade to 25.1.

https://github.com/opnsense/src/issues/235

# opnsense-patch 83975b5
# /usr/local/etc/rc.filter_configure

happy now, thanks all for their help finding the right workaround

My issue is gone by patching 83975b5.
The opnsense team should build a 25.1_1 release with this patch for avoiding others have the issue after the upgrade to 25.1.

https://github.com/opnsense/src/issues/235

# opnsense-patch 83975b5
# /usr/local/etc/rc.filter_configure

Update:
i can confirm too
- the issue is with Linux/Android
- but there is no issue with Windows 10 client

Thx so much for your interesting information.
I hope the community could help us debugging the issue for finding the solution.

Start from 24.7.12_4.
Before all updates without any issues.
Then upgrade to 25.1 final release by webinterface.
After the upgrade to 25.1 I have strange internet browsing issues.
Traceroute and dns resolution work from client.
If I want open a website the site could not be loaded - it ends with message timeout in browser.
If the website is already open in the browser with an other gateway (f.e. by mobile internet router or by bypassing opnsense) i can then open the links in the same website with browser and opnsense as gateway.

No issues before upgrade to 25.1.

I attached the full upgrade.log.
Anyone with an idea how to find the root cause for this false behaviour ?
Thanks for debugging help.

Upgrade from 24.7.12_4 to 25.1:

- how to fix the missing dependency?
Thx for all help.

_______


Message from opnsense-25.1:

--
What are you looking at?
Checking all packages: .......... done
php82-pecl-mongodb has a missing dependency: php82

>>> Missing package dependencies were detected.
>>> Found 1 issue(s) in the package database.

pkg-static: Repository SunnyValley has a wrong packagesite, need to re-create database
pkg-static: Repository SunnyValley cannot be opened. 'pkg update' required
pkg-static: No packages available to install matching 'php82' have been found in the repositories
>>> Summary of actions performed:

php82 dependency failed to be fixed

>>> There are still missing dependencies.
>>> Try fixing them manually.

>>> Also make sure to check 'pkg updating' for known issues.
pkg-static: Repository SunnyValley has a wrong packagesite, need to re-create database
pkg-static: Repository SunnyValley cannot be opened. 'pkg update' required

In my opinion the old forum style was better to read.

The font you have chosen is a bit too thick. To ensure good readability, it would be good to choose a font that is thinner.

vote +1
for fixing the demand in freeBSD getting pppoe with ips functionality
Thanks for all efforts.

- clean install of 24.7
- update to 24.7.6
- install the whole plugins like suricata
- enable rules
- save
- download and install
- activate service as ips
- perhaps i press hours later the "download and install" button again

result:
- dozens of duplicate entries
- instable ips service

=> how can i fix this ?
=> how is the misbehaviour fixes in future releases ?

Thanks for your help and your hard work @ opnsense

How to fix this duplicated entries ?

2024-10-21T19:49:31   Error   suricata   [100756] <Error> -- error parsing signature "alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"GPL CHAT ICQ access"; flow:to_server,established; http.header; content:"User-Agent|3A|ICQ"; classtype:policy-violation; sid:2100541; rev:14; metadata:created_at 2010_09_23, updated_at 2020_04_20;)" from file /usr/local/etc/suricata/opnsense.rules/et_open.emerging-chat.rules at line 190   

2024-10-21T19:49:31   Error   suricata   [100756] <Error> -- Duplicate signature "alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"GPL CHAT ICQ access"; flow:to_server,established; http.header; content:"User-Agent|3A|ICQ"; classtype:policy-violation; sid:2100541; rev:14; metadata:created_at 2010_09_23, updated_at 2020_04_20;)"

I have the same problem.
Opnsense 24.7.6 as fresh install 24.7 and Update to 24.7.6.
Then install ips.
I can see the duplicated entries in webinterface.

I post it to the ips section here:
https://forum.opnsense.org/index.php?topic=43524.0

Problem might be duplicate signature entries:
The question is how to fix it ?


   [100878] <Error> -- Duplicate signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Havoc/Sliver Framework TLS Certificate Observed"; flow:established,to_client; tls.certs; content:"|31 0b 30 09 06 03 55 04 06 13 02|US|31 11 30 0f 06 03 55 04 08 13 08|Illinois|31 13 30 11 06 03 55 04 07 13 0a|Naperville|31 09 30 07 06 03 55 04 09 13 00 31 0d 30 0b 06 03 55 04 11 13 04|"; fast_pattern; pcre:"/^\d{4}[01]/R"; content:"|06 03 55 04 0a 13|"; distance:3; within:6; content:"Test"; nocase; distance:1; within:4; pcre:"/^(?:\s(?:co(?:rp)?|l(?:lc|td)|inc))?[01]/Ri"; content:"|06 03 55 04 03|"; distance:3; within:5; content:!"|2a 86 48 86 f7 0d 01 09 01|"; reference:url,github.com/BishopFox/sliver/blob/97d3da75b6e24defb3a2a97443a15a632b3a8448/server/certs/subject.go; classtype:trojan-activity; sid:2037378; rev:2; metadata:affected_product Any, attack_target Client_and_Server, created_at 2022_07_07, deployment Perimeter, malware_family Sliver, malware_family Havoc, performance_impact Low, signature_severity Major, updated_at 2024_01_03;)"