Messages

Hi Franco,

i purged 2 lists, now System: Firmware: Updates is showing 73 pending updates...

I think ist working again.

Thank you very much!

Kind regards;
 SchengFui

no, still not working:

Log from just now:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.4.1 (amd64) at Mon Aug 18 14:09:42 CEST 2025
Strict TLS 1.3 and CRL checking is enabled.
Fetching subscription information, please wait... Certificate verification failed for /CN=opnsense-update.deciso.com (12)
00206177F6400000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/subscription: Authentication error
Fetching changelog information, please wait... Certificate verification failed for /CN=opnsense-update.deciso.com (12)
00206187D3370000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002081C0571A0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Hi there,

OPNSense search for Updates fails with Certificate verification failed.

Last successfull Update was on Tue Aug 5 21:15:40 CEST 2025 (25.4.1)

Date and Time is correct, IPV6 is disabled.

Audit Conenctivity Log:
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 25.4.1 (amd64) at Mon Aug 18 08:48:05 CEST 2025
Strict TLS 1.3 and CRL checking is enabled.
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=58 time=13.925 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=58 time=13.682 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=58 time=13.605 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=58 time=13.734 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.605/13.737/13.925/0.118 ms
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /CN=opnsense-update.deciso.com (12)
002061CDEB140000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/25.4/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS ECC CA G1
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
***DONE***

Any Ideas?

Thank you in advance for any help!

Kind regards,
 SchengFui

maybe i should download an the delete the backups and see what happens with newly created Backups...

thx,
SchengFui

Hi there,

when comparing Backups, Date and Time is wrong (in the future):
You cannot view this attachment.

Date and time config seems correct:
You cannot view this attachment.

System was recently switched from 25.1 Community Edition to 25.4 Business Edition.

Any Ideas how to fix this?

Thank you in advance,
SchengFui

Problem gelöst, der Fehler lag in den Client Specific Overrides

[VPN: OpenVPN: Client Specific Overrides]

Hi again,

finally i got my OpenVPN instances working, Problem was related to Client Specific Overrides.

You may want to double-check your Overwrite(s) under VPN: OpenVPN: Client Specific Overrides

Hi,

exact same Problem here for OpenVPN...

OPNsense 25.1.7_4, OpenVPN configured as Instance, Tunnel is up but no traffic goes through.

When Tunnel is set up as Client/Server (Legacy) everything works.

On the other hand i have a working connection (not legacy) with IPSEC and an Netgate Firewall with Software 2.7x (not under my control, managed by someone else), so maybe your Problem is related to your Mikrotik Router...

because in my curront configuration the tunnel does not route traffic and for testing purposes i want to bind to a specific interface to sort things out

Hi,

in Legacy OpenVPN-Configuration it was possible to bind to an Interface (WAN i.e.). In Instances this is no longer possible, GUI accepts only IP-Adress-Values.

WAN-Interface is configured via DHCP, ip changes frequently and this breaks binding to the IP-Address.

How can i bind an OpenVPN-Instance to a specific Interface instead of an IP-Address?

OPNsense 25.1.7_4

Thank you,
 Heiko

[Servers [legacy]]

Hallo zusammen,

ich benutze einen OpenVPN-Tunnel über zwei OPNSense, beide auf Stand 25.1.7_4

Tunnel via Servers [legacy] und Clients [legacy] einwandfrei, Daten fliessen, alles gut.

Nach Umstellung auf Instances kein Datenfluss mehr.

Connection Status zeigt auf Clientseite: connected und auf Serverseite: ok, Verbindung steht also.

Es fliessen auch wenige KB hin und her, allerdings kein Datenfluss zwischen beiden zu tunnelnden Netzen, Ping auch nicht möglich.

Da die Legacy-Konfiguration funktioniert, kann ich hier die Firewall wohl als Ursache ausschliessen.

Einziger Unterschied der mir aufgefallen ist, ist unter System: Routes: Status zu sehen. Bei der Legacy-Konfiguration steht bei Destination jeweils die 1. und 2. IP aus dem Transitnetz (10.0.203.1 bei Client, 10.0.203.2 bei Server) , bei der Instance jedoch beiden OPNsense das Transitnetz an sich (10.0.203.0/24). Ich habe dazu 4 Screenshots angehängt.

Aus meiner Sicht ist dies das Problem. Ist hier ein Bug? Übersehe ich eine Option? Oder ist das am Ende korrekt und ich muss woanders suchen?

Vielen Dank im Voraus für eure Unterstützung.

VG, SchengFui