Messages

Hey and welcome,

Haven't had any complaints on 6RD for a while now so this is a bit unexpected.

Not sure why LAN would have a default route. Easiest first check is System: Gateways: Configuration and see the auto-generated gateway for 6RD which needs to be marked as "Upstream Gateway".

Does a LAN gateway exist there?


Cheers,
Franco

https://docs.opnsense.org/manual/how-tos/multiwan.html#failover-and-failback-states

Hey,

We are getting close to 25.7.  In fact, the release date is July 23.
As such minimal changes are going into this stable release for the
usual reasons.

Expecting a quick release candidate in two weeks while we piece together
the individual changes that will make the next release series a distinct
step forward: privilege separation capability, latest and greatest FreeBSD
related updates, easier than ever MVC programming experience, a new UI
grid framework named Tabulator etc.

Here are the full patch notes:

o system: reduce future maintenance load in privilege separation efforts
o interfaces: remove unused "friendly" value from get_interface_list()
o interfaces: fix escaping in refactored bridge code
o interfaces: fix bridge SPAN support
o interfaces: add update mode to ifctl
o firewall: fix issue with event binding in rule automation page
o dnsmasq: implement domain type to select between adding domain to range or interface
o dnsmasq: dhcp-host are allowed to have duplicate partial IPv6 addresses
o unbound: improve the chroot mounting code to avoid excessive (un)mount calls
o lang: update language translations to their latest state
o mvc: eventually phase out getCurrentValue() in favour of getValue()
o plugins: os-caddy 2.0.2
o ports: libxml2 fixes for recent CVEs
o ports: nss 3.113
o ports: phpseclib 3.0.46
o ports: py-duckdb 1.3.1
o ports: sudo 1.9.17

Stay safe and cool,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr
[2] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html
[3] https://github.com/duckdb/duckdb/releases/tag/v1.3.1
[4] https://www.sudo.ws/stable.html#1.9.17

Given the fact that OpenVPN has always been very pedantic about that particular input I think all there is left to do here is add the correct validation?


Cheers,
Franco

It's a bug we're fixing today in 25.1.10.


Cheers,
Franco

The base isn't the problem. The real problem is that your packages are stuck at 24.1 while the base and kernel successfully upgraded to 24.7.

You can try this instead:

# opnsense-bootstrap -r 24.7


Given the critical nature of a major OS upgrade underneath from FreeBSD 13 to 14 consider the possibility that may not be successful since the first attempt also failed. Likely for reasons of third party plugins installed or manual ports installs. Unfortunately these things get complicated quickly.


Cheers,
Franco

Hi,

At the moment it's not planned, but it's not set in stone either. The plugin hooks are open so contributions to community edition for other SSOs are also possible.


Cheers,
Franco

OIDC will be supported starting with the 25.10 business edition.


Cheers,
Franco

There's four main reasons:

1. netdata is community scope
2. the plugin was last updated years ago in OPNsense 22.7.1
2. the netdata error reported is not helpful
3. netdata port in FreeBSD likely broke this and an update was made there already although the problem scope is still unclear because of 1+2+3

opnsense-revert should work on an older netdata package or 25.1.10 will fix it when the FreeBSD port is correctly fixed again. Worse case someone needs to make an effort to update the plugin to whatever it was that netdata broke in a 3 year old plugin...


Cheers,
Franco

I don't think these changes from 25.1.9 caused this to start working, but we did do a few things in earlier 25.1.x to improve the default gateway switching amongst others.


Cheers,
Franco

Your installation appears to be quite broken as if the core package was partially uninstalled likely following the use of the FreeBSD package repository. Unfortunately it may have also scrubbed your subscription awareness so reinstalling is probably the fastest approach with an image from https://opnsense-update.deciso.com/


Cheers,
Franco

A hotfix release was issued as 25.1.9_2:

o system: fix route status removal buttons
o openvpn: fix server deletion in legacy page

I think so. And iflib in FreeBSD allows easy deployment of a multi-threaded driver like the infamously pulled WireGuard implementation.


Cheers,
Franco

The old version should work as discussed.

It could be a bug in conjunction with the FreeBSD code and fixed there, but that would require some developer being interested and I still doubt Intel should cause bricking OS boots because of their microcode changes.

My assumption is this will disappear in the next microcode update not to be spoken off again.


Cheers,
Franco

I've been seeing these reports and I don't even know what should have caused them in the first place. The last Tailscale plugin change was in 25.1.

Tailscale upstream software updates in:

25.1.6: 1.82.5
25.1.5: 1.82.0
25.1.4: 1.80.3
25.1.3: 1.80.2
25.1.1: 1.80.0

but not in .7, .8. and .9 which correlates more with reports that this starts being problematic.


Cheers,
Franco