Messages

1

General Discussion / Re: Setup

« on: March 11, 2019, 08:04:24 pm »

If all versions are the same then mine has a shutdown in the GUI, see the attached screen shots. It is always better to shutdown than unplug to allow the file system to dismount properly.

There is also a shutdown option from the console. See attachments.

2

General Discussion / Re: Sale of old equipment...

« on: March 11, 2019, 07:50:19 pm »

SO, how much is not much? You have PayPal or Venmo.

3

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 11, 2019, 05:56:19 pm »

Franco,

So I finally got back to this and after applying the updates all is well in OPNsense land.

As for reverting back it appeared that the update was stuck in a loop. The base and kernel would update but OPNsense would not. When the firewall would come back up after the update and check it would see the 18.7 as an update to 19.1 and then revert the kernel and base back to 18.7. Then after the reboot it would see the 19.1 as the update... rinse lather repeat......

Performing the update using the command you gave forced the 19.1 OPNsense to install on the 18.7 kernel and base and then after a reboot the kernel and base was seen as needing the update to 19.1 and applied as expected. I am now on 19.1.3. Hopefully you can find a fix. Now there is an in place workaround for those who do not want to reload the firewall from scratch or can't due to access restrictions.

Thanks,

Doug

4

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 07, 2019, 11:18:13 pm »

Okay, so prior to running the command you sent I had did a manual install of kernel from the GUI and it rolled the kernel back to 18.7. After running your command the firewall is now at 19.1 but the kernel and base are reporting 18.7. That is exactly opposite of what I had before.

Should I apply the updates of the base and kernel now or do you want/need any thing else before I do?

Attached are the screenshot of the update page after the command was run and the SSH log of the command being run.

Also the only added item was Sensei. Everything else was stock out of the box. I did a clean install, setup the interfaces and added Sensei. Nothing else added or installed that I can recall.

5

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 07, 2019, 06:37:14 pm »

Continuing to poke around and got this output which agrees with the screenshot I got before:

root@OPNsense:/var/cache/opnsense-update # uname -a
FreeBSD OPNsense.vw.edu 11.2-RELEASE-p8-HBSD FreeBSD 11.2-RELEASE-p8-HBSD  31af16db12b(stable/19.1)  amd64

So it appears the kernel is actually on 19.1 but the OPNSense package did not upgrade? Or am I reading this wrong?

6

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 07, 2019, 06:08:14 pm »

newsense

He is testing to compare to my output.

Bonkerton

My setup does not have wget but I was able to use fetch and pull down the package. I get the same size as you did. The man page indicated that the dots were time related, they just let you know it is doing something "whistle while you work" and are not related to size. My pipe is around 500Meg and it took 1m32s to download.

Thanks for testing.

7

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 06, 2019, 10:37:36 pm »

After running the command from a couple post back, today I logged back into the firewall and went to the upgrade page. I found the page as shown in the attached picture. It shows the current kernel as 19.1 and the upgrade as 18.7.10. Why would that be? It looks like it is going to roll it back. Could this have something to do with the failed upgrade?

8

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 05, 2019, 06:40:31 pm »

hbc,

I am aware of that work around. However I am willing to do this in a effort to find the root cause. At the moment it is only affecting a small number of people but at a future juncture it could be a problem that affects a large group or everyone. Or it may never happen again. Since I have a setup that is exhibiting the symptoms and I am not in production and I am willing to do some testing and digging to find the root cause, I put the offer out there. If there is no interest then so be it.

I look at problems like this: You are using a metal detector. It goes off during a search. No one else had their detector go off. Until you dig it up and find out what it was you have no way of knowing if it was a piece of scrap or a landmine. Where is was at could be on a obscure spot or in what will become the main path. There is no way to know what will happen until you know what it was and where it is.

I am just offering my time and the use of my setup to test. If there is no interest then so be it, I will move on but if the powers to be want to dig in then I am willing. I know just enough to be dangerous. Franco said that he had seen no screen shots and had no feedback so I was looking to provide that. I am new to this platform and have a bit of Linux experience (enough to be dangerous) so I am not a complete idiot (just a partial one, just ask my wife). I did some digging and read the man page for opnsense-update and found the -V option. So I decided to provide that output. Did you see any issues in the output that were significant?

9

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 04, 2019, 11:39:23 pm »

Here is the upgrade output from the command line:

root@OPNsense:~ # opnsense-update -Vur 19.1
+ [ -n '' ]
+ [ '' '=' -T ]
+ [ -z '' ]
+ DO_KERNEL=-k
+ DO_BASE=-b
+ DO_PKGS=-p
+ [ -n '' ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -z '' ]
+ [ -n -k -a -n '' -a -z -u ]
+ [ -n -b -a -n '' -a -z -u ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -z 19.1 ]
+ [ -b '=' -B ]
+ [ -p '=' -P ]
+ [ -n '' ]
+ [ -p '=' -p -a -z -u ]
+ FLAVOUR=Base
+ [ -n '' ]
+ [ -f /usr/local/bin/openssl ]
+ /usr/local/bin/openssl version
+ awk '{ print $1 }'
+ FLAVOUR=OpenSSL
+ PACKAGESSET=packages-19.1-OpenSSL-amd64.tar
+ KERNELSET=kernel-19.1-amd64.txz
+ BASESET=base-19.1-amd64.txz
+ mirror_abi
+ sed -n 's/^[[:space:]]*url:[[:space:]]*\"pkg\+\(.*\/${ABI}\/[^\/]*\)\/.*/\1/p' /usr/local/etc/pkg/repos/OPNsense.conf
+ MIRROR='http://mirrors.nycbug.org/pub/opnsense/${ABI}/18.7'
+ opnsense-verify -a
+ ABI=FreeBSD:11:amd64
+ [ -n '' ]
+ eval 'MIRROR=http://mirrors.nycbug.org/pub/opnsense/${ABI}/18.7'
+ MIRROR=http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7
+ echo http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7
+ MIRROR=http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets
+ [ -n '' ]
+ [ -z '' ]
+ [ 19.1 '=' 18.7.10 -a -n -k ]
+ [ 19.1 '=' 18.7.10 -a -n -b ]
+ [ -z -k-b-p ]
+ [ -p '=' -p ]
+ fetch_set packages-19.1-OpenSSL-amd64.tar
+ STAGE1='opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar.sig http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/packages-19.1-OpenSSL-amd64.tar.sig'
+ STAGE2='opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/packages-19.1-OpenSSL-amd64.tar'
+ STAGE3='opnsense-verify -q /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar'
+ [ -n '' ]
+ [ -n '' ]
+ echo -n 'Fetching packages-19.1-OpenSSL-amd64.tar: .'
Fetching packages-19.1-OpenSSL-amd64.tar: .+ mkdir -p /var/cache/opnsense-update/50494
+ opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar.sig http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/packages-19.1-OpenSSL-amd64.tar.sig
.+ opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/packages-19.1-OpenSSL-amd64.tar
...+ [ -n -V ]
+ opnsense-verify -q /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar
+ echo ' done'
 done
+ [ -b '=' -b ]
+ [ -z '' -o -n -u ]
+ rm -f /usr/local/opnsense/version/base.lock
+ fetch_set base-19.1-amd64.txz
+ STAGE1='opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/base-19.1-amd64.txz.sig http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/base-19.1-amd64.txz.sig'
+ STAGE2='opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/base-19.1-amd64.txz http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/base-19.1-amd64.txz'
+ STAGE3='opnsense-verify -q /var/cache/opnsense-update/50494/base-19.1-amd64.txz'
+ [ -n '' ]
+ [ -n '' ]
+ echo -n 'Fetching base-19.1-amd64.txz: .'
Fetching base-19.1-amd64.txz: .+ mkdir -p /var/cache/opnsense-update/50494
+ opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/base-19.1-amd64.txz.sig http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/base-19.1-amd64.txz.sig
.+ opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/base-19.1-amd64.txz http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/base-19.1-amd64.txz
................................+ [ -n -V ]
+ opnsense-verify -q /var/cache/opnsense-update/50494/base-19.1-amd64.txz
+ echo ' done'
 done
+ [ -k '=' -k ]
+ [ -z '' -o -n -u ]
+ rm -f /usr/local/opnsense/version/kernel.lock
+ fetch_set kernel-19.1-amd64.txz
+ STAGE1='opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz.sig http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/kernel-19.1-amd64.txz.sig'
+ STAGE2='opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/kernel-19.1-amd64.txz'
+ STAGE3='opnsense-verify -q /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz'
+ [ -n '' ]
+ [ -n '' ]
+ echo -n 'Fetching kernel-19.1-amd64.txz: .'
Fetching kernel-19.1-amd64.txz: .+ mkdir -p /var/cache/opnsense-update/50494
+ opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz.sig http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/kernel-19.1-amd64.txz.sig
.+ opnsense-fetch -a -T 30 -q -o /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz http://mirrors.nycbug.org/pub/opnsense/FreeBSD:11:amd64/18.7/sets/kernel-19.1-amd64.txz
...........+ [ -n -V ]
+ opnsense-verify -q /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz
+ echo ' done'
 done
+ [ -k '=' -k ]
+ echo '!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!'
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
+ echo '! A critical upgrade is in progress. !'
! A critical upgrade is in progress. !
+ echo '! Please do not turn off the system. !'
! Please do not turn off the system. !
+ echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ [ -p '=' -p -a -n -u ]
+ echo -n 'Extracting packages-19.1-OpenSSL-amd64.tar...'
Extracting packages-19.1-OpenSSL-amd64.tar...+ rm -rf '/var/cache/opnsense-update/.sets.pending/packages-*'
+ mkdir -p /var/cache/opnsense-update/.sets.pending/packages-19.1
+ pkg-static clean -qya
+ tar -C/var/cache/opnsense-update/.sets.pending/packages-19.1 -xpf /var/cache/opnsense-update/50494/packages-19.1-OpenSSL-amd64.tar
+ echo 19.1
+ [ -n '' ]
+ echo ' done'
 done
+ [ -b '=' -b -a -n -u ]
+ echo -n 'Extracting base-19.1-amd64.txz...'
Extracting base-19.1-amd64.txz...+ rm -rf '/var/cache/opnsense-update/.sets.pending/base-*'
+ mkdir -p /var/cache/opnsense-update/.sets.pending
+ mv /var/cache/opnsense-update/50494/base-19.1-amd64.txz /var/cache/opnsense-update/.sets.pending
+ echo 19.1
+ echo ' done'
 done
+ [ -k '=' -k ]
+ install_kernel
+ KLDXREF='kldxref /boot/kernel'
+ [ -n -u ]
+ KLDXREF=:
+ echo -n 'Installing kernel-19.1-amd64.txz...'
Installing kernel-19.1-amd64.txz...+ mkdir -p /boot/kernel /boot/kernel.old /usr/lib/debug/boot/kernel
+ rm -r /boot/kernel.old /usr/lib/debug/boot/kernel
+ mv /boot/kernel /boot/kernel.old
+ tar -C / -xpf /var/cache/opnsense-update/50494/kernel-19.1-amd64.txz
+ :
+ echo ' done'
 done
+ [ -n -b -a -z -u ]
+ [ -p '=' -P -a -z -u ]
+ [ -z '' ]
+ rm -rf /var/cache/opnsense-update/50494
+ echo 'Please reboot.'
Please reboot.


Did a reboot and still on version 18.

10

19.1 Production Series / Re: Cannot Upgrade to 19.1 from 18.7.10_4

« on: March 04, 2019, 09:51:46 pm »

Franco (and others),

I too am having this same issue. For me it is a physical and for evaluating purposes so it is not in production. As for the console output I can confirm there isn't any. No errors, no real responses, just what has been mentioned, downloading, installing and reboot. I can film it if you like.

Now to that end is there any options to run the upgrade command from a prompt with a switch(s) set to get debug commands piped to a file? Although the work around to install and restore the config exists, if there is a bug lurking somewhere it would be great to find it now instead of it possibly showing up later in a uglier/widespread way.

As for my setup it is a stock install with three interfaces: Inside, Outside and Management. I can even upload my config if you like. Like I said nothing in the box, no rules other than what is needed to get the management interface to work.

It may take me a few days to test things but am happy to try and help.

11

Development and Code Review / Re: Sensei on OPNsense - Application based filtering

« on: January 03, 2019, 08:02:06 pm »

I see that shaping at layer 7 is on the roadmap for sensei. Is there any time table on that feature? Has it even started? I am looking to use it in a 1500-2000 user environment to replace some aging equipment if it is slated for the near future.

Also I have several ideas that I would like to see implemented as I have used application shapers for over 10 years in our environment.

12

18.1 Legacy Series / Re: Routing only. NO NAT

« on: December 30, 2018, 11:05:43 pm »

Ran into a similar issue and found to get this working I had to do two things. First was to learn how to write the firewall rules (DUH) but when you are tired your mind does weird things. Since I had multiple networks on the inside I had to set the rule to any instead of the Lan Network.

The other was that the NAT setting needed to be Disable outbound NAT rule generation and not Manual as noted.