Topics

I saw the hot fix for Kernal panics which suggests the correct version
identifies itself as "stable/24.7-n267981-8375762712f" using uname - v

I get the following
root@home:~ # uname -v
FreeBSD 14.1-RELEASE-p6 stable/24.7-n267979-0d692990122 SMP

I have tried to issue the
opnsense-update -fk
and reboot but no change.

Am I miss reading the update notes

Fetching packages-22.7-OpenSSL-amd64.tar.......................

It seems to be just hanging forever. I tried turning off ipv6 no different

Any pointers?

EDIT : I tried again today all good. I assume just some sort of back-end mirror issue.

Upgrade appeared to go to plan except for the following rules which used to allow traffic from just a few specific countries now block everything so no external access to my firewall.

I have disabled them and all traffic flows again


EDIT : After re-saving the GOIP alias it started working again 

In the early hours of this morning, I noticed that I had lost WAN access.

When checking my monitoring systems I could see that I was still able to ping my firewall from external locations and all LAN access was as expected. Just no access to the internet.

I signed into the firewall GUI from the LAN and all the gateways and connections were showing as active, but still no WAN access.

I used a serial cable connection to sign in to the console then issued a reboot of from the GUI to see what messages appeared.

Nothing happened.  The console gave no indication the system was rebooting. So I issued console option 6 and the reboot started. However this also hung whilst closing down the processes - Sorry don't remember which point as I then did a power cycle.

During the power cycle, I got a message of "damage tar "repeatedly
So hit control C from the console and the startup completed. Subsequent powerups and restarts have been fine

If from the console I issue

# find . -name *.core

I get

./python3.7.core

Do you want a copy of this core file it's circa 23MB

Can't find anything in the 20.1 release notes but GUI in 19.7 at

System: Settings: Logging had a section for remote syslog

at 20.1.RC its missing and only Local Logging options exist

Did I miss something ?

As per subject line. I was running dev versions of 20.1

Switch back to Production in GUI and did the upgrade

My console is showing

OPNsense 20.1.r_6-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019

Is that right ? was expecting rc1

So I'm almost there in getting Sonos on a separate VLAN to be controllable via the iPhone app on another VLAN

I found this article https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s

yes I know its from the darkside

But my only issue is I can only get it to work when I run it in debug mode ie I start pmid with the -d parameter which means it runs in the foreground on the console and fills it with diagnostics messages

Anyone managed to get it working ?

I set up a new gateway for some testing. I created it in GUI and saved it but it did not appear in the gateway list

At first I thought I had not created properly and was about to try again it but dpinger seems to be trying to monitor it see images - gateway marked "Test"

Now I cant figure out how to delete it 

After upgrading to 19.7 I still get an IPv6 address on LAN and can ping this IPv6 address from remote locations

However no devices on LAN are being given IPv6 address

I noticed dhcp6d server was not running and is stopped after each reboot until manually started

But even after manually starting dhcp6d server not clients are being given IPv6 address

Cant see anything obvious on logs

EDIT: it appears there is no /etc/dhcp6v.conf file being created anymore suspect thats not helping

EDIT2: clients that had IPv6 before the update have kept them and function correctly although I suspect they will lose that connectivity when the lease expires 


EDIT3: See my workaround in my last post

After upgrade to 19.7.rc1 all my VLANs with the exception of the default LAN where inoperable, no access to them and devices on then not able to reach the internet. No obvious error messages i could see.

Quick save of the effected VLAN interfaces from the console resolved the issue. Any logs I can provide that might help ?

Getting this error

[05-Apr-2019 20:47:25 Europe/London] PHP Warning:  count(): Parameter must be an array or an object that implements Countable in /usr/local/www/widgets/widgets/wake_on_lan.widget.php on line 64

Tried a reinstall of the plugin but same issue

Trying to break it in light of the release notes and LibreSSL move from 2.7 to 2.8

BUT I CANT !!!

Nice job guys :-)

at 18.7 the VPN client export used

verify-x509-name [FQDN] name

Now it uses

verify-x509-name "/C=GB/ST=[state]/L=[place]/O=[org]/emailAddress=[email]/CN=[FQDN]" subject

this is causing the server to reject the connection

changing back to

verify-x509-name [FQDN] name

and all works again

Since upgrading the Insight aggregator stops just after starting and the logs show.

Jan 21 19:13:52   kernel: pid 84883 (python2.7), uid 0: exited on signal 11 (core dumped)
Jan 21 19:13:50   flowd_aggregate.py: start watching flowd
Jan 21 19:12:45   flowd_aggregate.py: startup, check database.

Get this error - dump report submitted as well

[12-Nov-2018 13:38:53 Europe/Paris] PHP Fatal error:  Uncaught Error: Call to undefined function get_configured_interface_list() in /usr/local/etc/inc/plugins.inc.d/igmpproxy.inc:80
Stack trace:
#0 /usr/local/etc/inc/services.inc(1963): igmpproxy_configure_do()
#1 /usr/local/www/status_services.php(45): service_control_start('igmpproxy', Array)
#2 {main}
  thrown in /usr/local/etc/inc/plugins.inc.d/igmpproxy.inc on line 80

Any reason why I can't set up a single vpn server that would accept a connection over either wan in multi wan setup ?

Second FTTP connection arrives soon so planning ahead :-)

Ok so why this post. Simply to say thank you to @franco and the team here at OPNsense

@Marjohn and I, mainly @Marjohn56 to be fair, had been working on pfSense for a number of months enabling it to work correctly with Orange FTTP in France This meant modifications to dhclient and dhcp6c binaries as well as other tweaks.

Whilst we got it working over at pfSense the acceptance of the changes Marjohn56 made to the binaries was slow and at times almost hard work to get accepted. Add to that the Mods over at pfSense becoming almost confrontational. So @Marjohn56 suggested a move to OPNsense which we made a few months ago. From day 1 our interactions with and interest from @franco began. WOW what a difference. Instead of the indifference, we met with support. So much so that in a short space of time we have move from a pfSense system that required binaries to be replaced and patches after every upgrade to a system on OPNSense that is now fully supports Orange France FTTP without modification.

At no point was @franco dismissive of our ideas in fact he encourage our efforts.

So as of 18.7 I can out of the box connect to Orange France and enjoy my 500/250 connection

Loving it here. Now what can I break :-)     

OPNsense version 18.7 prend désormais en charge IPv4 et IPv6 sans avoir besoin de remplacer les binaires

configurer pour Orange

https://docs.opnsense.org/manual/how-tos/orange_fr_fttp.html

I switched from Development to Production in the upgrade settings

Then upgraded in GUI expecting to see 18.7.r1  but instead I have 18.7.r_10

Upgraded to the development version of OPNsense via the GUI then from pridcution 18.1.5

# opnsense-code core
# cd /usr/core
# make upgrade

which gave me

OPNsense 18.7.b_119-amd64
FreeBSD 11.1-RELEASE-p8
OpenSSL 1.0.2n 7 Dec 2017

Seems to be working fine BUT

How do I update the FreeBSD and OpenSSL to

FreeBSD 11.1-RELEASE-p9
OpenSSL 1.0.2o 27 Mar 2018

Which I think are the latest