OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of tdalej »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - tdalej

Pages: [1] 2
1
23.7 Legacy Series / local/static routing issue - any help would be appreciated
« on: January 26, 2024, 02:38:29 pm »
This is the page from OPNSense docs: https://docs.opnsense.org/manual/routes.html
Short and sweet, but not much help.

I had a LAN configured between two other somewhat similar firewall products.
Site 1 LAN 192.168.10.0/24
Site 1 LAN for interconnect 192.168.30/0  (Interface 192.168.30.1)

Site 2 LAN for interconnect 192.168.30/0  (Interface 192.168.30.2)
Site 2 LAN 192.168.20.0/24

Site 1 Gateway for route to site 2 -  192.168.30.2 with monitor IP of 192.168.20.1
Site 2 Gateway for route to site 1 - 192.168.30.1 with monitor IP of 192.168.10.1

Site 1 static routes 192.68.20 Net via Site 1 Gateway
Site 2 static routes 192.68.10 Net via Site 2 Gateway

This configuration worked between sites in the previous setup -- I have changed to OPNSense in Site 1 and Site 2 is on the other/older firewall.

Gateway monitoring doesn't even work on OPNSense.
I can monitor and get a ping response from Site 2 gateway from OPNSense CLI but not the default gateway in Site 2

Obviously I'm missing something in routing, but I can't see it ...

Anyone got any hints?

2
23.7 Legacy Series / smartmontools on 23.7.12
« on: January 25, 2024, 02:25:48 pm »
When installing the os-smart plugin to monitor drive health, the message below is displayed.

There is no /etc/periodic.conf file.
Just daily, weekly, etc, directories in /etc/periodic 

Should this file be created or should an entry in the appropriate period be created?


Quote
Message from smartmontools-7.4_1:

--
smartmontools has been installed

To check the status of drives, use the following:

   /usr/local/sbin/smartctl -a /dev/ad0   for first ATA/SATA drive
   /usr/local/sbin/smartctl -a /dev/da0   for first SCSI drive
   /usr/local/sbin/smartctl -a /dev/ada0   for first SATA drive

To include drive health information in your daily status reports,
add a line like the following to /etc/periodic.conf:
   daily_status_smart_devices="/dev/ad0 /dev/da0"
substituting the appropriate device names for your SMART-capable disks.

To enable drive monitoring, you can use /usr/local/sbin/smartd.
A sample configuration file has been installed as
/usr/local/etc/smartd.conf.sample
Copy this file to /usr/local/etc/smartd.conf and edit appropriately

To have smartd start at boot
   echo 'smartd_enable="YES"' >> /etc/rc.conf

3
23.7 Legacy Series / Installation with ZFS - how long does it normally take?
« on: January 25, 2024, 12:00:31 am »
I have a Supermicro 1U Server I'm (going) to use as a firewall.
4 500GB enterprise SATA disks, so ZFS raidz3 might be a good approach.

It ran so long I stopped it and tried another firewall product that can use ZFS and on the same hardware installation time is minutes, not hours.

I'm running the installation of opnsense 23.7 again ...  I'm 3+ hours in and the screen says 38%.

Is this normal?
Anyone else using ZFS?

4
23.7 Legacy Series / Does a DNS firewall redir rule take precedence over DNS query forward?
« on: January 19, 2024, 09:21:29 pm »
If a query forward for a specific domain exists in unbound AND a redirect for all DNS queries are redirected to 127.0.0.1, which takes precedent?

5
23.7 Legacy Series / Maybe if I ask another way ... Routing issue
« on: January 19, 2024, 08:12:58 pm »
I have an interface on the OPNSense that is used to send/receive traffic from another network via a dedicated link to another building.

Interface is configured, gateway is set up, static route is added.  (Both sides)

One site interface IP is 192.168.30.1, the other has an interface IP of 192.168.30.2
Gateway on the .1 side is the .2 IP.
Gateway on the .2 side is the .1 IP.
The monitor IP on each is the LAN ip of the respective firewall.  (192.168.10.1 on the .1 side and 192.168.20.1 on the .2 side.)
Static routes have been added for each network -- routes for traffic to the .20/24 has been added and a route for the .10/24 has been added.

From OPNSense on the "LAN" net, I can access servers on the 192.168.30.0/24 net but not the 192.168.20.0/24 net.

When the gateways are configured, you can set up a "monitoring IP" -- it is set for the primary LAN interface IP on both sides.
OPNSense identifies the gateway as up, but the other end sees the OPNSense gateway as down.

It's like static routes are ignored on PFsense.

Do route changes require a reboot?

What settings am I missing on the OPNSense to make this work?

6
23.7 Legacy Series / Gateway to another network
« on: January 18, 2024, 02:19:07 pm »
I had this set up and working with another firewall product, but can't seem to make it happen now.
A lot more things to twiddle in OPNSense I think.

I have OPNSense1 set up with WAN/LAN ans some optional interfaces.

One of the optional interfaces is a 10G link to another building with it's own firewall and internet connection.
(One internet connection is DSL the other is line-of-sight radio, and traffic needs are very different on both.)

Previously, I configured an interface on each firewall for the connection between buildings, added a gateway on each with the interface on the opposite firewall as the gateway IP address, and the LAN IP on the opposite firewall as the monitor IP.



That's not working in OPNSense for some reason. 

And best of all, when I activate the route and gateway, my DMZ subnet loses WAN access :/

What portions of this configuration can I post here for suggestions on how to make this work?

Visual if that helps.  Trying to get the gateway/route correct to connect the two sites.


One thing I do see in the static route configuration section is this statement:
"Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway. "

As soon as I enable this route:
Disabled Network                    Gateway                                  Description                Commands
              192.168.20.0/24   OfficeLabGW - 192.168.30.2   Static route to site 2   

And this gateway:
OfficeLabGW    OfficeLab    IPv4    255    192.168.30.2    192.168.20.1    ~    ~    ~    Pending    OfficeLab Gateway

Most everything loses access to the internet.
 
This rather simple setup worked with the firewall I previously used, so I know it's possible.
I suspect I'm just missing something basic.

7
23.7 Legacy Series / [SOLVED]Firewall rule to isolate subnets from one another
« on: January 17, 2024, 11:39:29 pm »
This is getting to be a steep learning curve :)

For the most part so far(with some real weirdness), the WAN and LAN traffic seem to be working as expected.
DHCP active on LAN (I'm typing this from a desktop connected to LAN right now on a DHCP lease.

I need to setup several other "LAN" interfaces for various purposes -- some of them need to be isolated from everything but the internet and one is just for traffic to another building.

So, I have configured so far:
WAN
LAN
(Both working pretty much as expected)

WLAN         192.168.15.0/24
Work           192.168.50.0/24
10GLAN     192.168.40.0/24
Outbuilding 192.168.30.0/24

For most of this, /24 is overkill but it keeps it simple(ish).

I can match the physical interface in the UI by observing the display in the console --

WLAN   (igb3)      192.168.15.1/24
Work     (igb3)      192.168.50.1/24
10GLAN  (ix1)      192.168.40.1/24
Outbuilding (ix0)   192.168.30.1/24

The interface names and MAC address on the console agree with the interface names in the UI.

I have enabled DHCP on Work and WLAN -- plugging in a laptop on the Work segment gets a DHCP assignment from the WLAN range.
I swap the interface to the WLAN interface and I get an address in the Work range...


How exactly are DHCP services tied to an interface?
I'm not sure what I'm doing wrong here ...



LAN is a 192.168.0.0/24

I need to create a subnet for Windows laptops.
Win 192.168.50.0./24
DHCP enabled for about 10 IPs in this range.
Access to the internet using but no access to any other systems behind the OPNSense box.
I don't care if it uses external DNS -- I need these latops completely isolated from the internal network as a priority.

Instead of a LAN to Any rule, would the proper way to do this be Windows to This Firewall rule?







I created another subnet by adding an interface with a different 192.168.0.0/24.
Enabled DHCP, booted a laptop connected to that interface ...
I can see that it gets an IP on the

8
23.7 Legacy Series / [SOLVED]System -> Firmware -> Settings -> Type
« on: January 17, 2024, 10:50:24 pm »
Which gets the most stable updates?  Business?
The default was set to Community.

I ask because I'm getting some really special behavior after the last update.



9
23.7 Legacy Series / [SOLVED]Administrative "listen interfaces"
« on: January 17, 2024, 10:19:01 pm »
Under System -> Settings -> Administration there is a "Listen Interfaces" set to the default of "All".
The WAN interface appears in this list -- is the admin UI presented to the WAN interface?

I'm setting this up with 5 interfaces plus the WAN.

If "All " presents the UI to the WAN, how do I select multiple interfaces without the WAN?
The only option I can see is just one interface or all interfaces.


After selecting a single interface you can add additional interfaces,

Starting the appliance up with the WAN interface enabled seems a little ... unsafe?
Had I not been normally paranoid I probably would have never looked for that setting.

Shouldn't access from the WAN be disabled be default?

10
23.7 Legacy Series / Is it safe to interrupt an upgrade that never ends?
« on: January 17, 2024, 08:00:03 pm »
I have been waiting for ... something ... to happen in this upgrade attempt.
It started at 11:19 and it's now 13:00 -- I assume something went south somewhere.

What's the safe method to recover?
A halt/reboot from the console?


Really tired of waiting, so I'm rebooting to see if that gets it un-stuck. 
Or just blows up entirely ...



Code: [Select]
***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.7 at Wed Jan 17 11:19:12 CST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (144 candidates): .......... done
Processing candidates (144 candidates): ....... done
The following 103 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
ivykis: 0.42.4_1
libpfctl: 0.8
openssl111: 1.1.1w
php82-pcntl: 8.2.14
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20230225

Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
ca_root_nss: 3.91 -> 3.93
choparp: 20150613 -> 20150613_1
curl: 8.1.2 -> 8.5.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.5 -> 3.1.7
filterlog: 0.7 -> 0.7_1
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.76.4,2 -> 2.78.3,2
gmp: 6.2.1 -> 6.3.0
hostapd: 2.10_5 -> 2.10_8
json-c: 0.16 -> 0.17
krb5: 1.21.1 -> 1.21.2
libedit: 3.1.20221030,1 -> 3.1.20230828,1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.54.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.91 -> 3.95
ntp: 4.2.8p17 -> 4.2.8p17_1
oniguruma: 6.9.8_1 -> 6.9.9
openldap26-client: 2.6.5 -> 2.6.6
openssh-portable: 9.3.p2,1 -> 9.6.p1_1,1
openvpn: 2.6.5 -> 2.6.8_1
opnsense: 23.7 -> 23.7.12
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 22.7.3 -> 23.7.11
opnsense-update: 23.7 -> 23.7.10_1
perl5: 5.32.1_4 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.8 -> 8.2.14
php82-ctype: 8.2.8 -> 8.2.14
php82-curl: 8.2.8 -> 8.2.14
php82-dom: 8.2.8 -> 8.2.14
php82-filter: 8.2.8 -> 8.2.14
php82-gettext: 8.2.8 -> 8.2.14
php82-ldap: 8.2.8 -> 8.2.14
php82-mbstring: 8.2.8 -> 8.2.14
php82-pdo: 8.2.8 -> 8.2.14
php82-phalcon: 5.2.3 -> 5.3.1
php82-phpseclib: 3.0.19 -> 3.0.34
php82-session: 8.2.8 -> 8.2.14
php82-simplexml: 8.2.8 -> 8.2.14
php82-sockets: 8.2.8 -> 8.2.14
php82-sqlite3: 8.2.8 -> 8.2.14
php82-xml: 8.2.8 -> 8.2.14
php82-zlib: 8.2.8 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.12.1 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 3.7.1 -> 4.2.0
py39-certifi: 2023.5.7 -> 2023.11.17
py39-cffi: 1.15.1 -> 1.16.0
py39-charset-normalizer: 3.2.0 -> 3.3.2
py39-cryptography: 3.4.8_1,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-dnspython: 2.4.0,1 -> 2.4.2,1
py39-exceptiongroup: 1.1.2 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.17.3 -> 1.0.2
py39-httpx: 0.24.1 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.8.0 -> 0.10.1
py39-numexpr: 2.8.4_1 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-openssl: 21.0.0,1 -> 23.2.0,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-sqlite3: 3.9.17_7 -> 3.9.18_7
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.16,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
python39: 3.9.17 -> 3.9.18
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.42.0,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.10_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.13_1 -> 6.0.15
syslog-ng: 4.2.0 -> 4.4.0
unbound: 1.17.1_3 -> 1.19.0
wpa_supplicant: 2.10_6 -> 2.10_10

Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)

Number of packages to be installed: 9
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 6

The process will require 27 MiB more space.
96 MiB to be downloaded.
[1/103] Fetching py39-httpx-0.26.0.pkg: .......... done
[2/103] Fetching unbound-1.19.0.pkg: .......... done
[3/103] Fetching php82-session-8.2.14.pkg: ..... done
[4/103] Fetching wpa_supplicant-2.10_10.pkg: .......... done
[5/103] Fetching filterlog-0.7_1.pkg: . done
[6/103] Fetching py39-pyasn1-0.5.0.pkg: .......... done
[7/103] Fetching lighttpd-1.4.73.pkg: .......... done
[8/103] Fetching py39-exceptiongroup-1.2.0.pkg: ... done
[9/103] Fetching opnsense-update-23.7.10_1.pkg: ..... done
[10/103] Fetching hostapd-2.10_8.pkg: .......... done
[11/103] Fetching py39-httpcore-1.0.2.pkg: .......... done
[12/103] Fetching py39-cryptography-41.0.7_2,1.pkg: .......... done
[13/103] Fetching monit-5.33.0.pkg: .......... done
[14/103] Fetching py39-service-identity-23.1.0.pkg: ... done
[15/103] Fetching nss-3.95.pkg: .......... done
[16/103] Fetching cpdup-1.22.pkg: .... done
[17/103] Fetching py39-pyasn1-modules-0.3.0.pkg: .......... done
[18/103] Fetching php82-zlib-8.2.14.pkg: ... done
[19/103] Fetching php82-dom-8.2.14.pkg: ......... done
[20/103] Fetching php82-simplexml-8.2.14.pkg: ... done
[21/103] Fetching py39-numpy-1.25.0_4,1.pkg: .......... done
[22/103] Fetching json-c-0.17.pkg: ......... done
[23/103] Fetching py39-outcome-1.3.0_1.pkg: .. done
[24/103] Fetching easy-rsa-3.1.7.pkg: ....... done
[25/103] Fetching choparp-20150613_1.pkg: . done
[26/103] Fetching ldns-1.8.3.pkg: .......... done
[27/103] Fetching py39-openssl-23.2.0,1.pkg: .......... done
[28/103] Fetching py39-cython-0.29.37.pkg: .......... done
[29/103] Fetching cyrus-sasl-gssapi-2.1.28.pkg: .... done
[30/103] Fetching openvpn-2.6.8_1.pkg: .......... done
[31/103] Fetching php82-pdo-8.2.14.pkg: ....... done
[32/103] Fetching libnghttp2-1.58.0.pkg: .......... done
[33/103] Fetching py39-yaml-6.0.1.pkg: .......... done
[34/103] Fetching libxml2-2.10.4_2.pkg: .......... done
[35/103] Fetching krb5-1.21.2.pkg: .......... done
[36/103] Fetching py39-dnspython-2.4.2,1.pkg: .......... done
[37/103] Fetching py39-urllib3-1.26.18,1.pkg: .......... done
[38/103] Fetching php82-curl-8.2.14.pkg: ...... done
[39/103] Fetching python39-3.9.18.pkg: .......... done
[40/103] Fetching py39-charset-normalizer-3.3.2.pkg: ......... done
[41/103] Fetching rrdtool-1.8.0_3.pkg: .......... done
[42/103] Fetching py39-sqlite3-3.9.18_7.pkg: .... done
[43/103] Fetching py39-aioquic-0.9.24.pkg: .......... done
[44/103] Fetching php82-phalcon-5.3.1.pkg: .......... done
[45/103] Fetching php82-mbstring-8.2.14.pkg: .......... done
[46/103] Fetching isc-dhcp44-server-4.4.3P1.pkg: .......... done
[47/103] Fetching ntp-4.2.8p17_1.pkg: .......... done
[48/103] Fetching syslog-ng-4.4.0.pkg: .......... done
[49/103] Fetching py39-ujson-5.9.0.pkg: ...... done
[50/103] Fetching libpsl-0.21.2_4.pkg: ........ done
[51/103] Fetching py39-anyio-4.2.0.pkg: .......... done
[52/103] Fetching py39-numexpr-2.8.8.pkg: .......... done
[53/103] Fetching libfido2-1.14.0.pkg: .......... done
[54/103] Fetching py39-tzdata-2023.4.pkg: .......... done
[55/103] Fetching php82-ldap-8.2.14.pkg: ..... done
[56/103] Fetching py39-pylsqpack-0.3.18.pkg: ........ done
[57/103] Fetching ca_root_nss-3.93.pkg: .......... done
[58/103] Fetching libevent-2.1.12.pkg: .......... done
[59/103] Fetching ivykis-0.42.4_1.pkg: ......... done
[60/103] Fetching beep-1.0_2.pkg: . done
[61/103] Fetching libedit-3.1.20230828,1.pkg: .......... done
[62/103] Fetching py39-trio-0.24.0.pkg: .......... done
[63/103] Fetching pkcs11-helper-1.29.0_1.pkg: .......... done
[64/103] Fetching php82-sockets-8.2.14.pkg: ...... done
[65/103] Fetching php82-8.2.14.pkg: .......... done
[66/103] Fetching php82-sqlite3-8.2.14.pkg: .... done
[67/103] Fetching php82-pcntl-8.2.14.pkg: ... done
[68/103] Fetching php82-xml-8.2.14.pkg: ... done
[69/103] Fetching gmp-6.3.0.pkg: .......... done
[70/103] Fetching curl-8.5.0.pkg: .......... done
[71/103] Fetching gettext-runtime-0.22.3.pkg: .......... done
[72/103] Fetching py39-cffi-1.16.0.pkg: .......... done
[73/103] Fetching libpfctl-0.8.pkg: .. done
[74/103] Fetching php82-phpseclib-3.0.34.pkg: .......... done
[75/103] Fetching openssh-portable-9.6.p1_1,1.pkg: .......... done
[76/103] Fetching cyrus-sasl-2.1.28_1.pkg: .......... done
[77/103] Fetching libnet-1.3,1.pkg: .......... done
[78/103] Fetching suricata-6.0.15.pkg: .......... done
[79/103] Fetching mpd5-5.9_17.pkg: .......... done
[80/103] Fetching sqlite3-3.44.0_1,1.pkg: .......... done
[81/103] Fetching py39-Babel-2.14.0.pkg: .......... done
[82/103] Fetching php82-gettext-8.2.14.pkg: . done
[83/103] Fetching openldap26-client-2.6.6.pkg: .......... done
[84/103] Fetching py39-certifi-2023.11.17.pkg: .......... done
[85/103] Fetching glib-2.78.3,2.pkg: .......... done
[86/103] Fetching perl5-5.36.3_1.pkg: .......... done
[87/103] Fetching openssl111-1.1.1w.pkg: .......... done
[88/103] Fetching opnsense-23.7.12.pkg: .......... done
[89/103] Fetching oniguruma-6.9.9.pkg: .......... done
[90/103] Fetching squid-6.6.pkg: .......... done
[91/103] Fetching strongswan-5.9.13.pkg: .......... done
[92/103] Fetching readline-8.2.7.pkg: .......... done
[93/103] Fetching sudo-1.9.15p5.pkg: .......... done
[94/103] Fetching php82-ctype-8.2.14.pkg: . done
[95/103] Fetching opnsense-installer-24.1.pkg: ... done
[96/103] Fetching opnsense-lang-23.7.11.pkg: .......... done
[97/103] Fetching py39-netaddr-0.10.1.pkg: .......... done
[98/103] Fetching squid-langpack-7.0.0.20230225.pkg: .......... done
[99/103] Fetching pftop-0.10.pkg: ........ done
[100/103] Fetching py39-idna-3.6.pkg: ......... done
[101/103] Fetching php82-filter-8.2.14.pkg: ... done
[102/103] Fetching py39-typing-extensions-4.9.0.pkg: ...... done
[103/103] Fetching py39-h2-4.1.0.pkg: ......... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-1.1.1u,1 on /usr/local/bin/c_rehash
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 104 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
openssl: 1.1.1u,1

New packages to be INSTALLED:
ivykis: 0.42.4_1
libpfctl: 0.8
openssl111: 1.1.1w
php82-pcntl: 8.2.14
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20230225

Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
ca_root_nss: 3.91 -> 3.93
choparp: 20150613 -> 20150613_1
curl: 8.1.2 -> 8.5.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.5 -> 3.1.7
filterlog: 0.7 -> 0.7_1
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.76.4,2 -> 2.78.3,2
gmp: 6.2.1 -> 6.3.0
hostapd: 2.10_5 -> 2.10_8
json-c: 0.16 -> 0.17
krb5: 1.21.1 -> 1.21.2
libedit: 3.1.20221030,1 -> 3.1.20230828,1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.54.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.91 -> 3.95
ntp: 4.2.8p17 -> 4.2.8p17_1
oniguruma: 6.9.8_1 -> 6.9.9
openldap26-client: 2.6.5 -> 2.6.6
openssh-portable: 9.3.p2,1 -> 9.6.p1_1,1
openvpn: 2.6.5 -> 2.6.8_1
opnsense: 23.7 -> 23.7.12
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 22.7.3 -> 23.7.11
opnsense-update: 23.7 -> 23.7.10_1
perl5: 5.32.1_4 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.8 -> 8.2.14
php82-ctype: 8.2.8 -> 8.2.14
php82-curl: 8.2.8 -> 8.2.14
php82-dom: 8.2.8 -> 8.2.14
php82-filter: 8.2.8 -> 8.2.14
php82-gettext: 8.2.8 -> 8.2.14
php82-ldap: 8.2.8 -> 8.2.14
php82-mbstring: 8.2.8 -> 8.2.14
php82-pdo: 8.2.8 -> 8.2.14
php82-phalcon: 5.2.3 -> 5.3.1
php82-phpseclib: 3.0.19 -> 3.0.34
php82-session: 8.2.8 -> 8.2.14
php82-simplexml: 8.2.8 -> 8.2.14
php82-sockets: 8.2.8 -> 8.2.14
php82-sqlite3: 8.2.8 -> 8.2.14
php82-xml: 8.2.8 -> 8.2.14
php82-zlib: 8.2.8 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.12.1 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 3.7.1 -> 4.2.0
py39-certifi: 2023.5.7 -> 2023.11.17
py39-cffi: 1.15.1 -> 1.16.0
py39-charset-normalizer: 3.2.0 -> 3.3.2
py39-cryptography: 3.4.8_1,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-dnspython: 2.4.0,1 -> 2.4.2,1
py39-exceptiongroup: 1.1.2 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.17.3 -> 1.0.2
py39-httpx: 0.24.1 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.8.0 -> 0.10.1
py39-numexpr: 2.8.4_1 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-openssl: 21.0.0,1 -> 23.2.0,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-sqlite3: 3.9.17_7 -> 3.9.18_7
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.16,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
python39: 3.9.17 -> 3.9.18
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.42.0,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.10_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.13_1 -> 6.0.15
syslog-ng: 4.2.0 -> 4.4.0
unbound: 1.17.1_3 -> 1.19.0
wpa_supplicant: 2.10_6 -> 2.10_10

Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)

Number of packages to be removed: 1
Number of packages to be installed: 9
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 6

The process will require 13 MiB more space.
[1/104] Deinstalling openssl-1.1.1u,1...
[1/104] Deleting files for openssl-1.1.1u,1: .......... done
[2/104] Installing openssl111-1.1.1w...
[2/104] Extracting openssl111-1.1.1w: .......... done
[3/104] Installing libpfctl-0.8...
[3/104] Extracting libpfctl-0.8: ...... done
[4/104] Upgrading ca_root_nss from 3.91 to 3.93...
[4/104] Extracting ca_root_nss-3.93: ...... done
[5/104] Upgrading filterlog from 0.7 to 0.7_1...
[5/104] Extracting filterlog-0.7_1: .... done
[6/104] Upgrading choparp from 20150613 to 20150613_1...
[6/104] Extracting choparp-20150613_1: ...... done
[7/104] Upgrading beep from 1.0_1 to 1.0_2...
[7/104] Extracting beep-1.0_2: ..... done
[8/104] Upgrading sudo from 1.9.14p3 to 1.9.15p5...
[8/104] Extracting sudo-1.9.15p5: .......... done
[9/104] Upgrading opnsense-lang from 22.7.3 to 23.7.11...
[9/104] Extracting opnsense-lang-23.7.11: .......... done
[10/104] Upgrading pftop from 0.8_4 to 0.10...
[10/104] Extracting pftop-0.10: ..... done
[11/104] Upgrading libedit from 3.1.20221030,1 to 3.1.20230828,1...
[11/104] Extracting libedit-3.1.20230828,1: .......... done
[12/104] Upgrading sqlite3 from 3.42.0,1 to 3.44.0_1,1...
[12/104] Extracting sqlite3-3.44.0_1,1: .......... done
[13/104] Upgrading readline from 8.2.1 to 8.2.7...
[13/104] Extracting readline-8.2.7: .......... done
[14/104] Upgrading libnghttp2 from 1.54.0 to 1.58.0...
[14/104] Extracting libnghttp2-1.58.0: .......... done
[15/104] Upgrading libpsl from 0.21.2_3 to 0.21.2_4...
[15/104] Extracting libpsl-0.21.2_4: .......... done
[16/104] Upgrading nss from 3.91 to 3.95...
[16/104] Extracting nss-3.95: .......... done
[17/104] Upgrading libnet from 1.2,1 to 1.3,1...
[17/104] Extracting libnet-1.3,1: .......... done
[18/104] Upgrading libxml2 from 2.10.4 to 2.10.4_2...
[18/104] Extracting libxml2-2.10.4_2: .......... done
[19/104] Upgrading gettext-runtime from 0.22_1 to 0.22.3...
[19/104] Extracting gettext-runtime-0.22.3: .......... done
[20/104] Upgrading json-c from 0.16 to 0.17...
[20/104] Extracting json-c-0.17: .......... done
[21/104] Upgrading curl from 8.1.2 to 8.5.0...
[21/104] Extracting curl-8.5.0: .......... done
[22/104] Upgrading perl5 from 5.32.1_4 to 5.36.3_1...
[22/104] Extracting perl5-5.36.3_1: .......... done
[23/104] Reinstalling libevent-2.1.12...
[23/104] Extracting libevent-2.1.12: .......... done
[24/104] Upgrading oniguruma from 6.9.8_1 to 6.9.9...
[24/104] Extracting oniguruma-6.9.9: .......... done
[25/104] Upgrading python39 from 3.9.17 to 3.9.18...
[25/104] Extracting python39-3.9.18: .......... done
[26/104] Reinstalling ldns-1.8.3...
[26/104] Extracting ldns-1.8.3: .......... done
[27/104] Installing py39-pyasn1-0.5.0...
[27/104] Extracting py39-pyasn1-0.5.0: .......... done
[28/104] Upgrading py39-exceptiongroup from 1.1.2 to 1.2.0...
[28/104] Extracting py39-exceptiongroup-1.2.0: .......... done
[29/104] Upgrading py39-cffi from 1.15.1 to 1.16.0...
[29/104] Extracting py39-cffi-1.16.0: .......... done
[30/104] Upgrading py39-idna from 3.4_1 to 3.6...
[30/104] Extracting py39-idna-3.6: .......... done
[31/104] Installing py39-typing-extensions-4.9.0...
[31/104] Extracting py39-typing-extensions-4.9.0: .......... done
[32/104] Upgrading krb5 from 1.21.1 to 1.21.2...
[32/104] Extracting krb5-1.21.2: .......... done
[33/104] Upgrading cyrus-sasl from 2.1.28 to 2.1.28_1...
*** Updated user `cyrus'.
[33/104] Extracting cyrus-sasl-2.1.28_1: .......... done
[34/104] Upgrading py39-cryptography from 3.4.8_1,1 to 41.0.7_2,1...
[34/104] Extracting py39-cryptography-41.0.7_2,1: .......... done
[35/104] Installing py39-pyasn1-modules-0.3.0...
[35/104] Extracting py39-pyasn1-modules-0.3.0: .......... done
[36/104] Upgrading py39-anyio from 3.7.1 to 4.2.0...
[36/104] Extracting py39-anyio-4.2.0: .......... done
[37/104] Upgrading py39-certifi from 2023.5.7 to 2023.11.17...
[37/104] Extracting py39-certifi-2023.11.17: .......... done
[38/104] Upgrading py39-h2 from 4.0.0 to 4.1.0...
[38/104] Extracting py39-h2-4.1.0: .......... done
[39/104] Reinstalling cyrus-sasl-gssapi-2.1.28...
[39/104] Extracting cyrus-sasl-gssapi-2.1.28: .......... done
[40/104] Upgrading easy-rsa from 3.1.5 to 3.1.7...
[40/104] Extracting easy-rsa-3.1.7: .......... done
[41/104] Upgrading pkcs11-helper from 1.29.0 to 1.29.0_1...
[41/104] Extracting pkcs11-helper-1.29.0_1: .......... done
[42/104] Upgrading php82 from 8.2.8 to 8.2.14...
[42/104] Extracting php82-8.2.14: .......... done
[43/104] Upgrading py39-httpcore from 0.17.3 to 1.0.2...
[43/104] Extracting py39-httpcore-1.0.2: .......... done
[44/104] Installing py39-service-identity-23.1.0...
[44/104] Extracting py39-service-identity-23.1.0: .......... done
[45/104] Upgrading py39-outcome from 1.2.0 to 1.3.0_1...
[45/104] Extracting py39-outcome-1.3.0_1: .......... done
[46/104] Upgrading py39-openssl from 21.0.0,1 to 23.2.0,1...
[46/104] Extracting py39-openssl-23.2.0,1: .......... done
[47/104] Upgrading py39-pylsqpack from 0.3.17 to 0.3.18...
[47/104] Extracting py39-pylsqpack-0.3.18: .......... done
[48/104] Reinstalling cpdup-1.22...
[48/104] Extracting cpdup-1.22: ..... done
[49/104] Upgrading py39-httpx from 0.24.1 to 0.26.0...
[49/104] Extracting py39-httpx-0.26.0: .......... done
[50/104] Upgrading php82-session from 8.2.8 to 8.2.14...
[50/104] Extracting php82-session-8.2.14: .......... done
[51/104] Upgrading php82-pdo from 8.2.8 to 8.2.14...
[51/104] Extracting php82-pdo-8.2.14: .......... done
[52/104] Upgrading py39-yaml from 6.0 to 6.0.1...
[52/104] Extracting py39-yaml-6.0.1: .......... done
[53/104] Upgrading py39-aioquic from 0.9.21 to 0.9.24...
[53/104] Extracting py39-aioquic-0.9.24: .......... done
[54/104] Upgrading php82-mbstring from 8.2.8 to 8.2.14...
[54/104] Extracting php82-mbstring-8.2.14: .......... done
[55/104] Upgrading libfido2 from 1.13.0 to 1.14.0...
[55/104] Extracting libfido2-1.14.0: .......... done
[56/104] Installing ivykis-0.42.4_1...
[56/104] Extracting ivykis-0.42.4_1: .......... done
[57/104] Upgrading py39-trio from 0.22.2 to 0.24.0...
[57/104] Extracting py39-trio-0.24.0: .......... done
[58/104] Upgrading openldap26-client from 2.6.5 to 2.6.6...
[58/104] Extracting openldap26-client-2.6.6: .......... done
[59/104] Upgrading glib from 2.76.4,2 to 2.78.3,2...
[59/104] Extracting glib-2.78.3,2: .......... done
[60/104] Upgrading py39-numpy from 1.25.0,1 to 1.25.0_4,1...
[60/104] Extracting py39-numpy-1.25.0_4,1: .......... done
[61/104] Upgrading php82-zlib from 8.2.8 to 8.2.14...
[61/104] Extracting php82-zlib-8.2.14: ........ done
[62/104] Upgrading py39-sqlite3 from 3.9.17_7 to 3.9.18_7...
[62/104] Extracting py39-sqlite3-3.9.18_7: ........ done
[63/104] Upgrading php82-xml from 8.2.8 to 8.2.14...
[63/104] Extracting php82-xml-8.2.14: ......... done
[64/104] Upgrading unbound from 1.17.1_3 to 1.19.0...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[64/104] Extracting unbound-1.19.0: .......... done
[65/104] Upgrading wpa_supplicant from 2.10_6 to 2.10_10...
[65/104] Extracting wpa_supplicant-2.10_10: ....... done
[66/104] Upgrading lighttpd from 1.4.71 to 1.4.73...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[66/104] Extracting lighttpd-1.4.73: .......... done
[67/104] Upgrading opnsense-update from 23.7 to 23.7.10_1...
[67/104] Extracting opnsense-update-23.7.10_1: .......... done
[68/104] Upgrading hostapd from 2.10_5 to 2.10_8...
[68/104] Extracting hostapd-2.10_8: ....... done
[69/104] Reinstalling monit-5.33.0...
[69/104] Extracting monit-5.33.0: ....... done
[70/104] Upgrading php82-dom from 8.2.8 to 8.2.14...
[70/104] Extracting php82-dom-8.2.14: .......... done
[71/104] Upgrading php82-simplexml from 8.2.8 to 8.2.14...
[71/104] Extracting php82-simplexml-8.2.14: ......... done
[72/104] Upgrading openvpn from 2.6.5 to 2.6.8_1...
===> Creating groups.
Using existing group 'openvpn'.
===> Creating users
Using existing user 'openvpn'.
[72/104] Extracting openvpn-2.6.8_1: .......... done
[73/104] Upgrading py39-dnspython from 2.4.0,1 to 2.4.2,1...
[73/104] Extracting py39-dnspython-2.4.2,1: .......... done
[74/104] Upgrading php82-curl from 8.2.8 to 8.2.14...
[74/104] Extracting php82-curl-8.2.14: .......... done
[75/104] Upgrading rrdtool from 1.8.0_2 to 1.8.0_3...
[75/104] Extracting rrdtool-1.8.0_3: .......... done
[76/104] Upgrading php82-phalcon from 5.2.3 to 5.3.1...
[76/104] Extracting php82-phalcon-5.3.1: ........ done
[77/104] Reinstalling isc-dhcp44-server-4.4.3P1...
===> Creating groups.
Using existing group 'dhcpd'.
===> Creating users
Using existing user 'dhcpd'.
[77/104] Extracting isc-dhcp44-server-4.4.3P1: .......... done
[78/104] Upgrading ntp from 4.2.8p17 to 4.2.8p17_1...
[78/104] Extracting ntp-4.2.8p17_1: .......... done
[79/104] Upgrading syslog-ng from 4.2.0 to 4.4.0...
[79/104] Extracting syslog-ng-4.4.0: .......... done
[80/104] Upgrading py39-ujson from 5.8.0 to 5.9.0...
[80/104] Extracting py39-ujson-5.9.0: ......... done
[81/104] Upgrading php82-ldap from 8.2.8 to 8.2.14...
[81/104] Extracting php82-ldap-8.2.14: ........ done
[82/104] Upgrading php82-sockets from 8.2.8 to 8.2.14...
[82/104] Extracting php82-sockets-8.2.14: .......... done
[83/104] Upgrading php82-sqlite3 from 8.2.8 to 8.2.14...
[83/104] Extracting php82-sqlite3-8.2.14: ......... done
[84/104] Installing php82-pcntl-8.2.14...
[84/104] Extracting php82-pcntl-8.2.14: ......... done
[85/104] Upgrading php82-phpseclib from 3.0.19 to 3.0.34...
[85/104] Extracting php82-phpseclib-3.0.34: ......... done
[86/104] Upgrading openssh-portable from 9.3.p2,1 to 9.6.p1_1,1...
[86/104] Extracting openssh-portable-9.6.p1_1,1: .......... done
[87/104] Upgrading suricata from 6.0.13_1 to 6.0.15...
[87/104] Extracting suricata-6.0.15: .......... done
[88/104] Upgrading mpd5 from 5.9_16 to 5.9_17...
[88/104] Extracting mpd5-5.9_17: .......... done
[89/104] Upgrading php82-gettext from 8.2.8 to 8.2.14...
[89/104] Extracting php82-gettext-8.2.14: ........ done
[90/104] Upgrading squid from 5.9 to 6.6...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-6.6
[90/104] Extracting squid-6.6: .......... done
[91/104] Upgrading strongswan from 5.9.10_2 to 5.9.13...
[91/104] Extracting strongswan-5.9.13: .......... done
[92/104] Upgrading php82-ctype from 8.2.8 to 8.2.14...
[92/104] Extracting php82-ctype-8.2.14: ........ done
[93/104] Upgrading opnsense-installer from 23.1 to 24.1...
[93/104] Extracting opnsense-installer-24.1: .......... done
[94/104] Upgrading py39-netaddr from 0.8.0 to 0.10.1...
[94/104] Extracting py39-netaddr-0.10.1: .......... done
[95/104] Installing squid-langpack-7.0.0.20230225...
[95/104] Extracting squid-langpack-7.0.0.20230225: .......... done
[96/104] Upgrading php82-filter from 8.2.8 to 8.2.14...
[96/104] Extracting php82-filter-8.2.14: ......... done
[97/104] Upgrading py39-cython from 0.29.36 to 0.29.37...
[97/104] Extracting py39-cython-0.29.37: .......... done
[98/104] Upgrading py39-numexpr from 2.8.4_1 to 2.8.8...
[98/104] Extracting py39-numexpr-2.8.8: .......... done
[99/104] Upgrading py39-tzdata from 2023.3_1 to 2023.4...
[99/104] Extracting py39-tzdata-2023.4: .......... done
[100/104] Upgrading gmp from 6.2.1 to 6.3.0...
[100/104] Extracting gmp-6.3.0: .......... done
[101/104] Upgrading py39-urllib3 from 1.26.16,1 to 1.26.18,1...
[101/104] Extracting py39-urllib3-1.26.18,1: .......... done
[102/104] Upgrading py39-charset-normalizer from 3.2.0 to 3.3.2...
[102/104] Extracting py39-charset-normalizer-3.3.2: .......... done
[103/104] Upgrading py39-Babel from 2.12.1 to 2.14.0...
[103/104] Extracting py39-Babel-2.14.0: .......... done
[104/104] Upgrading opnsense from 23.7 to 23.7.12...
[104/104] Extracting opnsense-23.7.12: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Migrated OPNsense\Monit\Monit from 1.0.11 to 1.0.12
Migrated OPNsense\IDS\IDS from 1.0.7 to 1.0.9
Migrated OPNsense\Unbound\Unbound from 1.0.6 to 1.0.8
Migrated OPNsense\Routing\Gateways from 0.0.0 to 0.0.1
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/blacklisted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring system logging...done.
Compiling glib schemas
No schema files found: doing nothing.
Generating GIO modules cache
=====
Message from openssl111-1.1.1w:

--
===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

End-of-life since 2023-09-11, see https://www.openssl.org/blog/blog/2023/09/11/eol-111/  port will be removed when FreeBSD 13 is EoL.

It is scheduled to be removed on or after 2026-01-31.
=====
Message from openvpn-2.6.8_1:

--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
=====
Message from php82-pcntl-8.2.14:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-pcntl.ini.sample
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/squid/squid.conf if it is no longer needed.
=====
Message from strongswan-5.9.13:

--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from squid-langpack-7.0.0.20230225:

--
To use the squid language pack, use the directive:

error_directory /usr/local/share/squid-langpack/language

in your squid.conf. Example:

error_directory /usr/local/share/squid-langpack/sk
=====
Message from py39-urllib3-1.26.18,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
=====
Message from opnsense-23.7.12:

--
Beep! Beep!
Files /var/cache/opnsense-update/91549/OPNsense.conf and /usr/local/etc/pkg/repos/OPNsense.conf differ
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: No route to host
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-23.7.10-amd64.txz: ...

11
23.7 Legacy Series / 23.7 online updates
« on: January 17, 2024, 06:52:27 pm »
I got 23.7 up and running and ran through an update cycle.
Then I started configuring interfaces.

After that I went back and sure enough there are more updates available.

This time it's exponentially slower than the first time.
Seems to be hung here -- is this bad or am I just being impatient?
The "no route to host" bothers me and no reboot so far..

--
Beep! Beep!
Files /var/cache/opnsense-update/91549/OPNsense.conf and /usr/local/etc/pkg/repos/OPNsense.conf differ
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings



It does seem to be doing an update: - but is this an issue?


--
Beep! Beep!
Files /var/cache/opnsense-update/91549/OPNsense.conf and /usr/local/etc/pkg/repos/OPNsense.conf differ
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: No route to host
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-23.7.10-amd64.txz: ...


How long does this take?


Error updating repositories!
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-23.7.10-amd64.txz: ...

12
23.7 Legacy Series / Interface assignments
« on: January 17, 2024, 03:29:40 pm »
What enables saving additional interfaces?
I can see the interfaces other than LAN/WAN.
For example, I want to set one up to connect to a wireless access point .

I go in the UI, go to interface assignments, select the unused interface, name it and save.

Nothing.

The interface is still listed in the unused interface list and no new interface appears in the list under interfaces.

What am I missing?

13
23.7 Legacy Series / DHCP on interfaces other than LAN
« on: January 15, 2024, 08:07:51 pm »
Quick search on here doesn't provide any obvious hits.

I want to set up a DHCP server for interfaces other than "LAN" -- I want a separate range for a wireless subnet (just an interface connected to an access point), a separate internal subnet for 10gb network, etc ...

I don't see a way to access DHCP setting for anything other than the first configure LAN interface .....

Is this possible with OPNsense?


14
23.7 Legacy Series / IPV6 on WAN even after electing no IPV6 in config
« on: January 15, 2024, 06:04:39 pm »
Even after explicitly configuring no IPV6 on the wan, I still see a DHCP6 entry online for the WAN in the "Gateways" widget on the dashboard.

(Clarification added in edit)
   I'm setting up OPNSense in parallel to another firewall in order to shift to OPNSense.
   I configured the WAN interface during the CLI setup at install time and specified no IPV6.
   On first boot after that I disconnected the WAN interface in order to not conflict on WAN, leaving only the LAN connected in order
   to configure OPNSense.  With the WAN interface disconnected, first boot seems to have overridden the "No IPV6" settings.
   I'm using pppoe  on the WAN interface if that makes any difference.
   Once logged in, I have been able to disable it again from the Admin GUI.

   Just seems like disabling should mean it's disabled - no matter where you do it.

Even though setting it up for no IPV6, it's still there -- is that by design or is this a bug?

(It would be a lot easier to show this if the forum allowed image attachments!)

Name    RTT    RTTd    Loss    Status
WAN_DHCP6
~
   ~   ~   ~   Online

How do I get rid of this, given that saving a specific configuration setting of no IPV6 doesn't seem to actually happen?

15
23.7 Legacy Series / BIOS (Not UEFI) boot media for 23.7 install
« on: January 13, 2024, 03:17:55 pm »
I'm trying to install opnsense 23.7 on some older hardware that requires a BIOS (not UEFI) boot.
Is there any prebuilt images that support that?

I can boot the server off ISOs burned to USB -- Linux desktop, other firewalls whose-name-shall-not-be-mentioned :) and so on all boot fine.
Neither the USB .img file nor the vga .iso file from OPNsense 23.7 will boot.

Tried multiple USB devices (all 64GB in size though) of various qualities, and even the other firewall will boot off the sketchiest of USB sticks....

So, UEFI issue maybe?

Anyone else seen this?

The hardware is a Dell PE1950. 
Ancient, but sufficient for the intended purpose here if it can install.

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2