Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - tdalej

#1
My time is about 9 minutes off -- compared to two other professionally (more than me at least) managed networks.
The default opnsense pool reported in the logs DNS resolution failure

Error    ntpd    error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (8)

so I added pool.ntp.org ans us.pool.ntp.org and I'm still seeing status like below.
I do see this and many more servers in the list -- is the "Unreach/Pending" just a side effect of not being in sync?
Although the offset column shows I'm not as far off as it really is ...

I'd really like my gateway to sync up and provide NTP for  the local networks ...






Status     Server     Ref ID     Stratum     Type     When     Poll     Reach     Delay     Offset     Jitter
Unreach/Pending     us.pool.ntp.org     .POOL.     16     p     -     64     0     0.000     +0.000     0.000
Unreach/Pending     opnsense.pool.ntp.org     .POOL.     16     p     -     64     0     0.000     +0.000     0.000
Unreach/Pending     134.215.155.177     216.239.35.0     2     u     14     64     7     48.304     +1.936     0.174
Unreach/Pending     158.51.99.19     17.253.26.125     3     u     16     64     7     42.716     +0.857     0.319
Unreach/Pending     72.14.183.239     45.79.1.70     3     u     13     64     7     16.266     +0.373     0.067
Unreach/Pending     74.208.25.46     198.46.254.130     3     u     13     64     7     36.483     +5.648     2.497
#2
This has nothing to do with OPNsense -- this is firmly with the provider - Spectrum in Texas.

Spectrum has recently added fiber to my area.
I have a /29 of static IP addresses (Spectrum calls this a "5 block").
At random intervals, geolocation for my static IPs update to various major metro areas in Texas.
When running my IP through various ip tools on the internet you can see the different tools will show different locations.
I assume that those various tools update their location information to some extent at least to routing to/from the IP address, perhaps?

Spectrum tech support has been way less than helpful so far -- most of the 1st level responses haven't even understood the issue.
Most of them don't understand what a PTR record is and will argue about their ability to alter them. :=(
At one point, on escalation I was told that Spectrum will route traffic outside the spectrum network in various physical locations, based on network load.
None of them will answer any questions about how spectrum routing and traffic paths work, or how this could affect the geo-location of the public, static IP addresses for which I pay extra.

Traffic that originates coming to me seems unaffected -- the IP addresses do appear to appear to be public.  Where this shows up as a a major PITA is that I frequently get security alerts from places like ebay - " A device logged into your account from San Marcos, Tx - was that you?" - next login I have to go through account verification. again.
Some streaming services provide "local" channels.
Makes life interesting if you never know if "local" will be Dallas/Ft Worth, Houston, Austin or San Antonio ... 

Any one else on Spectrum or encountered anything like this?

#3
Ramblings from someone who woke up in the middle of the night with this in his head ...

The Arista 7050S-52 switch (10GB ports) is out in the wild for just over $100 now.
The later 7050 family switches have at least 4GB of ram, and this model has a "built in SSD".
Arista EOS is based on Linux -- I have a 7050TX-64 (10GB and 40GB ports) that is on a 4.9 64bit kernel (and it's not on the latest version.)

Would it be possible to run OPNsense on Arista hardware?
Anyone tried it?


I have no idea what you'd do with that many ports, but at ~$100 - $150 ... 
#4
I'm looking for anyone else on their service where you experience frequent geo-location shifts of your public IP.
I'm on a static /29 from them in the 70.116.n.n range.

The only streaming app that can reliably determine what is "local" to us is the Spectrum TV app. 

Sometimes the streaming apps the wife uses will show us channels/content from the closest Metro area, and a lot of days we get content from San Antonio -- several hundred miles away.

Spectrum business support has provided two responses so far, depending on which level of tech you get:
1. "No, you are crazy, we never have any issues, it's a problem to deal with in your app."
2. "Yea, happens all the time, sucks to be you."


I'm collecting traceroutes to several points of interest, when we see the change to document.
I did some searching and saw someone on reddit asking about the same thing -- their solution was to go to another fiber provider.
I wish I could here.
I had to wait for someone to pass away here to grab an open DSL port before spectrum installed fiber.

Other than the really weird head end issue it's not that bad (especially compared to present alternatives), but at this point it's driving us buggy with this issue.

#5
24.7, 24.10 Legacy Series / automating backups
January 10, 2025, 10:57:31 PM
I am to the stage setting up automated backups of an opnsense installation.
I see the API documentation, and that looks like possibly the answer, however ...

Is the entire configuration stored in a single file as in the backup from the UI?

I have used another, similar product that contained the configuration in a single file and a very simple korn shell script was all that was required to obtain a copy of the file that could be used for restoration.

/conf/config.xml seems to have a majority of the config -- can it be used to restore on a fresh install?
If so, what is the advantage of the APIs for backup?


#6
24.7, 24.10 Legacy Series / ssh access
January 06, 2025, 10:54:54 PM
It seems in the gui the ability to enable ssh access is global and I don't see anything that is interface specific.
Is the WAN interface disabled for ssh access by default?


#7
Especially if you edit DHCP static leases or DNS overrides in order to save yourself the time of one-by-one entry:

There appears to be no data integrity checking prior/during restore.

Some examples:
Trailing spaces in fields - like mac addresses, duplicate entries in DHCP leases, all are rejected if attempted in the GUI.
All get by the restore without error.
Best part is, in the case of ISC DHCP4, apparently handing multiple IP addresses to the same MAC address works.
Both get inserted into unbound.
So a single device gets two valid leases and both entries are inserted into DNS.

Being able to sort the static lease entry tables by the various column headers would help identify these quickly.
You can sort the leases table - so you can only see them the obvious when it occurs and some device becomes unavailable on the network because it happens to not respond to the first DNS entry.



My bad for the essentially corrupted data -- but if there is an attempt to idiot-proof opnsense, I'm winning today. :/


#8
This is a really dumb/simple setup and I know the answer is somewhere in these forums or the docs, and I have spent several days looking ...
I can't find anything that addresses this specific question so here I go ...

I have an OPNSense device with 6 interfaces - 1 WAN, 5 LANs.
Each LAN is it's own 192.168.n.0/24 subnet.
Each LAN has it's own DNS overrides in unbound, and each has ISC DHCP4 server configured with a single pool with in it's subnet and a range of static leases assigned outside the dynamic pools.

LANs are:
192.168.10.0/24
192.168.20.0/24
192.168.30.0/24
192.168.40.0/24
192.168.50.0/24

I'm not using any IPV6, VLANs or VPNs at present to keep this simple.


As I added each new subnet after initial WAN/LAN set up, I duplicated the LAN Any to Any rules to each new subnet.
On each subnet I can do fwd/rev lookups of any device on any other LAN.
It appears I have general access across all LANs (as expected) with the any-to-any rules in place.

I need to configure rules to isolate some subnets to only have access to the WAN.
Some subnets need access to the other not-isolated subnets.

For each subnet that should be blocked, firewall rules for each interface should be added above the allow any rule to that block both inbound and outbound from the other subnets, correct?

For example -- if I add on the 50.0/0 interface block in and block out rules for the net address of the 10.0/0, 20.0/0, 30.0/0 and 40.0/0 subnets  -- will effectively block all traffic in and out from those networks, or do I need to have inbound blocked on the .50.0/0 interface and outbound to the .50.0/0 on all other interfaces?

Is there a simpler way to do this in floating rules and I'm just over-complicating this?
In addition to the any-to-any rules on the LANs  - other than the "automatically generated rules" (which vary in number for some reason on the different LANs) is there any other basic think I'm missing?

I also need to restrict access to the opnsense appliance itself from the WAN and certain LANs.
Is there a setting in the GUI or is that done via firewall rules?
#9
How is 192.168.30.100 to 192.168.30.200 _not_ within a 192.168.30.0/24 subnet?


#10
I tried this a number of years ago without success.  https://forum.opnsense.org/index.php?topic=9039.0
I am desperately hoping there is an alternative to manual input of ~70 DNS override entries and ~90 or so static DHCP assignments.

Any way to manually edit the xml backup file then restore?
I don't see any way in the UI to mass imports...
#11
This is the page from OPNSense docs: https://docs.opnsense.org/manual/routes.html
Short and sweet, but not much help.

I had a LAN configured between two other somewhat similar firewall products.
Site 1 LAN 192.168.10.0/24
Site 1 LAN for interconnect 192.168.30/0  (Interface 192.168.30.1)

Site 2 LAN for interconnect 192.168.30/0  (Interface 192.168.30.2)
Site 2 LAN 192.168.20.0/24

Site 1 Gateway for route to site 2 -  192.168.30.2 with monitor IP of 192.168.20.1
Site 2 Gateway for route to site 1 - 192.168.30.1 with monitor IP of 192.168.10.1

Site 1 static routes 192.68.20 Net via Site 1 Gateway
Site 2 static routes 192.68.10 Net via Site 2 Gateway

This configuration worked between sites in the previous setup -- I have changed to OPNSense in Site 1 and Site 2 is on the other/older firewall.

Gateway monitoring doesn't even work on OPNSense.
I can monitor and get a ping response from Site 2 gateway from OPNSense CLI but not the default gateway in Site 2

Obviously I'm missing something in routing, but I can't see it ...

Anyone got any hints?
#12
23.7 Legacy Series / smartmontools on 23.7.12
January 25, 2024, 02:25:48 PM
When installing the os-smart plugin to monitor drive health, the message below is displayed.

There is no /etc/periodic.conf file.
Just daily, weekly, etc, directories in /etc/periodic 

Should this file be created or should an entry in the appropriate period be created?


QuoteMessage from smartmontools-7.4_1:

--
smartmontools has been installed

To check the status of drives, use the following:

   /usr/local/sbin/smartctl -a /dev/ad0   for first ATA/SATA drive
   /usr/local/sbin/smartctl -a /dev/da0   for first SCSI drive
   /usr/local/sbin/smartctl -a /dev/ada0   for first SATA drive

To include drive health information in your daily status reports,
add a line like the following to /etc/periodic.conf:
   daily_status_smart_devices="/dev/ad0 /dev/da0"
substituting the appropriate device names for your SMART-capable disks.

To enable drive monitoring, you can use /usr/local/sbin/smartd.
A sample configuration file has been installed as
/usr/local/etc/smartd.conf.sample
Copy this file to /usr/local/etc/smartd.conf and edit appropriately

To have smartd start at boot
   echo 'smartd_enable="YES"' >> /etc/rc.conf
#13
I have a Supermicro 1U Server I'm (going) to use as a firewall.
4 500GB enterprise SATA disks, so ZFS raidz3 might be a good approach.

It ran so long I stopped it and tried another firewall product that can use ZFS and on the same hardware installation time is minutes, not hours.

I'm running the installation of opnsense 23.7 again ...  I'm 3+ hours in and the screen says 38%.

Is this normal?
Anyone else using ZFS?
#14
If a query forward for a specific domain exists in unbound AND a redirect for all DNS queries are redirected to 127.0.0.1, which takes precedent?
#15
I have an interface on the OPNSense that is used to send/receive traffic from another network via a dedicated link to another building.

Interface is configured, gateway is set up, static route is added.  (Both sides)

One site interface IP is 192.168.30.1, the other has an interface IP of 192.168.30.2
Gateway on the .1 side is the .2 IP.
Gateway on the .2 side is the .1 IP.
The monitor IP on each is the LAN ip of the respective firewall.  (192.168.10.1 on the .1 side and 192.168.20.1 on the .2 side.)
Static routes have been added for each network -- routes for traffic to the .20/24 has been added and a route for the .10/24 has been added.

From OPNSense on the "LAN" net, I can access servers on the 192.168.30.0/24 net but not the 192.168.20.0/24 net.

When the gateways are configured, you can set up a "monitoring IP" -- it is set for the primary LAN interface IP on both sides.
OPNSense identifies the gateway as up, but the other end sees the OPNSense gateway as down.

It's like static routes are ignored on PFsense.

Do route changes require a reboot?

What settings am I missing on the OPNSense to make this work?
#16
23.7 Legacy Series / Gateway to another network
January 18, 2024, 02:19:07 PM
I had this set up and working with another firewall product, but can't seem to make it happen now.
A lot more things to twiddle in OPNSense I think.

I have OPNSense1 set up with WAN/LAN ans some optional interfaces.

One of the optional interfaces is a 10G link to another building with it's own firewall and internet connection.
(One internet connection is DSL the other is line-of-sight radio, and traffic needs are very different on both.)

Previously, I configured an interface on each firewall for the connection between buildings, added a gateway on each with the interface on the opposite firewall as the gateway IP address, and the LAN IP on the opposite firewall as the monitor IP.



That's not working in OPNSense for some reason. 

And best of all, when I activate the route and gateway, my DMZ subnet loses WAN access :/

What portions of this configuration can I post here for suggestions on how to make this work?

Visual if that helps.  Trying to get the gateway/route correct to connect the two sites.


One thing I do see in the static route configuration section is this statement:
"Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway. "

As soon as I enable this route:
Disabled Network                    Gateway                                  Description                Commands
              192.168.20.0/24   OfficeLabGW - 192.168.30.2   Static route to site 2   

And this gateway:
OfficeLabGW    OfficeLab    IPv4    255    192.168.30.2    192.168.20.1    ~    ~    ~    Pending    OfficeLab Gateway

Most everything loses access to the internet.

This rather simple setup worked with the firewall I previously used, so I know it's possible.
I suspect I'm just missing something basic.
#17
This is getting to be a steep learning curve :)

For the most part so far(with some real weirdness), the WAN and LAN traffic seem to be working as expected.
DHCP active on LAN (I'm typing this from a desktop connected to LAN right now on a DHCP lease.

I need to setup several other "LAN" interfaces for various purposes -- some of them need to be isolated from everything but the internet and one is just for traffic to another building.

So, I have configured so far:
WAN
LAN
(Both working pretty much as expected)

WLAN         192.168.15.0/24
Work           192.168.50.0/24
10GLAN     192.168.40.0/24
Outbuilding 192.168.30.0/24

For most of this, /24 is overkill but it keeps it simple(ish).

I can match the physical interface in the UI by observing the display in the console --

WLAN   (igb3)      192.168.15.1/24
Work     (igb3)      192.168.50.1/24
10GLAN  (ix1)      192.168.40.1/24
Outbuilding (ix0)   192.168.30.1/24

The interface names and MAC address on the console agree with the interface names in the UI.

I have enabled DHCP on Work and WLAN -- plugging in a laptop on the Work segment gets a DHCP assignment from the WLAN range.
I swap the interface to the WLAN interface and I get an address in the Work range...


How exactly are DHCP services tied to an interface?
I'm not sure what I'm doing wrong here ...



LAN is a 192.168.0.0/24

I need to create a subnet for Windows laptops.
Win 192.168.50.0./24
DHCP enabled for about 10 IPs in this range.
Access to the internet using but no access to any other systems behind the OPNSense box.
I don't care if it uses external DNS -- I need these latops completely isolated from the internal network as a priority.

Instead of a LAN to Any rule, would the proper way to do this be Windows to This Firewall rule?







I created another subnet by adding an interface with a different 192.168.0.0/24.
Enabled DHCP, booted a laptop connected to that interface ...
I can see that it gets an IP on the
#18
Which gets the most stable updates?  Business?
The default was set to Community.

I ask because I'm getting some really special behavior after the last update.


#19
Under System -> Settings -> Administration there is a "Listen Interfaces" set to the default of "All".
The WAN interface appears in this list -- is the admin UI presented to the WAN interface?

I'm setting this up with 5 interfaces plus the WAN.

If "All " presents the UI to the WAN, how do I select multiple interfaces without the WAN?
The only option I can see is just one interface or all interfaces.


After selecting a single interface you can add additional interfaces,

Starting the appliance up with the WAN interface enabled seems a little ... unsafe?
Had I not been normally paranoid I probably would have never looked for that setting.

Shouldn't access from the WAN be disabled be default?
#20
I have been waiting for ... something ... to happen in this upgrade attempt.
It started at 11:19 and it's now 13:00 -- I assume something went south somewhere.

What's the safe method to recover?
A halt/reboot from the console?


Really tired of waiting, so I'm rebooting to see if that gets it un-stuck. 
Or just blows up entirely ...



***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.7 at Wed Jan 17 11:19:12 CST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (144 candidates): .......... done
Processing candidates (144 candidates): ....... done
The following 103 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
ivykis: 0.42.4_1
libpfctl: 0.8
openssl111: 1.1.1w
php82-pcntl: 8.2.14
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20230225

Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
ca_root_nss: 3.91 -> 3.93
choparp: 20150613 -> 20150613_1
curl: 8.1.2 -> 8.5.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.5 -> 3.1.7
filterlog: 0.7 -> 0.7_1
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.76.4,2 -> 2.78.3,2
gmp: 6.2.1 -> 6.3.0
hostapd: 2.10_5 -> 2.10_8
json-c: 0.16 -> 0.17
krb5: 1.21.1 -> 1.21.2
libedit: 3.1.20221030,1 -> 3.1.20230828,1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.54.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.91 -> 3.95
ntp: 4.2.8p17 -> 4.2.8p17_1
oniguruma: 6.9.8_1 -> 6.9.9
openldap26-client: 2.6.5 -> 2.6.6
openssh-portable: 9.3.p2,1 -> 9.6.p1_1,1
openvpn: 2.6.5 -> 2.6.8_1
opnsense: 23.7 -> 23.7.12
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 22.7.3 -> 23.7.11
opnsense-update: 23.7 -> 23.7.10_1
perl5: 5.32.1_4 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.8 -> 8.2.14
php82-ctype: 8.2.8 -> 8.2.14
php82-curl: 8.2.8 -> 8.2.14
php82-dom: 8.2.8 -> 8.2.14
php82-filter: 8.2.8 -> 8.2.14
php82-gettext: 8.2.8 -> 8.2.14
php82-ldap: 8.2.8 -> 8.2.14
php82-mbstring: 8.2.8 -> 8.2.14
php82-pdo: 8.2.8 -> 8.2.14
php82-phalcon: 5.2.3 -> 5.3.1
php82-phpseclib: 3.0.19 -> 3.0.34
php82-session: 8.2.8 -> 8.2.14
php82-simplexml: 8.2.8 -> 8.2.14
php82-sockets: 8.2.8 -> 8.2.14
php82-sqlite3: 8.2.8 -> 8.2.14
php82-xml: 8.2.8 -> 8.2.14
php82-zlib: 8.2.8 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.12.1 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 3.7.1 -> 4.2.0
py39-certifi: 2023.5.7 -> 2023.11.17
py39-cffi: 1.15.1 -> 1.16.0
py39-charset-normalizer: 3.2.0 -> 3.3.2
py39-cryptography: 3.4.8_1,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-dnspython: 2.4.0,1 -> 2.4.2,1
py39-exceptiongroup: 1.1.2 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.17.3 -> 1.0.2
py39-httpx: 0.24.1 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.8.0 -> 0.10.1
py39-numexpr: 2.8.4_1 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-openssl: 21.0.0,1 -> 23.2.0,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-sqlite3: 3.9.17_7 -> 3.9.18_7
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.16,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
python39: 3.9.17 -> 3.9.18
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.42.0,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.10_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.13_1 -> 6.0.15
syslog-ng: 4.2.0 -> 4.4.0
unbound: 1.17.1_3 -> 1.19.0
wpa_supplicant: 2.10_6 -> 2.10_10

Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)

Number of packages to be installed: 9
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 6

The process will require 27 MiB more space.
96 MiB to be downloaded.
[1/103] Fetching py39-httpx-0.26.0.pkg: .......... done
[2/103] Fetching unbound-1.19.0.pkg: .......... done
[3/103] Fetching php82-session-8.2.14.pkg: ..... done
[4/103] Fetching wpa_supplicant-2.10_10.pkg: .......... done
[5/103] Fetching filterlog-0.7_1.pkg: . done
[6/103] Fetching py39-pyasn1-0.5.0.pkg: .......... done
[7/103] Fetching lighttpd-1.4.73.pkg: .......... done
[8/103] Fetching py39-exceptiongroup-1.2.0.pkg: ... done
[9/103] Fetching opnsense-update-23.7.10_1.pkg: ..... done
[10/103] Fetching hostapd-2.10_8.pkg: .......... done
[11/103] Fetching py39-httpcore-1.0.2.pkg: .......... done
[12/103] Fetching py39-cryptography-41.0.7_2,1.pkg: .......... done
[13/103] Fetching monit-5.33.0.pkg: .......... done
[14/103] Fetching py39-service-identity-23.1.0.pkg: ... done
[15/103] Fetching nss-3.95.pkg: .......... done
[16/103] Fetching cpdup-1.22.pkg: .... done
[17/103] Fetching py39-pyasn1-modules-0.3.0.pkg: .......... done
[18/103] Fetching php82-zlib-8.2.14.pkg: ... done
[19/103] Fetching php82-dom-8.2.14.pkg: ......... done
[20/103] Fetching php82-simplexml-8.2.14.pkg: ... done
[21/103] Fetching py39-numpy-1.25.0_4,1.pkg: .......... done
[22/103] Fetching json-c-0.17.pkg: ......... done
[23/103] Fetching py39-outcome-1.3.0_1.pkg: .. done
[24/103] Fetching easy-rsa-3.1.7.pkg: ....... done
[25/103] Fetching choparp-20150613_1.pkg: . done
[26/103] Fetching ldns-1.8.3.pkg: .......... done
[27/103] Fetching py39-openssl-23.2.0,1.pkg: .......... done
[28/103] Fetching py39-cython-0.29.37.pkg: .......... done
[29/103] Fetching cyrus-sasl-gssapi-2.1.28.pkg: .... done
[30/103] Fetching openvpn-2.6.8_1.pkg: .......... done
[31/103] Fetching php82-pdo-8.2.14.pkg: ....... done
[32/103] Fetching libnghttp2-1.58.0.pkg: .......... done
[33/103] Fetching py39-yaml-6.0.1.pkg: .......... done
[34/103] Fetching libxml2-2.10.4_2.pkg: .......... done
[35/103] Fetching krb5-1.21.2.pkg: .......... done
[36/103] Fetching py39-dnspython-2.4.2,1.pkg: .......... done
[37/103] Fetching py39-urllib3-1.26.18,1.pkg: .......... done
[38/103] Fetching php82-curl-8.2.14.pkg: ...... done
[39/103] Fetching python39-3.9.18.pkg: .......... done
[40/103] Fetching py39-charset-normalizer-3.3.2.pkg: ......... done
[41/103] Fetching rrdtool-1.8.0_3.pkg: .......... done
[42/103] Fetching py39-sqlite3-3.9.18_7.pkg: .... done
[43/103] Fetching py39-aioquic-0.9.24.pkg: .......... done
[44/103] Fetching php82-phalcon-5.3.1.pkg: .......... done
[45/103] Fetching php82-mbstring-8.2.14.pkg: .......... done
[46/103] Fetching isc-dhcp44-server-4.4.3P1.pkg: .......... done
[47/103] Fetching ntp-4.2.8p17_1.pkg: .......... done
[48/103] Fetching syslog-ng-4.4.0.pkg: .......... done
[49/103] Fetching py39-ujson-5.9.0.pkg: ...... done
[50/103] Fetching libpsl-0.21.2_4.pkg: ........ done
[51/103] Fetching py39-anyio-4.2.0.pkg: .......... done
[52/103] Fetching py39-numexpr-2.8.8.pkg: .......... done
[53/103] Fetching libfido2-1.14.0.pkg: .......... done
[54/103] Fetching py39-tzdata-2023.4.pkg: .......... done
[55/103] Fetching php82-ldap-8.2.14.pkg: ..... done
[56/103] Fetching py39-pylsqpack-0.3.18.pkg: ........ done
[57/103] Fetching ca_root_nss-3.93.pkg: .......... done
[58/103] Fetching libevent-2.1.12.pkg: .......... done
[59/103] Fetching ivykis-0.42.4_1.pkg: ......... done
[60/103] Fetching beep-1.0_2.pkg: . done
[61/103] Fetching libedit-3.1.20230828,1.pkg: .......... done
[62/103] Fetching py39-trio-0.24.0.pkg: .......... done
[63/103] Fetching pkcs11-helper-1.29.0_1.pkg: .......... done
[64/103] Fetching php82-sockets-8.2.14.pkg: ...... done
[65/103] Fetching php82-8.2.14.pkg: .......... done
[66/103] Fetching php82-sqlite3-8.2.14.pkg: .... done
[67/103] Fetching php82-pcntl-8.2.14.pkg: ... done
[68/103] Fetching php82-xml-8.2.14.pkg: ... done
[69/103] Fetching gmp-6.3.0.pkg: .......... done
[70/103] Fetching curl-8.5.0.pkg: .......... done
[71/103] Fetching gettext-runtime-0.22.3.pkg: .......... done
[72/103] Fetching py39-cffi-1.16.0.pkg: .......... done
[73/103] Fetching libpfctl-0.8.pkg: .. done
[74/103] Fetching php82-phpseclib-3.0.34.pkg: .......... done
[75/103] Fetching openssh-portable-9.6.p1_1,1.pkg: .......... done
[76/103] Fetching cyrus-sasl-2.1.28_1.pkg: .......... done
[77/103] Fetching libnet-1.3,1.pkg: .......... done
[78/103] Fetching suricata-6.0.15.pkg: .......... done
[79/103] Fetching mpd5-5.9_17.pkg: .......... done
[80/103] Fetching sqlite3-3.44.0_1,1.pkg: .......... done
[81/103] Fetching py39-Babel-2.14.0.pkg: .......... done
[82/103] Fetching php82-gettext-8.2.14.pkg: . done
[83/103] Fetching openldap26-client-2.6.6.pkg: .......... done
[84/103] Fetching py39-certifi-2023.11.17.pkg: .......... done
[85/103] Fetching glib-2.78.3,2.pkg: .......... done
[86/103] Fetching perl5-5.36.3_1.pkg: .......... done
[87/103] Fetching openssl111-1.1.1w.pkg: .......... done
[88/103] Fetching opnsense-23.7.12.pkg: .......... done
[89/103] Fetching oniguruma-6.9.9.pkg: .......... done
[90/103] Fetching squid-6.6.pkg: .......... done
[91/103] Fetching strongswan-5.9.13.pkg: .......... done
[92/103] Fetching readline-8.2.7.pkg: .......... done
[93/103] Fetching sudo-1.9.15p5.pkg: .......... done
[94/103] Fetching php82-ctype-8.2.14.pkg: . done
[95/103] Fetching opnsense-installer-24.1.pkg: ... done
[96/103] Fetching opnsense-lang-23.7.11.pkg: .......... done
[97/103] Fetching py39-netaddr-0.10.1.pkg: .......... done
[98/103] Fetching squid-langpack-7.0.0.20230225.pkg: .......... done
[99/103] Fetching pftop-0.10.pkg: ........ done
[100/103] Fetching py39-idna-3.6.pkg: ......... done
[101/103] Fetching php82-filter-8.2.14.pkg: ... done
[102/103] Fetching py39-typing-extensions-4.9.0.pkg: ...... done
[103/103] Fetching py39-h2-4.1.0.pkg: ......... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-1.1.1u,1 on /usr/local/bin/c_rehash
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 104 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
openssl: 1.1.1u,1

New packages to be INSTALLED:
ivykis: 0.42.4_1
libpfctl: 0.8
openssl111: 1.1.1w
php82-pcntl: 8.2.14
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20230225

Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
ca_root_nss: 3.91 -> 3.93
choparp: 20150613 -> 20150613_1
curl: 8.1.2 -> 8.5.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.5 -> 3.1.7
filterlog: 0.7 -> 0.7_1
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.76.4,2 -> 2.78.3,2
gmp: 6.2.1 -> 6.3.0
hostapd: 2.10_5 -> 2.10_8
json-c: 0.16 -> 0.17
krb5: 1.21.1 -> 1.21.2
libedit: 3.1.20221030,1 -> 3.1.20230828,1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.54.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.91 -> 3.95
ntp: 4.2.8p17 -> 4.2.8p17_1
oniguruma: 6.9.8_1 -> 6.9.9
openldap26-client: 2.6.5 -> 2.6.6
openssh-portable: 9.3.p2,1 -> 9.6.p1_1,1
openvpn: 2.6.5 -> 2.6.8_1
opnsense: 23.7 -> 23.7.12
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 22.7.3 -> 23.7.11
opnsense-update: 23.7 -> 23.7.10_1
perl5: 5.32.1_4 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.8 -> 8.2.14
php82-ctype: 8.2.8 -> 8.2.14
php82-curl: 8.2.8 -> 8.2.14
php82-dom: 8.2.8 -> 8.2.14
php82-filter: 8.2.8 -> 8.2.14
php82-gettext: 8.2.8 -> 8.2.14
php82-ldap: 8.2.8 -> 8.2.14
php82-mbstring: 8.2.8 -> 8.2.14
php82-pdo: 8.2.8 -> 8.2.14
php82-phalcon: 5.2.3 -> 5.3.1
php82-phpseclib: 3.0.19 -> 3.0.34
php82-session: 8.2.8 -> 8.2.14
php82-simplexml: 8.2.8 -> 8.2.14
php82-sockets: 8.2.8 -> 8.2.14
php82-sqlite3: 8.2.8 -> 8.2.14
php82-xml: 8.2.8 -> 8.2.14
php82-zlib: 8.2.8 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.12.1 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 3.7.1 -> 4.2.0
py39-certifi: 2023.5.7 -> 2023.11.17
py39-cffi: 1.15.1 -> 1.16.0
py39-charset-normalizer: 3.2.0 -> 3.3.2
py39-cryptography: 3.4.8_1,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-dnspython: 2.4.0,1 -> 2.4.2,1
py39-exceptiongroup: 1.1.2 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.17.3 -> 1.0.2
py39-httpx: 0.24.1 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.8.0 -> 0.10.1
py39-numexpr: 2.8.4_1 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-openssl: 21.0.0,1 -> 23.2.0,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-sqlite3: 3.9.17_7 -> 3.9.18_7
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.16,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
python39: 3.9.17 -> 3.9.18
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.42.0,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.10_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.13_1 -> 6.0.15
syslog-ng: 4.2.0 -> 4.4.0
unbound: 1.17.1_3 -> 1.19.0
wpa_supplicant: 2.10_6 -> 2.10_10

Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)

Number of packages to be removed: 1
Number of packages to be installed: 9
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 6

The process will require 13 MiB more space.
[1/104] Deinstalling openssl-1.1.1u,1...
[1/104] Deleting files for openssl-1.1.1u,1: .......... done
[2/104] Installing openssl111-1.1.1w...
[2/104] Extracting openssl111-1.1.1w: .......... done
[3/104] Installing libpfctl-0.8...
[3/104] Extracting libpfctl-0.8: ...... done
[4/104] Upgrading ca_root_nss from 3.91 to 3.93...
[4/104] Extracting ca_root_nss-3.93: ...... done
[5/104] Upgrading filterlog from 0.7 to 0.7_1...
[5/104] Extracting filterlog-0.7_1: .... done
[6/104] Upgrading choparp from 20150613 to 20150613_1...
[6/104] Extracting choparp-20150613_1: ...... done
[7/104] Upgrading beep from 1.0_1 to 1.0_2...
[7/104] Extracting beep-1.0_2: ..... done
[8/104] Upgrading sudo from 1.9.14p3 to 1.9.15p5...
[8/104] Extracting sudo-1.9.15p5: .......... done
[9/104] Upgrading opnsense-lang from 22.7.3 to 23.7.11...
[9/104] Extracting opnsense-lang-23.7.11: .......... done
[10/104] Upgrading pftop from 0.8_4 to 0.10...
[10/104] Extracting pftop-0.10: ..... done
[11/104] Upgrading libedit from 3.1.20221030,1 to 3.1.20230828,1...
[11/104] Extracting libedit-3.1.20230828,1: .......... done
[12/104] Upgrading sqlite3 from 3.42.0,1 to 3.44.0_1,1...
[12/104] Extracting sqlite3-3.44.0_1,1: .......... done
[13/104] Upgrading readline from 8.2.1 to 8.2.7...
[13/104] Extracting readline-8.2.7: .......... done
[14/104] Upgrading libnghttp2 from 1.54.0 to 1.58.0...
[14/104] Extracting libnghttp2-1.58.0: .......... done
[15/104] Upgrading libpsl from 0.21.2_3 to 0.21.2_4...
[15/104] Extracting libpsl-0.21.2_4: .......... done
[16/104] Upgrading nss from 3.91 to 3.95...
[16/104] Extracting nss-3.95: .......... done
[17/104] Upgrading libnet from 1.2,1 to 1.3,1...
[17/104] Extracting libnet-1.3,1: .......... done
[18/104] Upgrading libxml2 from 2.10.4 to 2.10.4_2...
[18/104] Extracting libxml2-2.10.4_2: .......... done
[19/104] Upgrading gettext-runtime from 0.22_1 to 0.22.3...
[19/104] Extracting gettext-runtime-0.22.3: .......... done
[20/104] Upgrading json-c from 0.16 to 0.17...
[20/104] Extracting json-c-0.17: .......... done
[21/104] Upgrading curl from 8.1.2 to 8.5.0...
[21/104] Extracting curl-8.5.0: .......... done
[22/104] Upgrading perl5 from 5.32.1_4 to 5.36.3_1...
[22/104] Extracting perl5-5.36.3_1: .......... done
[23/104] Reinstalling libevent-2.1.12...
[23/104] Extracting libevent-2.1.12: .......... done
[24/104] Upgrading oniguruma from 6.9.8_1 to 6.9.9...
[24/104] Extracting oniguruma-6.9.9: .......... done
[25/104] Upgrading python39 from 3.9.17 to 3.9.18...
[25/104] Extracting python39-3.9.18: .......... done
[26/104] Reinstalling ldns-1.8.3...
[26/104] Extracting ldns-1.8.3: .......... done
[27/104] Installing py39-pyasn1-0.5.0...
[27/104] Extracting py39-pyasn1-0.5.0: .......... done
[28/104] Upgrading py39-exceptiongroup from 1.1.2 to 1.2.0...
[28/104] Extracting py39-exceptiongroup-1.2.0: .......... done
[29/104] Upgrading py39-cffi from 1.15.1 to 1.16.0...
[29/104] Extracting py39-cffi-1.16.0: .......... done
[30/104] Upgrading py39-idna from 3.4_1 to 3.6...
[30/104] Extracting py39-idna-3.6: .......... done
[31/104] Installing py39-typing-extensions-4.9.0...
[31/104] Extracting py39-typing-extensions-4.9.0: .......... done
[32/104] Upgrading krb5 from 1.21.1 to 1.21.2...
[32/104] Extracting krb5-1.21.2: .......... done
[33/104] Upgrading cyrus-sasl from 2.1.28 to 2.1.28_1...
*** Updated user `cyrus'.
[33/104] Extracting cyrus-sasl-2.1.28_1: .......... done
[34/104] Upgrading py39-cryptography from 3.4.8_1,1 to 41.0.7_2,1...
[34/104] Extracting py39-cryptography-41.0.7_2,1: .......... done
[35/104] Installing py39-pyasn1-modules-0.3.0...
[35/104] Extracting py39-pyasn1-modules-0.3.0: .......... done
[36/104] Upgrading py39-anyio from 3.7.1 to 4.2.0...
[36/104] Extracting py39-anyio-4.2.0: .......... done
[37/104] Upgrading py39-certifi from 2023.5.7 to 2023.11.17...
[37/104] Extracting py39-certifi-2023.11.17: .......... done
[38/104] Upgrading py39-h2 from 4.0.0 to 4.1.0...
[38/104] Extracting py39-h2-4.1.0: .......... done
[39/104] Reinstalling cyrus-sasl-gssapi-2.1.28...
[39/104] Extracting cyrus-sasl-gssapi-2.1.28: .......... done
[40/104] Upgrading easy-rsa from 3.1.5 to 3.1.7...
[40/104] Extracting easy-rsa-3.1.7: .......... done
[41/104] Upgrading pkcs11-helper from 1.29.0 to 1.29.0_1...
[41/104] Extracting pkcs11-helper-1.29.0_1: .......... done
[42/104] Upgrading php82 from 8.2.8 to 8.2.14...
[42/104] Extracting php82-8.2.14: .......... done
[43/104] Upgrading py39-httpcore from 0.17.3 to 1.0.2...
[43/104] Extracting py39-httpcore-1.0.2: .......... done
[44/104] Installing py39-service-identity-23.1.0...
[44/104] Extracting py39-service-identity-23.1.0: .......... done
[45/104] Upgrading py39-outcome from 1.2.0 to 1.3.0_1...
[45/104] Extracting py39-outcome-1.3.0_1: .......... done
[46/104] Upgrading py39-openssl from 21.0.0,1 to 23.2.0,1...
[46/104] Extracting py39-openssl-23.2.0,1: .......... done
[47/104] Upgrading py39-pylsqpack from 0.3.17 to 0.3.18...
[47/104] Extracting py39-pylsqpack-0.3.18: .......... done
[48/104] Reinstalling cpdup-1.22...
[48/104] Extracting cpdup-1.22: ..... done
[49/104] Upgrading py39-httpx from 0.24.1 to 0.26.0...
[49/104] Extracting py39-httpx-0.26.0: .......... done
[50/104] Upgrading php82-session from 8.2.8 to 8.2.14...
[50/104] Extracting php82-session-8.2.14: .......... done
[51/104] Upgrading php82-pdo from 8.2.8 to 8.2.14...
[51/104] Extracting php82-pdo-8.2.14: .......... done
[52/104] Upgrading py39-yaml from 6.0 to 6.0.1...
[52/104] Extracting py39-yaml-6.0.1: .......... done
[53/104] Upgrading py39-aioquic from 0.9.21 to 0.9.24...
[53/104] Extracting py39-aioquic-0.9.24: .......... done
[54/104] Upgrading php82-mbstring from 8.2.8 to 8.2.14...
[54/104] Extracting php82-mbstring-8.2.14: .......... done
[55/104] Upgrading libfido2 from 1.13.0 to 1.14.0...
[55/104] Extracting libfido2-1.14.0: .......... done
[56/104] Installing ivykis-0.42.4_1...
[56/104] Extracting ivykis-0.42.4_1: .......... done
[57/104] Upgrading py39-trio from 0.22.2 to 0.24.0...
[57/104] Extracting py39-trio-0.24.0: .......... done
[58/104] Upgrading openldap26-client from 2.6.5 to 2.6.6...
[58/104] Extracting openldap26-client-2.6.6: .......... done
[59/104] Upgrading glib from 2.76.4,2 to 2.78.3,2...
[59/104] Extracting glib-2.78.3,2: .......... done
[60/104] Upgrading py39-numpy from 1.25.0,1 to 1.25.0_4,1...
[60/104] Extracting py39-numpy-1.25.0_4,1: .......... done
[61/104] Upgrading php82-zlib from 8.2.8 to 8.2.14...
[61/104] Extracting php82-zlib-8.2.14: ........ done
[62/104] Upgrading py39-sqlite3 from 3.9.17_7 to 3.9.18_7...
[62/104] Extracting py39-sqlite3-3.9.18_7: ........ done
[63/104] Upgrading php82-xml from 8.2.8 to 8.2.14...
[63/104] Extracting php82-xml-8.2.14: ......... done
[64/104] Upgrading unbound from 1.17.1_3 to 1.19.0...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[64/104] Extracting unbound-1.19.0: .......... done
[65/104] Upgrading wpa_supplicant from 2.10_6 to 2.10_10...
[65/104] Extracting wpa_supplicant-2.10_10: ....... done
[66/104] Upgrading lighttpd from 1.4.71 to 1.4.73...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[66/104] Extracting lighttpd-1.4.73: .......... done
[67/104] Upgrading opnsense-update from 23.7 to 23.7.10_1...
[67/104] Extracting opnsense-update-23.7.10_1: .......... done
[68/104] Upgrading hostapd from 2.10_5 to 2.10_8...
[68/104] Extracting hostapd-2.10_8: ....... done
[69/104] Reinstalling monit-5.33.0...
[69/104] Extracting monit-5.33.0: ....... done
[70/104] Upgrading php82-dom from 8.2.8 to 8.2.14...
[70/104] Extracting php82-dom-8.2.14: .......... done
[71/104] Upgrading php82-simplexml from 8.2.8 to 8.2.14...
[71/104] Extracting php82-simplexml-8.2.14: ......... done
[72/104] Upgrading openvpn from 2.6.5 to 2.6.8_1...
===> Creating groups.
Using existing group 'openvpn'.
===> Creating users
Using existing user 'openvpn'.
[72/104] Extracting openvpn-2.6.8_1: .......... done
[73/104] Upgrading py39-dnspython from 2.4.0,1 to 2.4.2,1...
[73/104] Extracting py39-dnspython-2.4.2,1: .......... done
[74/104] Upgrading php82-curl from 8.2.8 to 8.2.14...
[74/104] Extracting php82-curl-8.2.14: .......... done
[75/104] Upgrading rrdtool from 1.8.0_2 to 1.8.0_3...
[75/104] Extracting rrdtool-1.8.0_3: .......... done
[76/104] Upgrading php82-phalcon from 5.2.3 to 5.3.1...
[76/104] Extracting php82-phalcon-5.3.1: ........ done
[77/104] Reinstalling isc-dhcp44-server-4.4.3P1...
===> Creating groups.
Using existing group 'dhcpd'.
===> Creating users
Using existing user 'dhcpd'.
[77/104] Extracting isc-dhcp44-server-4.4.3P1: .......... done
[78/104] Upgrading ntp from 4.2.8p17 to 4.2.8p17_1...
[78/104] Extracting ntp-4.2.8p17_1: .......... done
[79/104] Upgrading syslog-ng from 4.2.0 to 4.4.0...
[79/104] Extracting syslog-ng-4.4.0: .......... done
[80/104] Upgrading py39-ujson from 5.8.0 to 5.9.0...
[80/104] Extracting py39-ujson-5.9.0: ......... done
[81/104] Upgrading php82-ldap from 8.2.8 to 8.2.14...
[81/104] Extracting php82-ldap-8.2.14: ........ done
[82/104] Upgrading php82-sockets from 8.2.8 to 8.2.14...
[82/104] Extracting php82-sockets-8.2.14: .......... done
[83/104] Upgrading php82-sqlite3 from 8.2.8 to 8.2.14...
[83/104] Extracting php82-sqlite3-8.2.14: ......... done
[84/104] Installing php82-pcntl-8.2.14...
[84/104] Extracting php82-pcntl-8.2.14: ......... done
[85/104] Upgrading php82-phpseclib from 3.0.19 to 3.0.34...
[85/104] Extracting php82-phpseclib-3.0.34: ......... done
[86/104] Upgrading openssh-portable from 9.3.p2,1 to 9.6.p1_1,1...
[86/104] Extracting openssh-portable-9.6.p1_1,1: .......... done
[87/104] Upgrading suricata from 6.0.13_1 to 6.0.15...
[87/104] Extracting suricata-6.0.15: .......... done
[88/104] Upgrading mpd5 from 5.9_16 to 5.9_17...
[88/104] Extracting mpd5-5.9_17: .......... done
[89/104] Upgrading php82-gettext from 8.2.8 to 8.2.14...
[89/104] Extracting php82-gettext-8.2.14: ........ done
[90/104] Upgrading squid from 5.9 to 6.6...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-6.6
[90/104] Extracting squid-6.6: .......... done
[91/104] Upgrading strongswan from 5.9.10_2 to 5.9.13...
[91/104] Extracting strongswan-5.9.13: .......... done
[92/104] Upgrading php82-ctype from 8.2.8 to 8.2.14...
[92/104] Extracting php82-ctype-8.2.14: ........ done
[93/104] Upgrading opnsense-installer from 23.1 to 24.1...
[93/104] Extracting opnsense-installer-24.1: .......... done
[94/104] Upgrading py39-netaddr from 0.8.0 to 0.10.1...
[94/104] Extracting py39-netaddr-0.10.1: .......... done
[95/104] Installing squid-langpack-7.0.0.20230225...
[95/104] Extracting squid-langpack-7.0.0.20230225: .......... done
[96/104] Upgrading php82-filter from 8.2.8 to 8.2.14...
[96/104] Extracting php82-filter-8.2.14: ......... done
[97/104] Upgrading py39-cython from 0.29.36 to 0.29.37...
[97/104] Extracting py39-cython-0.29.37: .......... done
[98/104] Upgrading py39-numexpr from 2.8.4_1 to 2.8.8...
[98/104] Extracting py39-numexpr-2.8.8: .......... done
[99/104] Upgrading py39-tzdata from 2023.3_1 to 2023.4...
[99/104] Extracting py39-tzdata-2023.4: .......... done
[100/104] Upgrading gmp from 6.2.1 to 6.3.0...
[100/104] Extracting gmp-6.3.0: .......... done
[101/104] Upgrading py39-urllib3 from 1.26.16,1 to 1.26.18,1...
[101/104] Extracting py39-urllib3-1.26.18,1: .......... done
[102/104] Upgrading py39-charset-normalizer from 3.2.0 to 3.3.2...
[102/104] Extracting py39-charset-normalizer-3.3.2: .......... done
[103/104] Upgrading py39-Babel from 2.12.1 to 2.14.0...
[103/104] Extracting py39-Babel-2.14.0: .......... done
[104/104] Upgrading opnsense from 23.7 to 23.7.12...
[104/104] Extracting opnsense-23.7.12: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Migrated OPNsense\Monit\Monit from 1.0.11 to 1.0.12
Migrated OPNsense\IDS\IDS from 1.0.7 to 1.0.9
Migrated OPNsense\Unbound\Unbound from 1.0.6 to 1.0.8
Migrated OPNsense\Routing\Gateways from 0.0.0 to 0.0.1
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/blacklisted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring system logging...done.
Compiling glib schemas
No schema files found: doing nothing.
Generating GIO modules cache
=====
Message from openssl111-1.1.1w:

--
===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

End-of-life since 2023-09-11, see https://www.openssl.org/blog/blog/2023/09/11/eol-111/  port will be removed when FreeBSD 13 is EoL.

It is scheduled to be removed on or after 2026-01-31.
=====
Message from openvpn-2.6.8_1:

--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
=====
Message from php82-pcntl-8.2.14:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-pcntl.ini.sample
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/squid/squid.conf if it is no longer needed.
=====
Message from strongswan-5.9.13:

--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from squid-langpack-7.0.0.20230225:

--
To use the squid language pack, use the directive:

error_directory /usr/local/share/squid-langpack/language

in your squid.conf. Example:

error_directory /usr/local/share/squid-langpack/sk
=====
Message from py39-urllib3-1.26.18,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
=====
Message from opnsense-23.7.12:

--
Beep! Beep!
Files /var/cache/opnsense-update/91549/OPNsense.conf and /usr/local/etc/pkg/repos/OPNsense.conf differ
Updating OPNsense repository catalogue...
pkg-static: Repository OPNsense has a wrong packagesite, need to re-create database
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: No route to host
pkg-static: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-23.7.10-amd64.txz: ...