"
I don't think these changes from 25.1.9 caused this to start working, but we did do a few things in earlier 25.1.x to improve the default gateway switching amongst others.
Cheers,
Franco
Cheers,
Franco
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#16
24.7, 24.10 Legacy Series / Re: Routing issues on failover WAN with 24.7.6
June 23, 2025, 08:47:41 AM #17
24.7, 24.10 Legacy Series / Re: Problem updating to business edition
June 23, 2025, 08:45:19 AM
Your installation appears to be quite broken as if the core package was partially uninstalled likely following the use of the FreeBSD package repository. Unfortunately it may have also scrubbed your subscription awareness so reinstalling is probably the fastest approach with an image from https://opnsense-update.deciso.com/
Cheers,
Franco
Cheers,
Franco
#18
Announcements / Re: OPNsense 25.1.9 released
June 20, 2025, 01:51:17 PM
A hotfix release was issued as 25.1.9_2:
o system: fix route status removal buttons
o openvpn: fix server deletion in legacy page
o system: fix route status removal buttons
o openvpn: fix server deletion in legacy page
#19
General Discussion / Re: if_pppoe performance on APU2
June 19, 2025, 11:23:23 AM
I think so. And iflib in FreeBSD allows easy deployment of a multi-threaded driver like the infamously pulled WireGuard implementation.
Cheers,
Franco
Cheers,
Franco
#20
25.1, 25.4 Production Series / Re: OPNsense won't boot after upgrade to 25.1.8_1
June 19, 2025, 10:34:16 AM
The old version should work as discussed.
It could be a bug in conjunction with the FreeBSD code and fixed there, but that would require some developer being interested and I still doubt Intel should cause bricking OS boots because of their microcode changes.
My assumption is this will disappear in the next microcode update not to be spoken off again.
Cheers,
Franco
It could be a bug in conjunction with the FreeBSD code and fixed there, but that would require some developer being interested and I still doubt Intel should cause bricking OS boots because of their microcode changes.
My assumption is this will disappear in the next microcode update not to be spoken off again.
Cheers,
Franco
#21
25.1, 25.4 Production Series / Re: new Tailscale issue?
June 19, 2025, 10:30:30 AM
I've been seeing these reports and I don't even know what should have caused them in the first place. The last Tailscale plugin change was in 25.1.
Tailscale upstream software updates in:
25.1.6: 1.82.5
25.1.5: 1.82.0
25.1.4: 1.80.3
25.1.3: 1.80.2
25.1.1: 1.80.0
but not in .7, .8. and .9 which correlates more with reports that this starts being problematic.
Cheers,
Franco
Tailscale upstream software updates in:
25.1.6: 1.82.5
25.1.5: 1.82.0
25.1.4: 1.80.3
25.1.3: 1.80.2
25.1.1: 1.80.0
but not in .7, .8. and .9 which correlates more with reports that this starts being problematic.
Cheers,
Franco
#23
25.1, 25.4 Production Series / Re: OPNsense won't boot after upgrade to 25.1.8_1
June 18, 2025, 07:44:36 PM
That would be 25.1.6 with the cpu-microcode-intel package:
# opnsense-revert -r 25.1.6 cpu-microcode-intel
# pkg lock -y cpu-microcode-intel
To me the whole idea of shipping these microcode updates by default and then Intel coming in and breaking boot of their hardware seemed like a good approach to not include it by default in the first place. It's a bit weird if you ask me. No new update so far...
commit c3583200d965ada0d6bec6425bdc18216eef8e53
Author: Franco Fichtner <franco@opnsense.org>
Date: Tue May 13 11:22:24 2025 +0200
sysutils/cpu-microcode-intel: sync with upstream
Cheers,
Franco
# opnsense-revert -r 25.1.6 cpu-microcode-intel
# pkg lock -y cpu-microcode-intel
To me the whole idea of shipping these microcode updates by default and then Intel coming in and breaking boot of their hardware seemed like a good approach to not include it by default in the first place. It's a bit weird if you ask me. No new update so far...
commit c3583200d965ada0d6bec6425bdc18216eef8e53
Author: Franco Fichtner <franco@opnsense.org>
Date: Tue May 13 11:22:24 2025 +0200
sysutils/cpu-microcode-intel: sync with upstream
Cheers,
Franco
#24
25.1, 25.4 Production Series / Re: OPNsense won't boot after upgrade to 25.1.8_1
June 18, 2025, 07:41:13 PM
> Intel N100
;)
You might be able to use the former microcode version from Intel without issues, but I'm not sure at the moment which OPNsense carried the older one (probably 25.1.7 or 25.1.6).
Cheers,
Franco
;)
You might be able to use the former microcode version from Intel without issues, but I'm not sure at the moment which OPNsense carried the older one (probably 25.1.7 or 25.1.6).
Cheers,
Franco
#25
General Discussion / Re: if_pppoe performance on APU2
June 18, 2025, 06:24:24 PM
Or they just say that for marketing reasons.
My opinion is they've never written a golden piece of code that warrants admiration. Take the WireGuard debacle as a good indicator of quality assurance and/or budget constraint. You get what you pay for.
Cheers,
Franco
My opinion is they've never written a golden piece of code that warrants admiration. Take the WireGuard debacle as a good indicator of quality assurance and/or budget constraint. You get what you pay for.
Cheers,
Franco
#26
Announcements / OPNsense 25.1.9 released
June 18, 2025, 01:41:06 PM
Howdy,
This smallish update brings in more preparation for future features
and reworks and fixes a couple of bugs reported over the last weeks.
The patch size for 25.1.x will likely not increase in future updates
as 25.7 is near: July 23. Save the date!
Here are the full patch notes:
o system: add minimalistic interface to support SSO authentication
o system: refactor a couple of existing empty() tests to isEmpty()
o system: refactor cache flush into system_cache_flush()
o system: add backend call for returning timezones
o system: fix "weight" default fallback causing non-string return in gateway status
o interfaces: refactor newwanip IPv4/v6 scripts to reduce differences between them
o interfaces: do not call a description a "dmesg"
o interfaces: relax regex for dmesg probing to seamlessly support dmesg timestamps
o firewall: improve address family validation for rule source and destination
o firewall: fix faulty ICMP type evaluation on NAT rules
o dnsmasq: allow AliasesField values to be cleared
o dnsmasq: allow host wildcards in domain overrides again
o ipsec: add aes256-sha1 ESP proposal
o ui: backwards-compatible merge of Tabulator grid replacement changes
o plugins: os-haproxy 4.6[1]
o ports: curl 8.14.1[2]
o ports: nss 3.112[3]
o ports: openldap 2.6.10[4]
o ports: php 8.3.22[5]
o ports: python 3.11.13[6]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/net/haproxy/pkg-descr
[2] https://curl.se/changes.html#8_14_1
[3] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_112.html
[4] https://www.openldap.org/software/release/changes.html
[5] https://www.php.net/ChangeLog-8.php#8.3.22
[6] https://docs.python.org/release/3.11.13/whatsnew/changelog.html
This smallish update brings in more preparation for future features
and reworks and fixes a couple of bugs reported over the last weeks.
The patch size for 25.1.x will likely not increase in future updates
as 25.7 is near: July 23. Save the date!
Here are the full patch notes:
o system: add minimalistic interface to support SSO authentication
o system: refactor a couple of existing empty() tests to isEmpty()
o system: refactor cache flush into system_cache_flush()
o system: add backend call for returning timezones
o system: fix "weight" default fallback causing non-string return in gateway status
o interfaces: refactor newwanip IPv4/v6 scripts to reduce differences between them
o interfaces: do not call a description a "dmesg"
o interfaces: relax regex for dmesg probing to seamlessly support dmesg timestamps
o firewall: improve address family validation for rule source and destination
o firewall: fix faulty ICMP type evaluation on NAT rules
o dnsmasq: allow AliasesField values to be cleared
o dnsmasq: allow host wildcards in domain overrides again
o ipsec: add aes256-sha1 ESP proposal
o ui: backwards-compatible merge of Tabulator grid replacement changes
o plugins: os-haproxy 4.6[1]
o ports: curl 8.14.1[2]
o ports: nss 3.112[3]
o ports: openldap 2.6.10[4]
o ports: php 8.3.22[5]
o ports: python 3.11.13[6]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/net/haproxy/pkg-descr
[2] https://curl.se/changes.html#8_14_1
[3] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_112.html
[4] https://www.openldap.org/software/release/changes.html
[5] https://www.php.net/ChangeLog-8.php#8.3.22
[6] https://docs.python.org/release/3.11.13/whatsnew/changelog.html
#27
25.1, 25.4 Production Series / Re: OPNsense won't boot after upgrade to 25.1.8_1
June 18, 2025, 11:52:42 AM
Microcode issues with the lastest release on their end perhaps?
#28
General Discussion / Re: Firewall Live View started showing outbound NAT rules and did not before
June 18, 2025, 07:51:51 AM
Disabling logging for rules that are not supposed to log will do the trick.
Cheers,
Franco
Cheers,
Franco
#29
24.7, 24.10 Legacy Series / Re: 24.7.11_2 "Danger Unexpected error, check log for details" in gateway config
June 17, 2025, 01:56:35 PM
How about sharing the debug data discussed in this thread?
#30
General Discussion / Re: if_pppoe performance on APU2
June 17, 2025, 08:43:51 AM
Just for historic context: OpenBSD is also a NetBSD fork.
