Messages

Individual update instructions are included in each particular release announcement:

https://forum.opnsense.org/index.php?board=11.0

We don't have a wiki page, but that is certainly a good idea to have.

The GUI can't safely update the base system or its own package yet. We are working on amending this situation but we don't have any ETA as of yet. You can, however, use the console menu option "12" to safely update your system including FreeBSD.

WRT installing OPNsense on FreeBSD: that isn't currently possible as we still ship a lot of patches in the base system that are not part of the official FreeBSD, but we want to make that possible (or more viable) in the future.


Cheers,
Franco

The easiest way is to hook into /usr/local/etc/rc or /usr/local/etc/rc.bootup depending on whether you like shell scripting or PHP, respectively. A good spot would be around https://github.com/opnsense/core/blob/master/src/etc/rc#L263-270 depending how early it should be executed (if it needs network connectivity it should be after rc.bootup).

Currently, these customisations are lost when the system is upgraded to a new version to keep the files consistent. We are working on a more permanent solution as part of the package system and would like to avoid introducing hacks that work but we can't get rid of afterwards because others depend on it.

However, we can work something intermediate out if we keep talking. What do you think? :)

Yeah, that one escaped 15.1.8.2. :)

All packages for 15.1.8.3-LibreSSL are up. 8)

Hi folks,

the new config system had a number of issues, but thanks to your help we've ironed them out in the two days following the release. The trend continues with this small stable update fixing the last batch of visible issues while also pulling in PHP 5.6.7, which isn't currently available in FreeBSD ports.

Here is the full change log:

• ports: PHP was updated to 5.6.7 addressing CVE-2015-0231, CVE-2015-2305, etc.
• captive portal: service now restarts correctly when triggered from the GUI
• ipsec: multiple config system replacement regression fixes
• dhcp: fixed the flushing of v6 settings while applying them
• user manager: fixed a bug that would remove groups
• firewall rules: prevent delete rule from deleting all rules
• core: ignore empty tags in configs generated by frontend code

The update is available for both of the crypto flavours OpenSSL and LibreSSL through the System/Firmware section of the GUI. If you are upgrading from pre-15.1.7.1 don't forget to run "opnsense-update && reboot" on a root shell to bring in the latest base fixes afterwards as well. Installations of 15.1.7.1 and higher can use the console firmware upgrade option 12 to run an adaptive update cycle (depending on how much needs to be updated the system may reboot).

As always, please back up your config and let us know if you run into any trouble. :)

https://opnsense.org/support-overview/mailing-list
https://twitter.com/opnsense
https://github.com/opnsense
https://forum.opnsense.org


Stay safe,
Your OPNsense team

Auf welcher Version passiert das genau? Könnte mit unseren Config-Problemen zusammenhängen.

That's true. Maybe we'll continue the two track approach, although some modifications will have to be made so it's possible to switch between package repositories more easily from the GUI. I'll look at this in more detail soon.

15.8.3 and 15.8.3 are probably being shipped today. I did not want to push a faulty LibreSSL version without the necessary stability of the GUI config system. Now is the time. :)

Yes, we've had issues with the config system replacement. Sorry about that. 15.1.8.2 and beyond are fine now.

Hallo DJ_Mic,

ich habe ein Ticket erstellt. Mit den Fehlermeldungen kommen wir dem Problem gut auf die Spur:

https://github.com/opnsense/core/issues/117


Grüße Franco

16.1 is so noch nicht fest und einige Items rutschen schon nach 15.7. :) Solche Routing Packages wären also denkbar für 16.1. Hier hoffen wir v.a. auf Hilfe der Community für eine initiale Implementation der gewünschten Packages, die dann später als offizielle Packages mitgeliefert werden und von uns als OPNsense gepflegt werden.

Da isser. :)

simervillefarm, can you confirm this is now working for you as weust suggested? Thanks in advance. :)

That's indented to keep the system consistent. To solve this we'd either add a custom file like /usr/local/etc/rc.local which is included from /usr/local/etc/rc or create a correct packages plugin system around the new GUI. I do not believe in overrides as they can be easily used to deploy exploits or hide mistakes. We are working on the second solution, but it takes time till 15.7 (July) to have something that works as expected.

For isc-dhcp, please see the official changelogs, we can't provide all change longs with our own announcements so that's why the version numbers for third party tools are mentioned:

https://kb.isc.org/article/AA-01243/82/DHCP-4.2.8b1-Release-Notes.html

For other changes we do have our repositories. Again, here the best approach is to look at issues and commits, because providing all info in one text document would bring up an overwhelming amount of information for the average reader.

https://github.com/opnsense

The DHCPv6 compatiblity improvements revolve around this particular issue:

https://github.com/opnsense/core/issues/47

Or maybe you have missed the actual announcement:

https://forum.opnsense.org/index.php?topic=256.0

We do not have the means to display change logs for new versions in the GUI yet, maybe this is what you are looking for?


Cheers,
Franco

I think this Twitter conversation is relevant to your interest. :)

https://twitter.com/opnsense/status/579897584589926400