Messages

Hallo,

große Unterschiede gibt es nicht und es sollte im Grundzustand aus funktionieren. Ich nehme an du kannst dich in die GUI vom LAN aus verbinden und du bekommst eine Addresse per DHCP, also ist es schon mal nicht der Weg zur Firewall.

Kannst du aus dem LAN 8.8.8.8 pingen? Wenn ja, ist es ein DNS Problem.

Wenn nein, dann ist es vielleicht die Gatewayeinstellung die fehlt im DHCP Lease (wegen der statischen IP Adresse im WAN).


Grüße Franco

Ist online. :)

Wir haben einen Fix der in 15.1.8.2 sein wird, vermutlich heute nachmittag oder morgen. Falls das nicht helfen sollte bräuchten wir die config.xml um es nachzuvollziehen. Danke schon mal. :)

https://github.com/opnsense/core/commit/bc1601085f96544f37ed82c337680cd56d26c48e

Thanks, that will certainly help in tracking the issue down. :)

You are moving into uncharted territory, but this will get you going. Fetch the correct architecture file from our mirror:

Code Select Expand

# fetch http://pkg.opnsense.org/FreeBSD:10:i386/latest/All/opnsense-15.1.8.1.txz
# fetch http://pkg.opnsense.org/FreeBSD:10:amd64/latest/All/opnsense-15.1.8.1.txz

Move it to the OPNsense box. Then run:

Code Select Expand

# pkg add -f opnsense-15.1.8.1.txz

Later updates will give you trouble once the box has connectivity, but you can most likely run this to fix it:

Code Select Expand

# pkg install -f opnsense
# pkg upgrade -f

You are right. I have tried to make it a little more clear. Please remember LibreSSL is still experimental and it does not apply to the current release announcements of our supported version based on OpenSSL. :)

15.1.8.1 has been pushed to the update server.

Tom, the LibreSSL version wasn't assembled yet. We are about to push a 15.1.8.1 addressing a few immediate config system issues. 15.1.8.1-LibreSSL will likely be available on Friday. Sorry about the delay.

Hi there, thanks for the heads-up. We are fixing the issue as I write this. The new config system is stricter than the old one so now we see the dirty corners of the system throwing fatal errors. We are sorry about this, but we have to push through this one commit at a time. 15.1.8.1 to be released soon (soon meaning tonight). :)

[Users of the install media are encouraged to update their firmware via the GUI from 15.1.8 to 15.1.8.2 as soon as possible due to a few important config system hotfixes.]

Hello friends,

after an extended low profile period we are back in business with the latest and greatest 15.1.8. You'll notice that we have incorporated the recent OpenSSL security advisories along with a larger number of fixes and cleanups. But there's more. We have pushed the bulk load of our new configuration handling code which is intended to bridge the gap between the old and the new front-end code. And since we don't like to stop there just yet, we've also added support for backing up your configs on your private Google Drive.

We encourage our users running 15.1.7.1 or later to try the root console menu option "12" for a fully automatic system upgrade. Otherwise, it's either installing from scratch using install media and the installer's config import feature, or running the GUI firmware update and dropping to a root shell to run `opnsense-update && reboot' to fully benefit from the base system security updates. Please let us know about your upgrade experience. We are still adding and tweaking code to complement and simplify the upgrade process.

Users of the install media are encouraged to update their firmware via the GUI from 15.1.8 to 15.1.8.2 as soon as possible due to a few important config system hotfixes.

Here is the full list of changes:

• src: applied FreeBSD-SA-15:06.openssl
• src: updated to tzdata2015b
• src: add missing max-packets parsing for pf(4)
• src: OPNsense branding for boot loader
• bsdinstaller: speed up SD card writes using async mode and assorted cleanups
• opnsense-update: don't trigger a spurious update after a fresh install when invoked for the first time
• notable port updates: isc-dhcp42 4.2.8, libressl 2.1.6 (hopefully builds will be available on Friday), openssl 1.0.1m, ca_root_nss 3.18
• core: removed obsolete conf_mount_ro() and conf_mount_rw() usage
• core: removed platform awareness with a more appropriate probe for install media
• core: removed all remnants of the old firmware update code
• core: completely rewrote the config.xml handling to unify old and new GUI components
• core: added support for config backup to Google Drive
• core: fixed a few config handling issues with the new system via 15.1.8.1
• core: fixed missing aliases in new config system via 15.1.8.2
• core: removed php-fpm remnants that would e.g. prevent automatic IP assignment in DHCP mode via 15.1.8.2
• packages: removed the legacy package system
• upnp: transformed the preinstalled package into a standard feature
• openvpn: added the client export package as a standard feature
• dyndns: minor follow-ups for Duck DNS support
• firewall log: fix bug that would prevent the filter from working correctly
• ntp: added numerous config form tweaks and fixed daemon startup
• igmpproxy: fixed daemon startup
• dns: properly regenerate hosts file on reload
• ssh: fix sshd reload on save in system admin access page
• rc: avoid invoke of FreeBSD's rc system on halt and reboot
• dhcp: improve compatibility with IPv6 deployments

The install media images can be found here:

https://sourceforge.net/projects/opnsense/files/15.1.8/

The checksums are:

Code Select Expand

SHA256 (OPNsense-15.1.8-cdrom-amd64.iso.bz2) = c8cb295cd711f880e6406ab8d84c84a31cdc678c40e4d3be4c3fe9546614bdcc
SHA256 (OPNsense-15.1.8-serial-amd64.img.bz2) = 1d51a7d229a145eb92517211a96d9c9bcb0e3585c21931406463368349129997
SHA256 (OPNsense-15.1.8-vga-amd64.img.bz2) = 9a9777af215e66dfa4032d2052f320234c32809816094c1a58d2ebe5c81bdd1a
SHA256 (OPNsense-15.1.8-cdrom-i386.iso.bz2) = e1d1b11ac23a043ab0bdff2a923a8a920814f72e79b852f39e66f185963f8cc4
SHA256 (OPNsense-15.1.8-serial-i386.img.bz2) = fe078471b8409a2102f216252db4f59580853a0182c33d39d4b2c676a1f9e3b7
SHA256 (OPNsense-15.1.8-vga-i386.img.bz2) = df7ca44649f7283df774acddc2df7e06961d80033e959cde01ebce664bf6f488
MD5 (OPNsense-15.1.8-cdrom-amd64.iso.bz2) = 79eff753cdb749dacb9e106a1781ce64
MD5 (OPNsense-15.1.8-serial-amd64.img.bz2) = 8e643edf6d6cee72535bd8913cf4176e
MD5 (OPNsense-15.1.8-vga-amd64.img.bz2) = c20fee3989a786e12ba0ec3f0e565660
MD5 (OPNsense-15.1.8-cdrom-i386.iso.bz2) = 8b8459017333d654c8b1a7f246a4e250
MD5 (OPNsense-15.1.8-serial-i386.img.bz2) = 6f2e9656a02f32cebf18c9b31b5439f2
MD5 (OPNsense-15.1.8-vga-i386.img.bz2) = 4cbbebe46142d1e954c76383340f61e6


Stay safe,
Your OPNsense team

Edge, please send a mail with the full panic to franco@ project website. We've disabled the crash reporter send but will put the feature back soon.

I am not sure if it is a problem with the NIC driver or CARP, or maybe a very bad mix of all of them including VLAN. I'd suspect a stock FreeBSD has similar issues as the modifications are few and the kernel panic is not a domain we have much to say about as a "distribution" of sorts.

Nothing weird indeed. I wasn't indicating that. ;) How many CPUs are you using?

Okay, I've added this as a ticket: https://github.com/opnsense/core/issues/106

I think it was mean as an exclusive or between either manual mode or automatic mode. I can imagine it gets tricky in certain scenarios to have conflicting NAT rules or maybe the code's author thought it would not be a viable feature. I don't really care either way. Are you suggesting we should have both at the same time with priority to which set? :)

The configd socket wasn't there it seems. You always seem to trigger daemon-related issues with your setup, but I'm not sure why. It is mostly harmless, except that it doesn't reload the new settings. A reboot should fix this. A couple of tweaks went into 15.1.8 that may make this go away, otherwise we'll have to debug with a microscope.