Messages

Hi Jos,
Thanks for your comments and willingness to look at this.

The config files are identical between the two - absolutely no changes. The mssfix on my current config is:

mssfix 1450

This is what is recommended in the providers config dl file.

To try the mssfix 1200 I would have to reinstall 18.1. I don't have time to do this right now, but I'll try the mssfix 1200 on my current setup with 17.7.12 to see if it still works, then maybe run the upgrade to 18.1 - over the weekend.

Quick update... reinstalled 17.7.5, updated to 17.7.12_1, restored settings file. Everything working as expected. One note, I performed a factory reset on 18.1_1 and then restored setting file - same issue with OpenVPN. Went the reinstall route.

Thank you for confirming the major rev downgrade restriction. I had pretty much boiled it down to 2 choices - install 17.7.5 (the last available on download) and restore settings or clean install 18.1 and restore settings. I'll try the 18.1/restore first, and if it doesn't resolve I'll go with the 17.7.5/restore.

Thanks for the comments, all. Looks like its something intermittent.

Any recommendations on how to downgrade? the command

# opnsense-revert

isn't working. Is there a different command between major revs? TIA

Similar... Nord VPN here, tried several profiles that worked prior to the upgrade, checked server status, created 2 new profiles to new servers. All the same - get connection up indication, can't make browser connection with Firefox or IE.
Don't have time to troubleshoot more atm. So was trying to revert but that's not working.

Anyone have recommendations on how to downgrade back to 17.7.12? TIA

Attempting to downgrade with

# opnsense-revert -r 17.7.12 opnsense
or
# opnsense-revert -r 17.7.12_1 opnsense

results in

Fetching opnsense.txz: .. failed

Recommendations? TIA

Thanks for the prompt reply,...

With a client profile enabled and from SSH to the console - yes pinged with 3 responses and 0 loss.

But, I had to disable the profile to respond to this question via Firefox browser. Browser was updated to 58.0.1 very recently.

Updated yesterday, tried to enable several prior OpenVPN clients and while they would indicate connected, no data comes through. Every attempted website returns not found. Note that connecting with TOR browser is successful.

Anyone else seen this?

How can I safely downgrade to the 17.7.12_1 version I was on until this gets sorted out? TIA.

Thank you dcol for doing this work and sharing...

Does anyone know or has anyone tried this function with em NICs/drivers? No igb in my box, but I'd like test.

TIA

Also, if you've 'tested' the newer kernel via console commands as instructed in the '18.1 Call for Testing' thread you'll need to either uninstall by the commands listed in the thread or if you update the kernel and base will not upgrade because of the lock. (https://forum.opnsense.org/index.php?topic=6257.0)

SSH'ing in and issuing the console commands afterwards and performing the manual update will install the kernel and base for 17.7.8. Reboot after. From the link above:

Should there be any need to switch back to 11.0 / 17.7 you can run the following to revert your system:

# opnsense-update -U
# opnsense-update -bkd
# /usr/local/etc/rc.reboot

+1 this..

I'm trying to get internal ClamAV / Transparent Proxy scanning going using the How-To on the Wiki (https://wiki.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html). Following the instructions, right after I finish Step 1 on that page, Setup Caching Proxy, I apply and GUI access to the FW is locked out. That persists after reboot at the FW. I have to restore a previous config backup to get things running again.

My setup: 17.7.7_1 running the FreeBSD 11.1 OS from here: https://forum.opnsense.org/index.php?topic=6257.0
Suricata with IPS/IDS
OpenVPN with client operating
Anti-lockout rule is turned off
Standard LAN ports are open via FW rules (http, https, ssh, voip, various email, etc)

When setting up the Caching Proxy, I'm selecting both the LAN and OpenVPN interfaces, No Authentication, No ACL, No Remote BL, Yes on FW Rule no ByPass on LAN (not VPN). I have not completed the last step in that how-to to set up the browser as it will be set up as transparent in the next procedure. This is as far as I get.

What am I doing wrong? TIA for your help.

On a different note, would the devs consider implementing a feature when ClamAV and c-ICAP modules are installed and enabled on a system together that a proxy could also be created with settings automatically defaulted to a config that routes through the two modules for internal AV scanning? Expert users could then tweak default settings to suit more complex configs. This would only be triggered if both were installed. If ClamAV is installed and ICAP is not, it would be understood that the ICAP processor is an external system / separate VM.

Found another OpenVPN switch to use with NordVPN...

Another site looking at this states that until recently, Nord servers had a configuration problem and suggested using

auth-retry nointeract

in the custom commands. I've used that over the last week and haven't experienced another drop-out. But I also have a reboot scheduled @ 3 am that  may be covering this.

They also state that Nord may have gotten the server config resolved.

Installed this morning, so far, so good. Alerts posting as usual, flagged and blocked rules showing up as usual. Running in conjunction with a Nord VPN instance.

Been following this thread... anything working for you?