Messages

Hi Michele, let me rephrase that.

You jumped from 18.7_4 to 19.1 while missing important updates from the 18.7 branch. That may leave your firewall in an inconsistent state which could require a reinstall in a worst case scenario.

In the console you would have had no direct options for upgrading directly to 19.1. You would have been bumped to 18.7.10 first and only then the 19.1 would have become available.

Hope this clarifies my previous post.

Looks OK, assuming printers are on a dedicated VLAN with proper FW rules

Which kinda begs the question, which path is worth staying on ?

On one hand you have Legacy + ECC, on the other there's no word of ECC yet that I could find but it's supposed to be the current one although quite unclear what major differences make it the better choice other than perhaps having the bulk of the development effort dedicated to it.

@lattera, your thoughts on it ?

That's skipping steps and no wonder the system was in an inconsistent state. There's a reason why the installer in the console gives you the option to fully update current branch OR choose the newer branch, and as far as I know it is not only a best practice but also expected to do everything in the proper order as there might be preparatory steps for the upgrade being pushed in the latest version of the current branch - and that's not OPNsense specific. The bulk of the upgrade testing is done against current branch not months old random versions.

Disable/Enable Bogons on the interface, make sure to save the config each time. That should clear any error or file level issue that may be present.

Hi Hunter,

There are no aes-ni requirements and it's highly doubtful your hardware is unsupported.

While there could be BIOS settings that could be tinkered with that's entirely up to you. Screenshots can be attached if needed.

Please open an issue on Github referrencing this thread so the dev team knows and can get in touch with you directly. (Kinda surprising disabling those mitigations didn't change a thing...assuming everything was done correctly)

https://github.com/opnsense/core/issues

Does it work modem > wifi router, taking the firewall out of the way ? If yes then it's likely a configuration (or change) on the firewall that may be causing it -- so we'll need more details about your FW setup.

1. Check for a new BIOS

2. See if the mitigation steps here apply to your CPU as well

https://forum.opnsense.org/index.php?topic=11419.msg52375#msg52375

Not speaking German, but here are two things to consider:

1. Check for a BIOS update

2. Check if the mittigation in this post fixes it for you as well - note that you'll have to apply it manually on each boot for 19.1 until you get to the GUI and can make it permanent.

https://forum.opnsense.org/index.php?topic=11419.msg52375#msg52375

Unclear why a 502 issue would be pinned on opnsense here...can you please describe your setup ?

Likely unrelated but please make sure you're on the latest version as issues might be already fixed. Should be 19.1.1 now.

[laterra]

Wrong quote above, fixed now to reflect the correct one by laterra

You can also set them for only the current boot by escaping to the loader prompt in the bootloader. So when you see the OPNsense boot menu, hit select option 3, then type:

set vm.pmap.pti="0"
set hw.ibrs_disable="1"
boot

Doing this does disable Meltdown/Spectre mitigations. But only for that one boot just to see if that's the problem.

This was required on the following CPU running VBox 6.0.4. Opnsense upgrade would otherwise freeze the Win10 host on reboot into the 19.1 kernel and the upgrade wouldn't continue. By applying the commands on each reboot the upgrade completed without issues.

For referrence this in the host CPU info:

Code Select Expand

Cores 6
Threads 6
Name AMD Phenom II X6 1070T
Code Name Thuban
Package Socket AM3 (938)
Technology 45nm
Specification AMD Phenom II X6 1075T Processor
Family F
Extended Family 10
Model A
Extended Model A
Stepping 0
Revision PH-E0
Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64, NX, VMX

Check if running the latest Foxconn BIOS - long shot but helpful going forward regardless of the OS

Do you have DHCP Static Mapping and TXT Comment Support checked in Unbound - General ?