"Recent posts
#1
26.1, 26,4 Series / issue with update with pkg man...
Last post by edomatic4576 - Today at 05:09:27 PMHi Team,
I am running opnsense 26.1.8_5 but have this issue when i do upgrade check that the package manager does this:
"Upgrading package manager from version '2.5.1' to '2.3.1_1'"
Also i see my zenarmor and crowdsec as orphaned packages in the output of plugins?
Here is the health check and update output, tell me if more is needed:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 26.1.8_5 (amd64) at Sat May 23 17:03:47 CEST 2026
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data: .......... done
Processing entries: .......... done
OPNsense repository update completed. 928 packages processed.
All repositories are up to date.
Child process pid=20934 terminated abnormally: Segmentation fault
Upgrading package manager from version '2.5.1' to '2.3.1_1'
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
OPNsense is up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Child process pid=27872 terminated abnormally: Segmentation fault
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data: .......... done
Processing entries: .......... done
OPNsense repository update completed. 928 packages processed.
All repositories are up to date.
Child process pid=32060 terminated abnormally: Segmentation fault
Checking for upgrades (145 candidates): .......... done
Processing candidates (145 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.8_5 (amd64) at Sat May 23 17:02:50 CEST 2026
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 26.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-crowdsec 1.0.12
os-ddclient 1.31
os-haproxy 5.1
os-intrusion-detection-content-et-open 1.0.2_2
os-intrusion-detection-content-ptopen 1.0
os-isc-dhcp 1.0_4
os-ntopng 1.3
os-redis 1.1_4
>>> Check locked packages
pkg-2.5.1
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.8_5 has 68 dependencies to check.
Checking packages: ................................................
pkg-2.5.1 repository mismatch: FreeBSD
pkg-2.5.1 version mismatch, expected 2.3.1_1
Checking packages: ..................... done
***DONE***
I am running opnsense 26.1.8_5 but have this issue when i do upgrade check that the package manager does this:
"Upgrading package manager from version '2.5.1' to '2.3.1_1'"
Also i see my zenarmor and crowdsec as orphaned packages in the output of plugins?
Here is the health check and update output, tell me if more is needed:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 26.1.8_5 (amd64) at Sat May 23 17:03:47 CEST 2026
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data: .......... done
Processing entries: .......... done
OPNsense repository update completed. 928 packages processed.
All repositories are up to date.
Child process pid=20934 terminated abnormally: Segmentation fault
Upgrading package manager from version '2.5.1' to '2.3.1_1'
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
OPNsense is up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Child process pid=27872 terminated abnormally: Segmentation fault
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data: .......... done
Processing entries: .......... done
OPNsense repository update completed. 928 packages processed.
All repositories are up to date.
Child process pid=32060 terminated abnormally: Segmentation fault
Checking for upgrades (145 candidates): .......... done
Processing candidates (145 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.8_5 (amd64) at Sat May 23 17:02:50 CEST 2026
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 26.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-crowdsec 1.0.12
os-ddclient 1.31
os-haproxy 5.1
os-intrusion-detection-content-et-open 1.0.2_2
os-intrusion-detection-content-ptopen 1.0
os-isc-dhcp 1.0_4
os-ntopng 1.3
os-redis 1.1_4
>>> Check locked packages
pkg-2.5.1
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.8_5 has 68 dependencies to check.
Checking packages: ................................................
pkg-2.5.1 repository mismatch: FreeBSD
pkg-2.5.1 version mismatch, expected 2.3.1_1
Checking packages: ..................... done
***DONE***
#2
General Discussion / Re: Unable to SSH into OPNsens...
Last post by Jingles - Today at 05:05:53 PMQuote from: newsense on Today at 03:30:58 PMDid you try to disable ssh, save settings, reenable ssh?
Also can you try an update either from GUI or console?
Yes, multiple times.
No I can't update from the GUI.
How do I access the console if I can't SSH into it?
#3
Hardware and Performance / I226 T2 M2 ngff pci-e
Last post by ömer.a - Today at 05:00:08 PMHello. I am using it on a mini PC with a converter, but only 1 port is visible, the 2nd port is not visible. Do you have any information about a solution?
#4
Hardware and Performance / Re: DEC3920 / DEC3940 / DEC396...
Last post by spaceharrier - Today at 04:37:42 PMQuote from: sopex on Today at 09:56:29 AMThe Zenarmor engine is not multi-core, so this is to be expected.
Right, just illustrating how that pans out on the 3920.
#5
26.1, 26,4 Series / BOOT LOADER IS TOO OLD. PLEASE...
Last post by vpx23 - Today at 03:36:42 PMYes, I know there is already a thread about this: https://forum.opnsense.org/index.php?topic=48145.0
I didn't want to dig it out but I want to add some more information and have a little summary.
I suppose some people will stumble over this in the future as many people (me included) are not aware that they have to update their boot loader themself.
I only saw this ASCII message by chance when I did a change in my BIOS settings, otherwise my OPNsense box is headless (running without input devices and monitor).
^ This is the message we are talking about, it originates in the FreeBSD base system, so the check is in upstream, not in OPNsense itself.
Here is the actual code to it: https://github.com/freebsd/freebsd-src/blob/50caa0ea0c16499c40e785b5aa37053b180b2830/stand/lua/core.lua#L579
All it does is to check if the boot loader is below revision 3.0
You can check the revision of the boot loader installed in the OS with this command:
Output:
You can check the revision of the boot loader actually loaded with this command:
Output:
There's also another method of finding out if you boot from MBR or GPT:
Output:
So the easiest way to update your boot loader is to use the shell script of Emrion which was already discussed in the old thread.
Connect to your OPNsense box via SSH or the serial console.
Only input:
Input and output:
That's all folks.
@franco Is it possible to integrate the loaders-update shell script into the update process? Or are there any reasons against it?
Resources:
https://github.com/Emrion/uploaders/tree/main
https://www.freshports.org/sysutils/loaders-update
https://forums.freebsd.org/threads/verify-loader-version.96446/
https://www.jan0sch.de/post/freebsd-upgrade-uefi-bootloader/
https://github.com/opnsense/ports/tree/master/sysutils/loaders-update
I didn't want to dig it out but I want to add some more information and have a little summary.
I suppose some people will stumble over this in the future as many people (me included) are not aware that they have to update their boot loader themself.
I only saw this ASCII message by chance when I did a change in my BIOS settings, otherwise my OPNsense box is headless (running without input devices and monitor).
Code Select
**********************************************************************
**********************************************************************
***** *****
***** BOOT LOADER IS TOO OLD. PLEASE UPGRADE. *****
***** *****
**********************************************************************
**********************************************************************^ This is the message we are talking about, it originates in the FreeBSD base system, so the check is in upstream, not in OPNsense itself.
Here is the actual code to it: https://github.com/freebsd/freebsd-src/blob/50caa0ea0c16499c40e785b5aa37053b180b2830/stand/lua/core.lua#L579
All it does is to check if the boot loader is below revision 3.0
You can check the revision of the boot loader installed in the OS with this command:
Code Select
strings /boot/loader.efi | grep "EFI loader"Output:
Code Select
DFreeBSD/amd64 EFI loader, Revision 3.0
You can check the revision of the boot loader actually loaded with this command:
Code Select
strings /boot/efi/efi/freebsd/loader.efi | grep "EFI loader"Output:
Code Select
FreeBSD/amd64 EFI loader, Revision 1.1There's also another method of finding out if you boot from MBR or GPT:
Code Select
efibootmgr -vOutput:
Code Select
Boot to FW : false
BootCurrent: 0001
Timeout : 2 seconds
BootOrder : 0001, 0002, 0000
+Boot0001* UEFI OS HD(1,GPT,f7a9b7de-952f-11ee-a368-00e04c681a07,0x28,0x82000)/File(\EFI\BOOT\BOOTX64.EFI)
gpt/efiboot0:/EFI/BOOT/BOOTX64.EFI /boot/efi//EFI/BOOT/BOOTX64.EFI
Boot0002* Hard Drive BBS(HD,,0x0)
Boot0000 ipfire VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)
HD(2,MBR,0x1aca948e,0x100800,0x10000)/File(\EFI\IPFIRE\GRUBX64.EFI)
Unreferenced Variables:(As you see I once used IPFire :)So the easiest way to update your boot loader is to use the shell script of Emrion which was already discussed in the old thread.
Connect to your OPNsense box via SSH or the serial console.
Only input:
Code Select
curl -O https://raw.githubusercontent.com/Emrion/uploaders/refs/heads/main/loaders-update
chmod +x loaders-update
./loaders-update show-me
./loaders-update shoot-me
y
y
yInput and output:
Code Select
root@OPNsense:~ # curl -O https://raw.githubusercontent.com/Emrion/uploaders/refs/heads/main/loaders-update
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 18231 100 18231 0 0 99.33k 0 0
root@OPNsense:~ # chmod +x loaders-update
root@OPNsense:~ # ./loaders-update show-me
loaders-update v1.3.2
One or more efi partition(s) have been found.
Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
Would run: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Would run: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
One or more freebsd-boot partition(s) have been found.
The root file system is zfs.
Examining ada0...
Would run: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0
-------------------------------
Your current boot method is UEFI.
Boot device: ada0p1 File(\EFI\BOOT\BOOTX64.EFI)
Updatable EFI loader: 2
Updatable BIOS loader: 1
-------------------------------
root@OPNsense:~ # ./loaders-update shoot-me
loaders-update v1.3.2
One or more efi partition(s) have been found.
Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
About to execute: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Are you sure (y/N)? y
About to execute: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
Are you sure (y/N)? y
One or more freebsd-boot partition(s) have been found.
The root file system is zfs.
Examining ada0...
About to execute: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0
Are you sure (y/N)? y
partcode written to ada0p2
bootcode written to ada0
-------------------------------
Your current boot method is UEFI.
Boot device: ada0p1 File(\EFI\BOOT\BOOTX64.EFI)
Updated EFI loader: 2
Updated BIOS loader: 1
-------------------------------
root@OPNsense:~ #That's all folks.
@franco Is it possible to integrate the loaders-update shell script into the update process? Or are there any reasons against it?
Resources:
https://github.com/Emrion/uploaders/tree/main
https://www.freshports.org/sysutils/loaders-update
https://forums.freebsd.org/threads/verify-loader-version.96446/
https://www.jan0sch.de/post/freebsd-upgrade-uefi-bootloader/
https://github.com/opnsense/ports/tree/master/sysutils/loaders-update
#6
General Discussion / Re: Unable to SSH into OPNsens...
Last post by newsense - Today at 03:30:58 PMDid you try to disable ssh, save settings, reenable ssh?
Also can you try an update either from GUI or console?
Also can you try an update either from GUI or console?
#7
General Discussion / Re: Unable to SSH into OPNsens...
Last post by Jingles - Today at 02:49:14 PMQuote from: meyergru on Today at 02:44:13 PMDo you happen to have an @-sign in your password and try to login via PuTTY? See: https://github.com/opnsense/core/issues/9888
There's no @ in my password. The only special character in the password is an !
#8
General Discussion / Re: Unable to SSH into OPNsens...
Last post by Jingles - Today at 02:47:30 PMQuote from: newsense on Today at 02:40:24 PMJust checked putty0.84 and works fine.
I suspect you have an incomplete update there breaking ssh.
Can you do a health check from Firmware and post it here?
Here you go:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.6_2 (amd64) at Sat May 23 22:42:40 AEST 2026
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 26.1.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-acme-client 4.15
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.6_2 has 68 dependencies to check.
Checking packages: ........
dnsmasq-2.92_2,1 version mismatch, expected 2.92rel2,1
Checking packages: .........
kea-3.0.2_2 version mismatch, expected 3.0.3
Checking packages: .....
openssh-portable-10.2.p1_1,1 version mismatch, expected 10.3.p1,1
Checking packages: .
openvpn-2.6.19 version mismatch, expected 2.6.20
Checking packages: .
opnsense-26.1.6_2 version mismatch, expected 26.1.8_5
Checking packages: ..
opnsense-lang-26.1.4 version mismatch, expected 26.1.7
Checking packages: .
opnsense-update-26.1.6 version mismatch, expected 26.1.7_1
Checking packages: .............
php83-phalcon-5.10.0 version mismatch, expected 5.12.1
Checking packages: .
php83-phpseclib-3.0.50 version mismatch, expected 3.0.52
Checking packages: ..........
py313-duckdb-1.5.0 version mismatch, expected 1.5.2
Checking packages: ...
py313-numpy-1.26.4_12,1 has no upstream equivalent
Checking packages: .
py313-pandas-2.3.3,1 version mismatch, expected 2.3.3_1,1
Checking packages: .
py313-requests-2.32.5 version mismatch, expected 2.33.1
Checking packages: .......
strongswan-6.0.4 version mismatch, expected 6.0.6
Checking packages: ...
syslog-ng-4.11.0_1 version mismatch, expected 4.11.0_2
Checking packages: .
unbound-1.24.2_1 version mismatch, expected 1.25.0
Checking packages: .. done
***DONE***
#9
26.1, 26,4 Series / Re: Netflow - continous 50-60 ...
Last post by meyergru - Today at 02:46:58 PMDo you use a ZFS install? Things like that usually happen when there are filesystem inconsistencies created during hard stops of the netflow process. That cannot happen with ZFS.
#10
General Discussion / Re: Unable to SSH into OPNsens...
Last post by meyergru - Today at 02:44:13 PMDo you happen to have an @-sign in your password and try to login via PuTTY? See: https://github.com/opnsense/core/issues/9888
