Quote from: franco on Today at 09:23:47 AMThanks for your feedback... the people nagging there's excessive padding everywhere are awfully quiet at the moment.You could say I am one of those people in general, but the thing is : I am not much of a widget guy...
To some degree it's funny trying to cater to this part of the user base and seeing a bit of backlash for it.
We can add padding, make it bigger, or we can leave it to acclimate. I'm unsure yet with the mixed signals.
Quote from: tbt39 on Today at 09:12:21 AMThat's fair. I'm not a designer, however, so apologies if I can't be more specific..Is very nice and compact without wasting unnecessary screenspace so I like it and perhaps will consider Enabling it again in 26.7.x after upgrading ;)
Quote from: dseven on Today at 10:36:45 AMa more in-keeping style would be to have a "LED" to the left of each item, with color indicating the status, rather than using the background of the whole "button"... but at the expense of a bit of "compactness"...Seen that many times in other software (both round and square "LEDs" ) and can look very good!
Quote from: franco on Today at 09:19:41 AMDoesn't change the fact that everyone including 26.7 would be affected either way by it unless they did a clean reinstall.
Quote from: jll544 on Today at 09:05:10 AMPatrick and meyergru have made some excellent instructions about upgrading the bootloader in a couple of topic so I am sure they can help you out in one of those topics :)Quote from: franco on July 15, 2026, 07:50:40 PMAllegedly this was fixed in late 15.1 RC cycle: https://github.com/opnsense/src/commit/56e59980b67But the fix affects loader.efi, so it's not actually effective until the bootloader gets updated in ESP: https://www.freebsd.org/releases/15.1R/upgrading/#upgrade-loader-uefi
That's not something that happens as part of the OPNsense upgrade (should it?).
Quote from: Patrick M. Hausen on July 15, 2026, 06:03:22 PMSystem > Settings > Administration > Console
Quote from: meyergru on July 15, 2026, 06:22:19 PMYes.I don't have the exact links anymore so could one of you do that part ?
Quote from: lignumaqua on Today at 03:48:54 AMPS - It would be nice if the rules export actually created and saved a file rather than just opening a web page that you have to cut and paste yourself. If you'll forgive me, this seems half done.My bet is on this part of the browser settings : https://www.idownloadblog.com/2020/11/12/default-apps-actions-open-file-firefox/
Quote from: lignumaqua on Today at 01:08:20 AMCan I humbly suggest that this is still really confusing for those of us who didn't follow the process through the RCs?I guess you missed all the information and discussion topics during the 26.1.x releases and basically the fact that you should have migrated before upgrading to 26.7.x to make sure this kind of stuff doesn't happen ;)
Quote from: (MARLOO) on Today at 04:25:26 AMAfter upgrading to OPNsense 27, I initially saw repeated warnings in Firewall > System > Firmware > Reporter, including PHP startup messages about mongodb.so and some other log entries.This is mentioned in another topic : It's something that got left behind after ZenArmor dumped MongoDB (As eveyone should IMHO !!!) and moved to SQLite and Elasti<something> version 8 instead of version 5 so you need to do some cleaning up now...
At this point, it looks like the issue may have been related to Zenarmor rather than the firewall core itself. Zenarmor is installed on this system and uses a local reporting backend, so it is possible that the reporting database or backend state needed to be updated or reinitialized after the upgrade.
QuoteI also noticed a ZFS pool warning after the firmware upgrade indicating that some supported pool features are not enabled yet.I am betting on OpenZFS getting upgraded and now telling you there is newer stuff to use.
The pool is still online and healthy
QuoteSMART for the SSD is passingTo double check everything :)
Quoteso this appears to be only an informational warning rather than an actual storage problem.I think so too.
Quote from: franco on Today at 09:03:19 AMWithout more debug output this won't resolve easily so let's try this when it's not working:So, with DTLS set to "1" all works:
# fetch -vv https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
# curl -o data.pkg -vv https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
root@bkp-OPNsense:~ # pkg update
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
root@bkp-OPNsense:~ # fetch -vv https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
resolving server address: pkg.opnsense.org:443
SSL options: 82004850
Peer verification enabled
Using OpenSSL default CA cert file and path
Verify hostname
TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
Certificate subject: /CN=pkg.opnsense.org
Certificate issuer: /C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA
requesting https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
remote size / mtime: 322185 / 1784295958
data.pkg 314 kB 3342 kBps 00s
root@bkp-OPNsense:~ # curl -o data.pkg -vv https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
13:31:42.013785 [0-0] * [HTTPS-CONNECT] added
13:31:42.014044 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 0 socks
13:31:42.018466 [0-0] * [HTTPS-CONNECT] connect, init
13:31:42.018557 [0-0] * [HTTPS-CONNECT] 1st attempt uses h2 from wanted versions
13:31:42.018574 [0-0] * [SETUP] happy eyeballing to origin pkg.opnsense.org:443
13:31:42.018622 [0-0] * Trying [2001:1af8:5300:a010:1::1]:443...
13:31:42.018826 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:31:42.018851 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
13:31:42.019480 [0-0] * Host pkg.opnsense.org:443 was resolved.
13:31:42.019526 [0-0] * IPv6: 2001:1af8:5300:a010:1::1
13:31:42.019549 [0-0] * IPv4: 89.149.222.99
13:31:42.019569 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:31:42.019586 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
13:31:42.221458 [0-0] * Trying 89.149.222.99:443...
13:31:42.221591 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:31:42.221616 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 2 socks
13:31:42.245167 [0-0] * [SETUP] added SSL filter for origin
13:31:42.247120 [0-0] * ALPN: curl offers h2,http/1.1
13:31:42.247481 [0-0] } [5 bytes data]
13:31:42.247532 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
13:31:42.247546 [0-0] } [1562 bytes data]
13:31:42.247628 [0-0] * SSL Trust Anchors:
13:31:42.247649 [0-0] * CApath: /etc/ssl/certs
13:31:42.247672 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:31:42.247693 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
13:31:42.274063 [0-0] { [5 bytes data]
13:31:42.274120 [0-0] * TLSv1.3 (IN), TLS handshake, Server hello (2):
13:31:42.274134 [0-0] { [122 bytes data]
13:31:42.274561 [0-0] * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
13:31:42.274584 [0-0] { [1 bytes data]
13:31:42.274619 [0-0] * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
13:31:42.274632 [0-0] { [25 bytes data]
13:31:42.274670 [0-0] * TLSv1.3 (IN), TLS handshake, Certificate (11):
13:31:42.274683 [0-0] { [3550 bytes data]
13:31:42.276081 [0-0] * TLSv1.3 (IN), TLS handshake, CERT verify (15):
13:31:42.276102 [0-0] { [264 bytes data]
13:31:42.276254 [0-0] * TLSv1.3 (IN), TLS handshake, Finished (20):
13:31:42.276283 [0-0] { [52 bytes data]
13:31:42.276354 [0-0] * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
13:31:42.276372 [0-0] } [1 bytes data]
13:31:42.276425 [0-0] * TLSv1.3 (OUT), TLS handshake, Finished (20):
13:31:42.276438 [0-0] } [52 bytes data]
13:31:42.276537 [0-0] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS
13:31:42.276561 [0-0] * ALPN: server accepted http/1.1
13:31:42.276578 [0-0] * Server certificate:
13:31:42.276598 [0-0] * subject: CN=pkg.opnsense.org
13:31:42.276615 [0-0] * start date: Jan 20 00:00:00 2026 GMT
13:31:42.276628 [0-0] * expire date: Jan 20 23:59:59 2027 GMT
13:31:42.276648 [0-0] * issuer: C=AT; O=ZeroSSL; CN=ZeroSSL RSA Domain Secure Site CA
13:31:42.276673 [0-0] * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha384WithRSAEncryption
13:31:42.276688 [0-0] * Certificate level 1: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
13:31:42.276701 [0-0] * Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
13:31:42.276722 [0-0] * subjectAltName: "pkg.opnsense.org" matches cert's "pkg.opnsense.org"
13:31:42.276736 [0-0] * OpenSSL verify result: 0
13:31:42.276748 [0-0] * SSL certificate verified via OpenSSL.
13:31:42.276763 [0-0] * [SETUP] query ALPN
13:31:42.276776 [0-0] * [HTTPS-CONNECT] connect -> 0, done=1
13:31:42.276801 [0-0] * Established connection to pkg.opnsense.org (89.149.222.99 port 443) from 172.16.99.4 port 56453
13:31:42.276814 [0-0] * [HTTPS-CONNECT] removing connected setup filter
13:31:42.276826 [0-0] * [HTTPS-CONNECT] destroy
13:31:42.276838 [0-0] * [SETUP] removing connected setup filter
13:31:42.276850 [0-0] * [SETUP] destroy
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 013:31:42.276976 [0-0] * using HTTP/1.x
13:31:42.277008 [0-0] } [5 bytes data]
13:31:42.277056 [0-0] > GET /FreeBSD:15:amd64/snapshots/latest/data.pkg HTTP/1.1
13:31:42.277056 [0-0] > Host: pkg.opnsense.org
13:31:42.277056 [0-0] > User-Agent: curl/8.21.0
13:31:42.277056 [0-0] > Accept: */*
13:31:42.277056 [0-0] >
13:31:42.277116 [0-0] * Request completely sent off
13:31:42.300220 [0-0] { [5 bytes data]
13:31:42.300296 [0-0] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
13:31:42.300310 [0-0] { [297 bytes data]
13:31:42.300416 [0-0] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
13:31:42.300433 [0-0] { [297 bytes data]
13:31:42.301188 [0-0] < HTTP/1.1 200 OK
13:31:42.301216 [0-0] < Date: Sat, 18 Jul 2026 11:36:47 GMT
13:31:42.301230 [0-0] < Server: Apache
13:31:42.301242 [0-0] < Last-Modified: Fri, 17 Jul 2026 13:45:58 GMT
13:31:42.301255 [0-0] < ETag: "4ea89-656cec6c03180"
13:31:42.301280 [0-0] < Accept-Ranges: bytes
13:31:42.301293 [0-0] < Content-Length: 322185
13:31:42.301306 [0-0] < Content-Type: application/vnd.apple.installer+xml
13:31:42.301320 [0-0] <
13:31:42.301333 [0-0] { [7948 bytes data]
100 314.6k 100 314.6k 0 0 825.4k 0 0
13:31:42.394953 [0-0] * Connection #0 to host pkg.opnsense.org:443 left intactroot@bkp-OPNsense:~ # pkg update
Updating OPNsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository OPNsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
Unable to update repository OPNsense
Error updating repositories!
root@bkp-OPNsense:~ # fetch -vv https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
resolving server address: pkg.opnsense.org:443
SSL context creation failed
1050062A474C0000:error:0A000180:SSL routines:SSL_CONF_cmd:bad value:/usr/src/crypto/openssl/ssl/ssl_conf.c:995:cmd=MinProtocol, value=DTLSv1.1
1050062A474C0000:error:0A0001A3:SSL routines:SSL_CTX_new_ex:error in system default config:/usr/src/crypto/openssl/ssl/ssl_lib.c:4274:
fetch: https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg: Authentication error
root@bkp-OPNsense:~ # curl -o data.pkg -vv https://pkg.opnsense.org/FreeBSD:15:amd64/snapshots/latest/data.pkg
13:32:54.264461 [0-0] * [HTTPS-CONNECT] added
13:32:54.264665 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 0 socks
13:32:54.265958 [0-0] * Host pkg.opnsense.org:443 was resolved.
13:32:54.265987 [0-0] * IPv6: 2001:1af8:5300:a010:1::1
13:32:54.266003 [0-0] * IPv4: 89.149.222.99
13:32:54.266015 [0-0] * [HTTPS-CONNECT] connect, init
13:32:54.266026 [0-0] * [HTTPS-CONNECT] 1st attempt uses h2 from wanted versions
13:32:54.266043 [0-0] * [SETUP] happy eyeballing to origin pkg.opnsense.org:443
13:32:54.266068 [0-0] * Trying [2001:1af8:5300:a010:1::1]:443...
13:32:54.266248 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:32:54.266284 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
13:32:54.266305 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:32:54.266318 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
13:32:54.474497 [0-0] * Trying 89.149.222.99:443...
13:32:54.474649 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
13:32:54.474678 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 2 socks
13:32:54.498280 [0-0] * [SETUP] added SSL filter for origin
13:32:54.500281 [0-0] * SSL: could not create a context: error:0A000180:SSL routines::bad value
13:32:54.500308 [0-0] * [HTTPS-CONNECT] connect, all attempts failed
13:32:54.500321 [0-0] * [HTTPS-CONNECT] connect -> 27, done=0
13:32:54.500346 [0-0] * closing connection #0
curl: (27) SSL: could not create a context: error:0A000180:SSL routines::bad value