"Recent posts
#91
25.7, 25.10 Series / Re: Update 25.7 -> 25.7.9 Unex...
Last post by Simon1 - December 07, 2025, 01:31:46 PMI just waited until I heard the familiar beep on reboot. Some minutes later, the webinterface was accessible again and it seems the upgrade went fine.
Will monitor my FWs behaviour but it seems to be OK.
Will monitor my FWs behaviour but it seems to be OK.
#92
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by kozistan - December 07, 2025, 01:22:29 PMThank you, Franco. I'll stay with the downgraded pkg for now since it's stable on my box and the libs are compatible.
Once a pkg/curl fix for the HTTPS bug in issue #2191 is available, I'll switch back to the current pkg version again.
Once a pkg/curl fix for the HTTPS bug in issue #2191 is available, I'll switch back to the current pkg version again.
#93
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by franco - December 07, 2025, 01:09:46 PMPS: It's this bug and nobody cares https://github.com/freebsd/pkg/issues/2191
#94
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by franco - December 07, 2025, 01:08:50 PMAnd here's the proof you caught a FreeBSD pkg version:
> pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
But you've already rolled back and the segfault is gone.
So that's good.
Cheers,
Franco
> pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
But you've already rolled back and the segfault is gone.
So that's good.
Cheers,
Franco
#95
25.7, 25.10 Series / Resolved: Update 25.7 -> 25.7....
Last post by Simon1 - December 07, 2025, 01:07:43 PMWanted to update from 25.7 to latest 25.7.9 when I got "Unexpected error, check log for details".
I was able to copy what was visible in the web interface, see below. Web interface now gives me a 403 forbidden and ssh "access denied".
Any recommendations?
I was able to copy what was visible in the web interface, see below. Web interface now gives me a 403 forbidden and ssh "access denied".
Any recommendations?
Code Select
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7 (amd64) at Sun Dec 7 12:39:24 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (148 candidates): .......... done
Processing candidates (148 candidates): ....... done
The following 96 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
py311-pyopenssl: 25.3.0_1,1
Installed packages to be UPGRADED:
boost-libs: 1.88.0_1 -> 1.89.0_1
brotli: 1.1.0,1 -> 1.2.0,1
ca_root_nss: 3.108 -> 3.117_2
curl: 8.14.1 -> 8.17.0
easy-rsa: 3.2.3,1 -> 3.2.4,1
expat: 2.7.1 -> 2.7.3
filterlog: 0.7_1 -> 0.7_2
ivykis: 0.43.2 -> 0.43.2_1
jq: 1.8.0 -> 1.8.1
kea: 2.6.3_1 -> 3.0.2
krb5: 1.21.3_1 -> 1.22.1
libcbor: 0.12.0_2 -> 0.13.0
libedit: 3.1.20250104,1 -> 3.1.20251016_1,1
libiconv: 1.17_1 -> 1.18_1
libinotify: 20240724_2 -> 20240724_3
liblz4: 1.10.0,1 -> 1.10.0_2,1
libnghttp2: 1.66.0 -> 1.68.0
libpfctl: 0.15 -> 0.17
libucl: 0.9.2_1 -> 0.9.2_2
libunistring: 1.3 -> 1.4.1
libxml2: 2.14.5 -> 2.14.6
lighttpd: 1.4.79 -> 1.4.82
nspr: 4.36 -> 4.38.2
nss: 3.113.1_1 -> 3.118.1
ntp: 4.2.8p18_4 -> 4.2.8p18_5
openssh-portable: 10.0.p1_1,1 -> 10.2.p1_1,1
openssl: 3.0.17,1 -> 3.0.18,1
openvpn: 2.6.14 -> 2.6.17
opnsense: 25.7 -> 25.7.9
opnsense-lang: 25.1.11 -> 25.7.4
opnsense-update: 25.7 -> 25.7.8
os-smart: 2.3_1 -> 2.4
pcre2: 10.45_1 -> 10.47_1
perl5: 5.40.2_2 -> 5.42.0_1
php83: 8.3.23 -> 8.3.28
php83-ctype: 8.3.23 -> 8.3.28
php83-curl: 8.3.23 -> 8.3.28
php83-dom: 8.3.23 -> 8.3.28
php83-filter: 8.3.23 -> 8.3.28
php83-gettext: 8.3.23 -> 8.3.28
php83-ldap: 8.3.23 -> 8.3.28
php83-mbstring: 8.3.23 -> 8.3.28
php83-pcntl: 8.3.23 -> 8.3.28
php83-pdo: 8.3.23 -> 8.3.28
php83-pear: 1.10.13 -> 1.10.16
php83-phpseclib: 3.0.46 -> 3.0.47
php83-session: 8.3.23 -> 8.3.28
php83-simplexml: 8.3.23 -> 8.3.28
php83-sockets: 8.3.23 -> 8.3.28
php83-sqlite3: 8.3.23_1 -> 8.3.28
php83-xml: 8.3.23 -> 8.3.28
php83-zlib: 8.3.23 -> 8.3.28
pkcs11-helper: 1.29.0_3 -> 1.31.0
py311-aioquic: 1.2.0 -> 1.3.0_1
py311-anyio: 4.9.0 -> 4.11.0
py311-attrs: 25.3.0 -> 25.4.0
py311-certifi: 2025.6.15 -> 2025.10.5
py311-charset-normalizer: 3.4.2 -> 3.4.4
py311-cryptography: 44.0.3_2,1 -> 45.0.7_1,1
py311-dnspython: 2.7.0,1 -> 2.8.0_1,1
py311-duckdb: 1.3.1_1 -> 1.3.2
py311-idna: 3.10 -> 3.11
py311-jq: 1.8.0_1 -> 1.10.0
py311-markupsafe: 3.0.2 -> 3.0.3
py311-numexpr: 2.11.0 -> 2.14.1
py311-numpy: 1.26.4_6,1 -> 1.26.4_10,1
py311-pandas: 2.2.3_2,1 -> 2.3.3,1
py311-pycparser: 2.22 -> 2.23
py311-pylsqpack: 0.3.22 -> 0.3.23
py311-pyyaml: 6.0.1_1 -> 6.0.3
py311-requests: 2.32.4 -> 2.32.5
py311-sqlite3: 3.11.13_11 -> 3.11.14_11
py311-trio: 0.30.0 -> 0.32.0
py311-truststore: 0.10.1 -> 0.10.4
py311-typing-extensions: 4.14.0 -> 4.15.0
py311-ujson: 5.10.0_1 -> 5.11.0
py311-urllib3: 1.26.20,1 -> 2.5.0,1
py311-vici: 5.9.11_1 -> 6.0.3
python311: 3.11.13 -> 3.11.14
readline: 8.2.13_2 -> 8.3.1
smartmontools: 7.5 -> 7.5_1
sqlite3: 3.50.2_1,1 -> 3.50.4_2,1
strongswan: 5.9.14 -> 6.0.3_1
sudo: 1.9.17p1 -> 1.9.17p2_2
suricata: 7.0.11_1 -> 8.0.2
syslog-ng: 4.8.2_3 -> 4.10.2
unbound: 1.23.1 -> 1.24.2
wpa_supplicant: 2.11_5 -> 2.11_7
zstd: 1.5.7 -> 1.5.7_1
Installed packages to be REINSTALLED:
cyrus-sasl-2.1.28_5 (provided shared library changed)
cyrus-sasl-gssapi-2.1.28 (provided shared library changed)
dnsmasq-2.91_1,1 (required shared library changed)
glib-2.84.1_3,2 (required shared library changed)
openldap26-client-2.6.10 (required shared library changed)
rrdtool-1.9.0_1 (direct dependency changed: perl5)
Number of packages to be installed: 1
Number of packages to be upgraded: 89
Number of packages to be reinstalled: 6
The process will require 13 MiB more space.
161 MiB to be downloaded.
[1/96] Fetching py311-sqlite3-3.11.14_11.pkg: .. done
[2/96] Fetching py311-anyio-4.11.0.pkg: ......... done
[3/96] Fetching unbound-1.24.2.pkg: .......... done
[4/96] Fetching wpa_supplicant-2.11_7.pkg: .......... done
[5/96] Fetching filterlog-0.7_2.pkg: . done
[6/96] Fetching py311-cryptography-45.0.7_1,1.pkg: .......... done
[7/96] Fetching lighttpd-1.4.82.pkg: .......... done
[8/96] Fetching php83-filter-8.3.28.pkg: . done
[9/96] Fetching opnsense-update-25.7.8.pkg: . done
[10/96] Fetching py311-pandas-2.3.3,1.pkg: .......... done
[11/96] Fetching openssl-3.0.18,1.pkg: .......... done
[12/96] Fetching php83-curl-8.3.28.pkg: .. done
[13/96] Fetching boost-libs-1.89.0_1.pkg: .......... done
[14/96] Fetching py311-numpy-1.26.4_10,1.pkg: .......... done
[15/96] Fetching py311-pycparser-2.23.pkg: .......... done
[16/96] Fetching nss-3.118.1.pkg: .......... done
[17/96] Fetching libunistring-1.4.1.pkg: .......... done
[18/96] Fetching py311-charset-normalizer-3.4.4.pkg: ........ done
[19/96] Fetching libiconv-1.18_1.pkg: .......... done
[20/96] Fetching php83-ldap-8.3.28.pkg: .. done
[21/96] Fetching easy-rsa-3.2.4,1.pkg: .... done
[22/96] Fetching libcbor-0.13.0.pkg: .... done
[23/96] Fetching py311-pyyaml-6.0.3.pkg: .......... done
[24/96] Fetching py311-aioquic-1.3.0_1.pkg: ....... done
[25/96] Fetching py311-idna-3.11.pkg: ...... done
[26/96] Fetching cyrus-sasl-gssapi-2.1.28.pkg: .. done
[27/96] Fetching openvpn-2.6.17.pkg: .......... done
[28/96] Fetching jq-1.8.1.pkg: .......... done
[29/96] Fetching krb5-1.22.1.pkg: .......... done
[30/96] Fetching libnghttp2-1.68.0.pkg: ........ done
[31/96] Fetching libxml2-2.14.6.pkg: .......... done
[32/96] Fetching dnsmasq-2.91_1,1.pkg: .......... done
[33/96] Fetching php83-simplexml-8.3.28.pkg: . done
[34/96] Fetching php83-pdo-8.3.28.pkg: .... done
[35/96] Fetching rrdtool-1.9.0_1.pkg: .......... done
[36/96] Fetching os-smart-2.4.pkg: . done
[37/96] Fetching ntp-4.2.8p18_5.pkg: ......... done
[38/96] Fetching syslog-ng-4.10.2.pkg: .......... done
[39/96] Fetching py311-markupsafe-3.0.3.pkg: . done
[40/96] Fetching php83-sockets-8.3.28.pkg: .. done
[41/96] Fetching py311-jq-1.10.0.pkg: . done
[42/96] Fetching py311-attrs-25.4.0.pkg: ....... done
[43/96] Fetching py311-requests-2.32.5.pkg: ......... done
[44/96] Fetching php83-pcntl-8.3.28.pkg: . done
[45/96] Fetching ca_root_nss-3.117_2.pkg: .......... done
[46/96] Fetching php83-sqlite3-8.3.28.pkg: . done
[47/96] Fetching libinotify-20240724_3.pkg: . done
[48/96] Fetching python311-3.11.14.pkg: .......... done
[49/96] Fetching py311-vici-6.0.3.pkg: . done
[50/96] Fetching py311-trio-0.32.0.pkg: .......... done
[51/96] Fetching py311-dnspython-2.8.0_1,1.pkg: .......... done
[52/96] Fetching ivykis-0.43.2_1.pkg: ..... done
[53/96] Fetching php83-phpseclib-3.0.47.pkg: .......... done
[54/96] Fetching php83-session-8.3.28.pkg: ... done
[55/96] Fetching py311-certifi-2025.10.5.pkg: .......... done
[56/96] Fetching kea-3.0.2.pkg: .......... done
[57/96] Fetching php83-mbstring-8.3.28.pkg: .......... done
[58/96] Fetching libedit-3.1.20251016_1,1.pkg: .......... done
[59/96] Fetching php83-gettext-8.3.28.pkg: . done
[60/96] Fetching liblz4-1.10.0_2,1.pkg: .......... done
[61/96] Fetching pkcs11-helper-1.31.0.pkg: ......... done
[62/96] Fetching php83-zlib-8.3.28.pkg: . done
[63/96] Fetching zstd-1.5.7_1.pkg: .......... done
[64/96] Fetching pcre2-10.47_1.pkg: .......... done
[65/96] Fetching php83-ctype-8.3.28.pkg: . done
[66/96] Fetching brotli-1.2.0,1.pkg: .......... done
[67/96] Fetching curl-8.17.0.pkg: .......... done
[68/96] Fetching nspr-4.38.2.pkg: .......... done
[69/96] Fetching py311-numexpr-2.14.1.pkg: .......... done
[70/96] Fetching php83-8.3.28.pkg: .......... done
[71/96] Fetching libpfctl-0.17.pkg: . done
[72/96] Fetching py311-truststore-0.10.4.pkg: ... done
[73/96] Fetching php83-pear-1.10.16.pkg: .......... done
[74/96] Fetching py311-urllib3-2.5.0,1.pkg: .......... done
[75/96] Fetching cyrus-sasl-2.1.28_5.pkg: ......... done
[76/96] Fetching openssh-portable-10.2.p1_1,1.pkg: .......... done
[77/96] Fetching php83-xml-8.3.28.pkg: . done
[78/96] Fetching php83-dom-8.3.28.pkg: ....... done
[79/96] Fetching suricata-8.0.2.pkg: .......... done
[80/96] Fetching sqlite3-3.50.4_2,1.pkg: .......... done
[81/96] Fetching py311-pylsqpack-0.3.23.pkg: ....... done
[82/96] Fetching openldap26-client-2.6.10.pkg: ........ done
[83/96] Fetching glib-2.84.1_3,2.pkg: .......... done
[84/96] Fetching libucl-0.9.2_2.pkg: .......... done
[85/96] Fetching py311-ujson-5.11.0.pkg: .. done
[86/96] Fetching perl5-5.42.0_1.pkg: .......... done
[87/96] Fetching opnsense-25.7.9.pkg: .......... done
[88/96] Fetching py311-duckdb-1.3.2.pkg: .......... done
[89/96] Fetching py311-typing-extensions-4.15.0.pkg: ...... done
[90/96] Fetching readline-8.3.1.pkg: .......... done
[91/96] Fetching strongswan-6.0.3_1.pkg: .......... done
[92/96] Fetching sudo-1.9.17p2_2.pkg: ......... done
[93/96] Fetching smartmontools-7.5_1.pkg: ......... done
[94/96] Fetching opnsense-lang-25.7.4.pkg: .......... done
[95/96] Fetching expat-2.7.3.pkg: .. done
[96/96] Fetching py311-pyopenssl-25.3.0_1,1.pkg: ...... done
Checking integrity... done (1 conflicting)
- py311-pyopenssl-25.3.0_1,1 conflicts with py311-openssl-25.0.0_1,1 on /usr/local/lib/python3.11/site-packages/OpenSSL/SSL.py
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 97 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
py311-pyopenssl: 25.3.0_1,1
Installed packages to be UPGRADED:
boost-libs: 1.88.0_1 -> 1.89.0_1
brotli: 1.1.0,1 -> 1.2.0,1
ca_root_nss: 3.108 -> 3.117_2
curl: 8.14.1 -> 8.17.0
easy-rsa: 3.2.3,1 -> 3.2.4,1
expat: 2.7.1 -> 2.7.3
filterlog: 0.7_1 -> 0.7_2
ivykis: 0.43.2 -> 0.43.2_1
jq: 1.8.0 -> 1.8.1
kea: 2.6.3_1 -> 3.0.2
krb5: 1.21.3_1 -> 1.22.1
libcbor: 0.12.0_2 -> 0.13.0
libedit: 3.1.20250104,1 -> 3.1.20251016_1,1
libiconv: 1.17_1 -> 1.18_1
libinotify: 20240724_2 -> 20240724_3
liblz4: 1.10.0,1 -> 1.10.0_2,1
libnghttp2: 1.66.0 -> 1.68.0
libpfctl: 0.15 -> 0.17
libucl: 0.9.2_1 -> 0.9.2_2
libunistring: 1.3 -> 1.4.1
libxml2: 2.14.5 -> 2.14.6
lighttpd: 1.4.79 -> 1.4.82
nspr: 4.36 -> 4.38.2
nss: 3.113.1_1 -> 3.118.1
ntp: 4.2.8p18_4 -> 4.2.8p18_5
openssh-portable: 10.0.p1_1,1 -> 10.2.p1_1,1
openssl: 3.0.17,1 -> 3.0.18,1
openvpn: 2.6.14 -> 2.6.17
opnsense: 25.7 -> 25.7.9
opnsense-lang: 25.1.11 -> 25.7.4
opnsense-update: 25.7 -> 25.7.8
os-smart: 2.3_1 -> 2.4
pcre2: 10.45_1 -> 10.47_1
perl5: 5.40.2_2 -> 5.42.0_1
php83: 8.3.23 -> 8.3.28
php83-ctype: 8.3.23 -> 8.3.28
php83-curl: 8.3.23 -> 8.3.28
php83-dom: 8.3.23 -> 8.3.28
php83-filter: 8.3.23 -> 8.3.28
php83-gettext: 8.3.23 -> 8.3.28
php83-ldap: 8.3.23 -> 8.3.28
php83-mbstring: 8.3.23 -> 8.3.28
php83-pcntl: 8.3.23 -> 8.3.28
php83-pdo: 8.3.23 -> 8.3.28
php83-pear: 1.10.13 -> 1.10.16
php83-phpseclib: 3.0.46 -> 3.0.47
php83-session: 8.3.23 -> 8.3.28
php83-simplexml: 8.3.23 -> 8.3.28
php83-sockets: 8.3.23 -> 8.3.28
php83-sqlite3: 8.3.23_1 -> 8.3.28
php83-xml: 8.3.23 -> 8.3.28
php83-zlib: 8.3.23 -> 8.3.28
pkcs11-helper: 1.29.0_3 -> 1.31.0
py311-aioquic: 1.2.0 -> 1.3.0_1
py311-anyio: 4.9.0 -> 4.11.0
py311-attrs: 25.3.0 -> 25.4.0
py311-certifi: 2025.6.15 -> 2025.10.5
py311-charset-normalizer: 3.4.2 -> 3.4.4
py311-cryptography: 44.0.3_2,1 -> 45.0.7_1,1
py311-dnspython: 2.7.0,1 -> 2.8.0_1,1
py311-duckdb: 1.3.1_1 -> 1.3.2
py311-idna: 3.10 -> 3.11
py311-jq: 1.8.0_1 -> 1.10.0
py311-markupsafe: 3.0.2 -> 3.0.3
py311-numexpr: 2.11.0 -> 2.14.1
py311-numpy: 1.26.4_6,1 -> 1.26.4_10,1
py311-pandas: 2.2.3_2,1 -> 2.3.3,1
py311-pycparser: 2.22 -> 2.23
py311-pylsqpack: 0.3.22 -> 0.3.23
py311-pyyaml: 6.0.1_1 -> 6.0.3
py311-requests: 2.32.4 -> 2.32.5
py311-sqlite3: 3.11.13_11 -> 3.11.14_11
py311-trio: 0.30.0 -> 0.32.0
py311-truststore: 0.10.1 -> 0.10.4
py311-typing-extensions: 4.14.0 -> 4.15.0
py311-ujson: 5.10.0_1 -> 5.11.0
py311-urllib3: 1.26.20,1 -> 2.5.0,1
py311-vici: 5.9.11_1 -> 6.0.3
python311: 3.11.13 -> 3.11.14
readline: 8.2.13_2 -> 8.3.1
smartmontools: 7.5 -> 7.5_1
sqlite3: 3.50.2_1,1 -> 3.50.4_2,1
strongswan: 5.9.14 -> 6.0.3_1
sudo: 1.9.17p1 -> 1.9.17p2_2
suricata: 7.0.11_1 -> 8.0.2
syslog-ng: 4.8.2_3 -> 4.10.2
unbound: 1.23.1 -> 1.24.2
wpa_supplicant: 2.11_5 -> 2.11_7
zstd: 1.5.7 -> 1.5.7_1
Installed packages to be REINSTALLED:
cyrus-sasl-2.1.28_5 (provided shared library changed)
cyrus-sasl-gssapi-2.1.28 (provided shared library changed)
dnsmasq-2.91_1,1 (required shared library changed)
glib-2.84.1_3,2 (required shared library changed)
openldap26-client-2.6.10 (required shared library changed)
rrdtool-1.9.0_1 (direct dependency changed: perl5)
Installed packages to be REMOVED:
py311-openssl: 25.0.0_1,1
Number of packages to be removed: 1
Number of packages to be installed: 1
Number of packages to be upgraded: 89
Number of packages to be reinstalled: 6
The process will require 12 MiB more space.
Checking integrity... done (0 conflicting)
[1/100] Upgrading brotli from 1.1.0,1 to 1.2.0,1...
[1/100] Extracting brotli-1.2.0,1: .......... done
[2/100] Upgrading easy-rsa from 3.2.3,1 to 3.2.4,1...
[2/100] Extracting easy-rsa-3.2.4,1: .......... done
[3/100] Upgrading expat from 2.7.1 to 2.7.3...
[3/100] Extracting expat-2.7.3: .......... done
[4/100] Upgrading ivykis from 0.43.2 to 0.43.2_1...
[4/100] Extracting ivykis-0.43.2_1: .......... done
[5/100] Upgrading jq from 1.8.0 to 1.8.1...
[5/100] Extracting jq-1.8.1: .......... done
[6/100] Upgrading libcbor from 0.12.0_2 to 0.13.0...
[6/100] Extracting libcbor-0.13.0: .......... done
[7/100] Upgrading libedit from 3.1.20250104,1 to 3.1.20251016_1,1...
[7/100] Extracting libedit-3.1.20251016_1,1: .......... done
[8/100] Upgrading libiconv from 1.17_1 to 1.18_1...
[8/100] Extracting libiconv-1.18_1: .......... done
[9/100] Upgrading libinotify from 20240724_2 to 20240724_3...
[9/100] Extracting libinotify-20240724_3: .......... done
[10/100] Upgrading libnghttp2 from 1.66.0 to 1.68.0...
[10/100] Extracting libnghttp2-1.68.0: .......... done
[11/100] Upgrading libpfctl from 0.15 to 0.17...
[11/100] Extracting libpfctl-0.17: ...... done
[12/100] Upgrading libucl from 0.9.2_1 to 0.9.2_2...
[12/100] Extracting libucl-0.9.2_2: .......... done
[13/100] Upgrading libunistring from 1.3 to 1.4.1...
[13/100] Extracting libunistring-1.4.1: .......... done
[14/100] Upgrading nspr from 4.36 to 4.38.2...
[14/100] Extracting nspr-4.38.2: .......... done
[15/100] Upgrading pcre2 from 10.45_1 to 10.47_1...
[15/100] Extracting pcre2-10.47_1: .......... done
[16/100] Upgrading perl5 from 5.40.2_2 to 5.42.0_1...
[16/100] Extracting perl5-5.42.0_1: .......... done
[17/100] Upgrading readline from 8.2.13_2 to 8.3.1...
[17/100] Extracting readline-8.3.1: .......... done
[18/100] Upgrading libxml2 from 2.14.5 to 2.14.6...
[18/100] Extracting libxml2-2.14.6: .......... done
[19/100] Upgrading smartmontools from 7.5 to 7.5_1...
[19/100] Extracting smartmontools-7.5_1: .......... done
[20/100] Upgrading os-smart from 2.3_1 to 2.4...
[20/100] Extracting os-smart-2.4: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
[21/100] Upgrading sqlite3 from 3.50.2_1,1 to 3.50.4_2,1...
[21/100] Extracting sqlite3-3.50.4_2,1: .......... done
[22/100] Upgrading nss from 3.113.1_1 to 3.118.1...
[22/100] Extracting nss-3.118.1: .......... done
[23/100] Upgrading zstd from 1.5.7 to 1.5.7_1...
[23/100] Extracting zstd-1.5.7_1: .......... done
[24/100] Upgrading boost-libs from 1.88.0_1 to 1.89.0_1...
[24/100] Extracting boost-libs-1.89.0_1: .......... done
[25/100] Upgrading liblz4 from 1.10.0,1 to 1.10.0_2,1...
[25/100] Extracting liblz4-1.10.0_2,1: .......... done #96
General Discussion / Re: TUI for viewing and analys...
Last post by Seimus - December 07, 2025, 01:03:40 PM@allddd
Let me say thanks. This is a very nice idea, and it eases the pain to look thru the filter logs which is hard on the eyes.
Well done!
Regards,
S.
Let me say thanks. This is a very nice idea, and it eases the pain to look thru the filter logs which is hard on the eyes.
Well done!
Regards,
S.
#97
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by kozistan - December 07, 2025, 12:57:39 PMGot you, so here are the logs:
1) Current `pkg info pkg` (after downgrade):
2) Saved log from the original pkg 2.4.x run when the issue occurred (installing os-sunnyvalley):
3) Current GUI "Check for updates" log with downgraded pkg (no errors):
1) Current `pkg info pkg` (after downgrade):
Code Select
root@fw:~# pkg info pkg
pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
pkg-2.3.1_1
Name : pkg
Version : 2.3.1_1
Installed on : Sat Dec 6 15:31:32 2025 CET
Origin : ports-mgmt/pkg
Architecture : FreeBSD:14:amd64
Prefix : /usr/local
Categories : ports-mgmt
Licenses : BSD2CLAUSE
Maintainer : pkg@FreeBSD.org
WWW : https://github.com/freebsd/pkg
Comment : Package manager
Options :
DOCS : off
Shared Libs required:
libarchive.so.7
libc.so.7
libcrypto.so.30
libelf.so.2
libjail.so.1
libm.so.5
libssl.so.30
libthr.so.3
libutil.so.9
libz.so.6
Shared Libs provided:
libpkg.so.4
Annotations :
FreeBSD_version: 1403000
repo_type : binary
repository : OPNsense
Flat size : 25.1MiB
Description :
Package management tool
2) Saved log from the original pkg 2.4.x run when the issue occurred (installing os-sunnyvalley):
Code Select
***GOT REQUEST TO INSTALL***
Currently running OPNsense 25.7.9 (amd64) at Sat Dec 6 15:59:56 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
os-sunnyvalley: 1.5_1 [OPNsense]
Number of packages to be installed: 1
3 KiB to be downloaded.
[1/1] Fetching os-sunnyvalley-1.5_1.pkg: . done
Checking integrity... done (0 conflicting)
[1/1] Installing os-sunnyvalley-1.5_1...
[1/1] Extracting os-sunnyvalley-1.5_1: ..... done
ld-elf.so.1: Shared object "libxml2.so.16" not found, required by "php"
ld-elf.so.1: Shared object "libxml2.so.16" not found, required by "php"
pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
3) Current GUI "Check for updates" log with downgraded pkg (no errors):
Code Select
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.7.9 (amd64) at Sun Dec 7 12:53:34 CET 2025
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 909 packages processed.
Updating SunnyValley repository catalogue...
Waiting for another process to update repository SunnyValley
All repositories are up to date.
pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
Checking for upgrades (12 candidates): .......... done
Processing candidates (12 candidates): .... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
#98
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by franco - December 07, 2025, 12:14:12 PMI meant the GUI check for updates log. Running arbitrary commands doesn't offer a good density of where the issue is.
But
# pkg info pkg
would also work for the suspicion here.
Cheers,
Franco
But
# pkg info pkg
would also work for the suspicion here.
Cheers,
Franco
#99
25.7, 25.10 Series / Re: DNS best practice for loca...
Last post by Maurice - December 07, 2025, 11:46:20 AMAre you talking about local overrides created by DHCP? Or a real local zone?
For the latter, neither dnsmasq nor Unbound are good options. These aren't authoritative DNS servers. BIND is and it's available as a plugin for OPNsense.
Cheers
Maurice
For the latter, neither dnsmasq nor Unbound are good options. These aren't authoritative DNS servers. BIND is and it's available as a plugin for OPNsense.
Cheers
Maurice
#100
Virtual private networks / Multiple VPN WANs
Last post by Ph0enix - December 07, 2025, 11:10:24 AMI'm setting up multiple VPN connections on OpnSense and then configuring them as gateways according to this guide. There are a few issues that I'd appreciate getting some advice on:
- Gateway IPs. For each configuration that Proton generates it gives the same local address inside the tunnel `10.2.0.2`. Works fine when creating mutiple instances. However when I try to create multiple gateways that map to different profiles the system predictably complains that the IP is already in use. Are there any workarounds for that issue? I could spawn a bunch of containers on a different host that would connect as clients to proton and then expose this connection via a local server, and then point OpnSense to there local servers. But perhaps there are easier options that can be set up on OpnSense itself? I have another VPN provider that gives different local IPs for different connections and there it works fine. So it's just proton that has this issue (although if people know other providers that rely on the same configuration please share which ones so that I could avoid them)
- Monitor IPs. For a single connection I use my VPN provider's DNS IP. However since it's routed through a single gateway I can't reuse it for a different gateways. I don't want to lock google or cloudflare dns ips for that since I may want to use them sometime. Currently I picked some random IP addresses in the countries I connect to but it doesn't seem right to constantly ping random addresses so if people could point me to some IPs (both IPv4 and IPv6) that are "designed" for that purpose that would be helpful.
- Killswitch. There is a killswitch that prevents the traffic from leaking through regular WANs. Do I need to create similar rules to prevent the traffic leaking across VPN connections in case some of them go down while the others stay up?
