Has anyone had a problem-free upgrade from OPNsense 17.7.12 to 18.1?

Started by comet, January 31, 2018, 07:35:56 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 01, 2018, 05:02:42 PM #15
I want to add that for mission critical software such as this I normally wait for for a few revisions before upgrading but assumed this would be clean and simple because most of the changes appeared to be in functionality I don't use. . Judging from all th bugs it appears this may have been in error.
February 01, 2018, 06:23:41 PM #16 Last Edit: February 01, 2018, 09:19:23 PM by dcol
Two issues for me.

1- NAT didn't work at first, but a patch solved that one
2- Download speed has dropped 50% from previous version.
**** UPDATE ****
Speeds were affected because custom tweaks were removed by the upgrade. All OK now.
February 01, 2018, 06:24:36 PM #17 Last Edit: February 01, 2018, 06:27:22 PM by phoenix
Quote from: Ron Curry on February 01, 2018, 05:02:42 PM
I want to add that for mission critical software such as this I normally wait for for a few revisions before upgrading but assumed this would be clean and simple because most of the changes appeared to be in functionality I don't use. . Judging from all th bugs it appears this may have been in error.

I'm afraid that upgrading any software at any stage in it's lifecycle is always a case of caveat emptor and take all suitable precautions. :)
Regards


Bill
February 01, 2018, 06:37:08 PM #18 Last Edit: February 01, 2018, 07:00:19 PM by elektroinside
Quote from: Ron Curry on February 01, 2018, 05:02:42 PM
I want to add that for mission critical software such as this I normally wait for for a few revisions before upgrading but assumed this would be clean and simple because most of the changes appeared to be in functionality I don't use. . Judging from all th bugs it appears this may have been in error.

When you say mission-critical devices, you say the buzzword "enterprise class". This includes enterprise-class hardware, software, aaand (drums) support. Did you pay for some of these? Mind you, support cannot be excluded.

Furthermore, you either wait for a few revisions (you actually wait for others to hit the wall / or not) or you don't. There are no exceptions, there can be no exceptions if you think you deployed mission-critical appliances.

But if you paid for mission-critical appliances and support, you don't do the upgrades yourself. You will call and schedule a remote session with the support personnel. It's your choice whether to make it your business or not (to personally execute the upgrade), but usually, you don't make it your business, because if something brakes while the remote personnel works on your device, you're not entirely responsible. And there's the thing that you paid for this kind of support (because otherwise, your appliance is not mission-critical, only in your imagination), so why bother? Did you do this?
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
February 01, 2018, 06:44:00 PM #19
Page name and screenshot please for easier tracking. I'm not aware of such fundamental changes in the GUI.


Cheers,
Franco
February 01, 2018, 10:09:57 PM #20 Last Edit: February 01, 2018, 10:26:26 PM by cnaslund
Quote from: elektroinside on February 01, 2018, 02:02:12 PM
This one?

Code Select

[Thu Feb  1 14:58:38 EET 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb  1 14:58:40 EET 2018] _ret='0'
[Thu Feb  1 14:58:40 EET 2018] code='400'
[Thu Feb  1 14:58:40 EET 2018] Update account error.
[Thu Feb  1 14:58:40 EET 2018] _on_issue_err
[Thu Feb  1 14:58:40 EET 2018] Please check log file for more details: /var/log/acme.sh.log


I had the code '400' as well as now the code '202'

Code Select
[Thu Feb 1 22:58:49 NZDT 2018] code='202'
[Thu Feb 1 22:58:48 NZDT 2018] _ret='0'
[Thu Feb 1 22:58:48 NZDT 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb 1 22:58:48 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/VPHhSBoLrKHx0v0OFCcDcZXtGPqHPByS19IzOusHVjo/97238858'
[Thu Feb 1 22:58:48 NZDT 2018] POST
[Thu Feb 1 22:58:48 NZDT 2018] payload='{"resource": "challenge", "keyAuthorization": "GnEN-3x5LEaX0JY0MCI2f5CnqqAGZ7UNfCD9G-SQKvk.MWT6TBf_bqAL23Qyf5vMzH8pVfGeuSTTNpd8Lr6fIiI"}'
[Thu Feb 1 22:58:48 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/VPHhSBoLrKHx0v0OFCcDcZXtGPqHPByS19IzOusHVjo/97238858'
[Thu Feb 1 22:58:48 NZDT 2018] code='400'
[Thu Feb 1 22:58:47 NZDT 2018] _ret='0'
[Thu Feb 1 22:58:47 NZDT 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Feb 1 22:58:47 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/feDqnEOavG71OFJysjupxhnl8xpBGdUP2PKeKdaotY0/97238857'
[Thu Feb 1 22:58:47 NZDT 2018] POST
[Thu Feb 1 22:58:47 NZDT 2018] payload='{"resource": "challenge", "keyAuthorization": "RTqcwn1u5RX1za4U01_4CVIlI3HgHKuejSXW7sTiPgc.MWT6TBf_bqAL23Qyf5vMzH8pVfGeuSTTNpd8Lr6fIiI"}'
[Thu Feb 1 22:58:47 NZDT 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/feDqnEOavG71OFJysjupxhnl8xpBGdUP2PKeKdaotY0/97238857'
[Thu Feb 1 22:58:46 NZDT 2018] Please check log file for more details: /var/log/acme.sh.log
February 01, 2018, 10:17:59 PM #21
Quote from: dcol on February 01, 2018, 06:23:41 PM
Two issues for me.

1- NAT didn't work at first, but a patch solved that one
2- Download speed has dropped 50% from previous version.
**** UPDATE ****
Speeds were affected because custom tweaks were removed by the upgrade. All OK now.

Can you provide us with those custom tweaks that were removed?  It appears that several of us are experiencing performance issues since the upgrade and would like to know what tweaks improve throughput.
February 02, 2018, 12:51:04 AM #22
First off, I only saw a performance reduction when IDS/IPS was enabled.
My specific issues had to do with custom IPS rules and tunables that I had placed in the wrong place and were erased during the upgrade.
As far as the custom IPS rules, I use pass rules to reduce the IPS engine load,
Use the tunable guide in the IPS topics for some improved performance.

One more thing that I noticed is you have to apply the IPS rules again, even if you didn't change anything after the upgrade or anytime suricata updates because the generic suricata.yaml will be used until you hit apply in the rules tab. This will affect your interfaces and engine algorithms used with IPS. The settings migrate ok in OPNsense, just doesn't apply them to suricata.yaml until you hit apply.
February 02, 2018, 12:56:55 PM #23
We upgraded via cmdline successfully.
On the old Alix boards we had to disable tmp & /var ramdisk before and re-enable after because of memory issues. With that the upgrade went smooth (but slow :} )
February 02, 2018, 01:37:00 PM #24
I updated via the GUI, smooth and fast on my box :)
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
February 02, 2018, 06:32:29 PM #25
Hi,

I am a relative new comer to OPNSense, I have managed to upgrade 2 without issue, they are relatively simple firewalls though (NAT and VPN)

M
February 03, 2018, 09:11:34 AM #26
Waited for 18.1.1 and upgraded directly to that and it appears to have worked fine, no issues at all have been observed so far.  Thanks to everyone who responded!
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
February 25, 2018, 04:03:47 AM #27
I just finished upgrading my install from 17.7.12 to 18.1.1 to 18.1.2_2 with no issues thus far.

Running custom hardware based on an industrial Atom D2550 board, 2GB memory, 4GB SLC SSD. OPNSense install with the Nano image. Upgrade itself took about 20 minutes.
Print
Go Up Pages 1 2
User actions