OPNsense 15.7.17 Back in Service

[coltswalker]

My Internet provider, Windstream, decided to disable the firewall functionality, I mean completely remove it from the T3200 router in the last automatic update.  They did this without warning me, and my office NAS suddenly became exposed.

A few years ago I had built a solid state firewall appliance using OPNsense.  It has not been used in several years since we moved office.  Back then we had a dedicated connection with statics from a different provider.

Since the T3200 can no longer function as a firewall I have pulled the old OPNsense system out of storage and connected it between the T3200 and the office LAN switch.

After changing the configuration it is working well.

However, I noticed that it is using an out of date version of OPNsense:

opnsense   15.7.17   31.4MB   OPNsense release package
opnsense-update   15.7.12   9.13kB   OPNsense update utility

Question #1 - is there any security holes in this version?

I did attempt to upgrade it the way I had back in the day when it was in full time service. I would simply do it by navigating to System -> Firmware -> Fetch updates.

I get an error: Repository problem.

Question #2 - is it going to be possible to run the "Fetch updates" method of updating this thing without having to load and program from scratch?

Kind regards.

[Supermule]

Short answer is no.


Backup your config and reinstall with the latest version and then restore the config.

Job done.

[mimugmail]

You better configure from scratch. Some defaults changed and you would stick to old defaults when restoring

[coltswalker]

You better configure from scratch. Some defaults changed and you would stick to old defaults when restoring

Just to be clear, it is (you are saying) "no" to both question #1 and #2... No security hole in 15.7.17 and no "one click update" available.  Kind regards.

[chemlud]

Since 15.7 (released 4 and a half years ago!) many many packages will have seen security patches. Exposing something like that to the interwebs is only for the brave.

Is your setup for OPNsense that complicated? You could import some parts of the old config, e.g. your DHCP config, maybe, but if it's not weeks of work, start fresh...

[mimugmail]

You better configure from scratch. Some defaults changed and you would stick to old defaults when restoring

Just to be clear, it is (you are saying) "no" to both question #1 and #2... No security hole in 15.7.17 and no "one click update" available.  Kind regards.

using a firewall which didn't receive any updates is a total risk.

[coltswalker]

I decided to take your advice and update to the latest
OPNsense-20.7-OpenSSL-vga-amd64.img

On the system which is a Jetway JBC373F38W-525-B aka G03-NF38-F which is running the only bios available for it, the latest they released.
64GB SSD HD 59.63GiB visible in GParted, Atom D525 1.8GHz Dual Core, 2GB DDR3,

This system was running OPNsense 15.7.17 without issue.

The SSD drive passes all SMART tests.  Linux Mint 19.2 installs and runs fine on system.

I'm trying to install OPNsense 20.7 clean, from scratch.  It doesn't install.  The first time around it acted like it could only see 8GB of the 60GB drive.  It stalled about 60 or 70 percent though with an error that appears as though the drive was full.   Now it won't even start the installer.

[chemlud]

I create a new partition table on used SSD's before I do a fresh install of OPNsense, to erase all remnants of old installs.