Update to 18.7.10 broke my WAN Interface on apu2

Started by manuel, January 09, 2019, 07:12:07 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 09, 2019, 07:12:07 AM Last Edit: January 10, 2019, 06:55:59 AM by manuel
Hello friends
I'm having two different opnsense installation in two different location each on a apu2d4 which are both connected to a cable modem and the same provider. One box was update to 18.7.10 automatically this Monday 7th January. The second box still has 18.7.9 installed and is working fine.

After updating to 18.7.10 I don't get anymore an IP address on the WAN interface from my provider via DHCP. If I reboot the firewall and go to the dashboard I can see an IP from the range of my provider for a couple of seconds. After that, the IP is gone and I have only 0.0.0.0 and at the end there is no IP at all.

I rebooted opnsense several times and also my cable modem. No luck. I also tried to downgrade with

opnsense-revert -r 18.7.9 opnsense

but then I only get a

Fetching opnsense.txz: .. failed

I checked the release notes from 18.7.10. There are some changes in the code for the interfaces.

I attached my kernel message log and also some ifconfig commands. igb0 is my internal interface and igb1 for WAN.

Thank you very much for your help.

Regards Manuel
January 09, 2019, 07:42:24 PM #1
I have the same problem after upgrading to 18.7.10 on my apu2 board. :-(
January 09, 2019, 09:42:08 PM #2
Hello
Made a fresh new 18.7 installation this evening restored backup and WAN IP seems to be stable. How can I now update from 18.7 to 18.7.9. The GUI wants to upgrade directly to 18.7.10. I can't select 18.7.9.

I even tried on the shell with opnsense-upgrade -r 18.7.9 but even then it seems that it will go directly to 18.7.10.

Code Select
root@OPNsense:~ # opnsense-update -r 18.7.9
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (101 candidates): 100%
Processing candidates (101 candidates): 100%
The following 85 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py27-yaml: 3.13
        squid3: 3.5.28_1
        radvd1: 1.15

Installed packages to be UPGRADED:
        ...
        pcre: 8.42 -> 8.42_1
        os-dyndns: 1.8 -> 1.11
        opnsense-update: 18.7 -> 18.7.10
        opnsense-lang: 18.1.7 -> 18.7.8
        opnsense: 18.7 -> 18.7.10
        openvpn: 2.4.6_1 -> 2.4.6_3
        openssl: 1.0.2o_4,1 -> 1.0.2q,1
        openssh-portable: 7.7.p1_6,1 -> 7.9.p1_1,1
        openldap-sasl-client: 2.4.46 -> 2.4.47
        ntp: 4.2.8p11_2 -> 4.2.8p12_3
        ...


Thank you for your help.

Greetings Manuel
January 09, 2019, 09:51:47 PM #3
Quote from: manuel on January 09, 2019, 07:12:07 AM
Hello friends
I'm having two different opnsense installation in two different location each on a apu2d4 which are both connected to a cable modem and the same provider. One box was update to 18.7.10 automatically this Monday 7th January. The second box still has 18.7.9 installed and is working fine.

After updating to 18.7.10 I don't get anymore an IP address on the WAN interface from my provider via DHCP. If I reboot the firewall and go to the dashboard I can see an IP from the range of my provider for a couple of seconds. After that, the IP is gone and I have only 0.0.0.0 and at the end there is no IP at all.

Can confirm the issue on an Intel (Celeron plus NIC) box. However, I was lucky enough to get a stable connection after a few reboots to perform the downgrade to 18.7.9.
January 10, 2019, 09:32:34 AM #4
Hi guys,

This works...

# opnsense-revert -r 18.7.9 opnsense

This does NOT work for stable package updates...

# opnsense-update -r 18.7.9

Upgrading from a lower version of 18.7 into 18.79 works by selecting the firmware flavour manually:

"18.7/MINT/18.7.9/OpenSSL" or "18.7/MINT/18.7.9/LibreSSL"

This will NOT downgrade a 18.7.10.

That being said the reports are strange: is this a driver issue? configuration code? No logs?

All I can gather is so far is that WAN DHCP does not keep its designated IP?

18.7.9 -> 18.7.10 interface changes...

o interfaces: only show name servers offered by individual link in status page
o interfaces: DUID-LL generator fix (contributed by Team Rebellion)
o interfaces: show disabled and virtual interfaces in groups
o interfaces: change wireless page interface iterators
o interfaces: change LAGG page interface iterators
o interfaces: remove unused get_dns_servers()
o interfaces: assorted code cleanups

All of these are not related to DHCP, WAN or startup.

That being said, I'm not sure where to start looking...


Cheers,
Franco
January 10, 2019, 10:35:04 AM #5
Hello Franco
Thank you very much for your explanation.

# opnsense-revert -r 18.7.9 opnsense

Didn't work for me and produced a

# Fetching opnsense.txz: .. failed

Maybe because of missing internet connection?

I still don't get the point how to upgrade from 18.7 to 18.7.9 now. Sorry about that.

Yes you're right, WAN DHCP does not keep its designated IP. That's the problem.

I also checked system.log after upgrading to 18.7.10 but couldn't see any hint why WAN is losing its IP address. Unfortunately I had to go back to 18.7 because I can't live without internet and I don't have another apu2 to play with.

Maybe someone else could provide more info out of log files to investigate this issue.

Thank you very much for your help I'm really a big big fan of opnsense! Very good work.

Greetings Manuel
January 10, 2019, 10:48:26 AM #6
Hi Manuel,

Yes, fetch fails so no Internet for opnsense-revert.

Go to System: Firmware: Settings, select flavour "(other)" and add this:

18.7/MINT/18.7.9/OpenSSL

Save and check for updates... it'll upgrade to 18.7.9 because that mirror location was fixed. It corresponds to:

https://pkg.opnsense.org/FreeBSD:11:amd64/18.7/MINT/

Where you can selectively pick all current releases. opnsense-revert also uses these directories.

Normal updates use a symlink to the latest version instead so when 18.7.10 is out it doesn't see 18.7.9 anymore.


Cheers,
Franco
January 10, 2019, 12:26:50 PM #7
Hello Franco
Thank you for your detailed answer. I'll try this this evening.

Really appreciate your help and work.

Greetings Manuel
January 10, 2019, 03:37:40 PM #8
No worries and thanks for your help on tracking this down too.


Cheers,
Franco
January 11, 2019, 02:02:37 AM #9
It kinda did the same for me but only IPv6 gateway monitoring via dpinger seems to be broken as the IPv6 connectivity itself works.

The log message every seconds reads:
Quotedpinger: WAN_SLAAC fe80::7281:5ff:fe7e:580%pppoe0: sendto error: 65
January 11, 2019, 04:15:02 PM #10
In another thread a similar problem was reported oddly enough pointing to Unbound and a probable form of DoH or TLS usage.

https://forum.opnsense.org/index.php?topic=10958.0

Try reverting this commit:

https://github.com/opnsense/core/commit/3d8fd0088a

# opnsense-patch 3d8fd0088a


Cheers,
Franco
January 11, 2019, 06:54:37 PM #11
One step sideways... are you guys using Suricata in IPS mode on said interface?


Cheers,
Franco
January 11, 2019, 07:46:56 PM #12
I don't because of problem but plan to try again with 19.1.
We should the dns server habe anything to do with dpinger? Note not apinger!
I reconfigured the WAN interface from SLAAC to DHCPv6 which fixed dpinger.
January 11, 2019, 11:05:43 PM #13
Quote from: franco on January 11, 2019, 06:54:37 PM
One step sideways... are you guys using Suricata in IPS mode on said interface?

No Suricata whatsoever. I'll probably try the update again tomorrow and see what the system log says.
January 12, 2019, 01:00:01 PM #14
Hello Franco
Yes, on my box IDS and IPS is enabled on WAN interface only.

Managed to update from 18.7 to 18.7.9 and WAN problems are gone. My internet connection to ISP is stable since some days.

Sorry that I can't assist you anymore but I couldn't find any error entries in dmesg or system.log when loosing IP address on WAN interface igb1.

Regards Manuel
Print
Go Up Pages1 2
User actions