Clean install 15.7_LibreSSL as VM, firmware upgrade not working.

[roro]

Hello,
i'm struggling to get OPNsense-15.7_LibreSSL-cdrom-i386.iso to the latest firmware.
OPNsense 15.7-i386
FreeBSD 10.1-RELEASE-p14
LibreSSL 2.2.0
=====================================================
Current Firmware Status :
A total of 66 update(s) are available.
=====================================================
Message on Firmware page:
***GOT REQUEST TO UPGRADE: all***
***STARTING UPGRADE***
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (99 candidates): .......... done
Processing candidates (99 candidates): ....... done
The following 66 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   opnsense-update: 15.7.10
   unbound: 1.5.4_1
   ldns: 1.6.17_5
   libedit: 3.1.20150325_1

Installed packages to be UPGRADED:
   sudo: 1.8.13 -> 1.8.14p3
   squid: 3.5.3_1 -> 3.5.7
   sqlite3: 3.8.10.2 -> 3.8.11.1
   smartmontools: 6.4 -> 6.4_1
   py27-pytz: 2014.10,1 -> 2015.4,1
   py27-Jinja2: 2.7.3 -> 2.8
   py27-Babel: 1.3_2 -> 2.0
   png: 1.6.17 -> 1.6.17_1
   php56-zlib: 5.6.10 -> 5.6.12
   php56-xml: 5.6.10 -> 5.6.12
   php56-tokenizer: 5.6.10 -> 5.6.12
   php56-sqlite3: 5.6.10 -> 5.6.12
   php56-sockets: 5.6.10 -> 5.6.12
   php56-simplexml: 5.6.10 -> 5.6.12
   php56-session: 5.6.10 -> 5.6.12
   php56-pdo_sqlite: 5.6.10 -> 5.6.12
   php56-pdo: 5.6.10 -> 5.6.12
   php56-openssl: 5.6.10 -> 5.6.12
   php56-mysql: 5.6.10 -> 5.6.12
   php56-mcrypt: 5.6.10 -> 5.6.12
   php56-mbstring: 5.6.10 -> 5.6.12
   php56-ldap: 5.6.10 -> 5.6.12
   php56-json: 5.6.10 -> 5.6.12
   php56-hash: 5.6.10 -> 5.6.12
   php56-gettext: 5.6.10 -> 5.6.12
   php56-filter: 5.6.10 -> 5.6.12
   php56-dom: 5.6.10 -> 5.6.12
   php56-curl: 5.6.10 -> 5.6.12
   php56-ctype: 5.6.10 -> 5.6.12
   php56-bz2: 5.6.10 -> 5.6.12
   php56-bcmath: 5.6.10 -> 5.6.12
   php56: 5.6.10 -> 5.6.12
   phalcon: 2.0.3 -> 2.0.7
   perl5: 5.20.2_5 -> 5.20.2_6
   pcre: 8.37_1 -> 8.37_4
   opnsense: 15.7 -> 15.7.11
   openvpn: 2.3.7 -> 2.3.8
   openssh-portable: 6.8.p1_8,1 -> 7.1.p1_1,1
   mpd5: 5.7_2 -> 5.7_3
   lighttpd: 1.4.35_5 -> 1.4.36
   libressl: 2.2.0 -> 2.2.2
   libmcrypt: 2.5.8_2 -> 2.5.8_3
   jansson: 2.7 -> 2.7_1
   isc-dhcp42-server: 4.2.8 -> 4.2.8_1
   gettext-runtime: 0.19.4 -> 0.19.5.1
   freetype2: 2.5.5 -> 2.6_1
   filterdns: 0.1 -> 0.2
   expat: 2.1.0_2 -> 2.1.0_3
   dnsmasq: 2.73,1 -> 2.75,1
   curl: 7.43.0_2 -> 7.44.0
   ca_root_nss: 3.19.1_1 -> 3.20
   bind910: 9.10.2_5 -> 9.10.2P3_1

Installed packages to be REINSTALLED:
   voucher-0.1_4 (needed shared library changed)
   syslogd-10.1_1 (direct dependency changed: clog)
   strongswan-5.3.2 (needed shared library changed)
   relayd-5.5.20140810_1 (needed shared library changed)
   python27-2.7.10 (needed shared library changed)
   openldap-client-2.4.41 (needed shared library changed)
   ntp-4.2.8p3 (needed shared library changed)
   miniupnpd-1.9_1,1 (needed shared library changed)
   libxml2-2.9.2_3 (options changed)
   libevent2-2.0.22_1 (needed shared library changed)

The operation will free 6 MiB.
41 MiB to be downloaded.
Restarting webConfigurator...done.
***DONE***
===========================================================

I test this on vmware. I have a 8gb disk, after configuring the first upgrade works, but then the following upgrade does not work (via webconsole or cli). I also had this with the OPNsense-15.7_OpenSSL-cdrom-i386.iso version.

Any idea?

Cheers,
RoRo

[weust]

Not saying this might be the issue, but how much RAM did you give the VM?
1024MB is safe, 512MB might not be. Sure ain't for installation from the ISO.

And why i386 and not x64?

[roro]

Hi Weust,

the VM has 2048mb ram.
i386 because I have soekris and some old fanless motherboards I want to use.

Greets.

[weust]

Ah, ok. I understand then.
RAM is more then enough for this.

Are you getting any error messages? There should be something if it doesn't work.

[roro]

Well, I just did a cli upgrade and got the following message:
The operation will free 6MiB.
41 MiB to be downloaded.
pkg: http://pkg.opnsense.org/FreeBSD:10:i386/libressl/All/perl5-5.20.2_6.txz: Operation timed out.

and upgrade stops.
However I can download the mentioned file without any problem.

[franco]

I just tested this, works fine. The file is a bit bigger than the others, but why it stalls might be something in your network, maybe in conjunction with pkg's weird user agent set? something like a firewall or traffic shaper?

You can try to upgrade to 15.7.10 manually (we know for sure 15.7.10 worked fine on the off-chance 15.7.11 has a weird twist):

# opnsense-update -n "15.7.10\/LibreSSL"

If the error is the same, something blocks the file transfer at some point.

[roro]

Hi, Pfsense is blocking 
block   Aug 27 20:58:53   AM   10.10.4.10:23531   46.242.149.20:53   UDP
block   Aug 27 20:58:37   AM   10.10.4.10:33125   46.242.149.21:53   UDP
block   Aug 27 20:58:30   AM   10.10.4.10:14615   46.242.149.30:53   UDP
block   Aug 27 20:58:19   AM   10.10.4.10:17439   46.242.149.31:53   UDP
block   Aug 27 20:58:08   AM   10.10.4.10:11342   46.242.149.10:53   UDP
block   Aug 27 20:57:53   AM   10.10.4.10:40232   46.242.149.11:53   UDP
This is true for my network. This part of network can only use my own dns-server.
Why is opnsense going to dns in poland?

[franco]

If it's not configured manually it's being pushed via DHCP. We don't hardcode DNS servers?