Upgrade from 20.1 -> 20.7 failed when IPS/IDS enabled.

[Archanfel80]

After upgrade from the latest 20.1.x to the 20.7 the firewall crashed right after the suricata service loaded. Some sort of CPU error, i cant see its scrolling too fast, then immediately reboot the machine. This stuck into a loop.
Full clean 20.7 install then restore the config.xml also cause this issue.
So the problem is with the suricata related part in the config.xml. Or even the whole suricata module bugged.
Make sure you are disabled before the upgrade.

[mb]

It's related to netmap. See this thread:

https://forum.opnsense.org/index.php?topic=17363.msg83997#msg83997

[EHRETic]

Same for me (it's a VM, no VLAN tagging, interface firectly on Internet with public address)

I let the IPS without blocking mode for now. At the second you activate blocking mode, it crashs

[Archanfel80]

Yes! Its a vmware VM on my side too, no vlan just native interfaces. As soon as i enabled blocking, the OS crashed and reset, then its stuck in a loop. Its an urgent issue since we use IPS many FW. Im reverted to 20.1 for now.

Same for me (it's a VM, no VLAN tagging, interface firectly on Internet with public address)

I let the IPS without blocking mode for now. At the second you activate blocking mode, it crashs

[mb]

A test kernel for 20.7 should be out soon. Till then, it's safe to stay on 20.1.

[W0nderW0lf]

I agree with mb.
Tried out 20.1 again and after restoring from backup, everything worked as before.
I also noticed, while looking at the opnsense terminal. Every Browser action on the dashboard, gets instantly stdout to the terminal. This never happened before. Hope we wont have to wait 2 long for a fix.

By the way, this bug seems to not only affect VM's since I am running Opnsense on bare metal with Intel chips.

[Archanfel80]

If i understand correctly this is not the opnsense issue but the freebsd and the kernel.
This "hardened" BSD project is a way to overkill for everyday use. Its cause trouble trouble trouble.