[CALL FOR TESTING] FreeBSD 13.1 / 22.7 operating system preview

[franco]

Hi all,

Quick kudos to FreeBSD people for smooth managing of 13.1 this time around that also fits our release window nicely. The release notes can be found here:

https://www.freebsd.org/releases/13.1R/relnotes/

Since 22.1 is based on 13-STABLE some changes may already be included as documented therein. Yet the plan for 22.1 was to stay as close to 13.1 as possible so the next phase of the plan goes forward as we adopt the actual 13.1 code base for the upcoming 22.7 release series. We also managed to upstream a few small things so we can get rid of a bit of custom patching in our source code.

As such, the operating system between 22.1 and 22.7 is interchangeable so for anyone wondering about new features or driver changes there now is a public beta test to preview. The command to install is as follows:

# opnsense-update -bkzr 22.7.b
# opnsense-shell reboot

(reboot now or later, but must reboot to load the new OS)

For anyone looking to switch back the firmware upgrade will try to move you back to 22.1.x base/kernel sets unless you lock both packages from the firmware GUI page.

Note of care for kmod users (specifically Realtek and WireGuard within our immediate reach):

Your kernel module was built for an older FreeBSD version and may not work correctly or outright refuse to load upon reboot. Your only choice is to rebuild it from the correct source version or revert back to 22.1.x.

Feedback? Questions? Happy testing!


Cheers,
Franco

[dpeter]

Thank you for the fixes in 22.1.8 as well as providing an onramp to beta test 13.1-RELEASE.

What does the upgrade cycle look like if we go to 22.7.b for when 22.7 proper is released?  Is that just an opnsense-update jump away to get on the 22.7 series proper once released?

[_Alchemist_]

# opnsense-update -bkzr 22.7.b

If i run `opnsense-update -bkzr 22.7b` on my OPNsense 22.1.8 VM, I get the following error:

Code: [Select]

Fetching base-22.7b-amd64.txz: ..[fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/sets/base-22.7b-amd64.txz.sig: Not Found] failed, no signature found
--- Edit ---

I missed one dot ... I typed

Code: [Select]

opnsense-update -bkzr 22.7b instead of

Code: [Select]

opnsense-update -bkzr 22.7.b
I updated my two OPNsense VMs (HA Cluster) and they seem to work fine, no errors yet

[birdy]

Updated and everything ok so far.

But then it started to be a little confusing.

Dashboard/System information shows:

OPNsense 22.1.8-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1o 3 May 2022

and

¨Click to view pending updates.¨

Clicking shows:

Package name   Current version   New version   Required action   Repository
base                   22.7.b                   22.1.8           upgrade                  OPNsense
kernel                   22.7.b                   22.1.8           upgrade                  OPNsense

Not paying attention and assuming there was an update I updated and... was back on 13.0/22.1.8.

Luckily I made snapshots (running on Proxmox) and switched back and ( I think :-) ) I am running 13.1/22.7.b now although System Information shows:

OPNsense 22.1.8-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1o 3 May 2022

[_Alchemist_]

Same for me, my OPNsense VMs also report being still on 22.1.8, but "freebsd-version -kru" reports 13.1-RELEASE - so I guess the Updates still works

[madj42]

Thank you for the fixes in 22.1.8 as well as providing an onramp to beta test 13.1-RELEASE.

What does the upgrade cycle look like if we go to 22.7.b for when 22.7 proper is released?  Is that just an opnsense-update jump away to get on the 22.7 series proper once released?

Correct me if I'm wrong but it shouldn't matter as this is just the underlying FreeBSD OS and kernel.  Not the Opnsense extensions.  For the others that are confused, as Franco said previously, you're going to see an update if you check for updates.  If you want to prevent the downgrade to 13.0, you need to lock the base and kernel packages.  Worked great for me.

Thank you Franco and team.  No issues so far.  I was using the pre3 version as well and had zero issues.

[franco]

madj42 is correct.

> What does the upgrade cycle look like if we go to 22.7.b for when 22.7 proper is released?  Is that just an opnsense-update jump away to get on the 22.7 series proper once released?

22.7 upgrade will force a new kernel install to ensure integrity. You can either keep using 22.7 kernel/base in 22.1 or revert back to 22.1.x versions. Either way in the actual 22.7 upgrade the kernel will be matching the major release version again.


Cheers,
Franco

[bugvito]

22.1.8_1 + 22.7b kernel+base
All is good so far after a day, and the update was uneventful.

Simplistic setup:
- VLANs on WAN + MAC spoofing with dhcp
- VLANs on LAN + DHCP server
- plugins: IGMP-proxy, uPNP, Sensei
- 4xi225 NICs
- Suricata on WAN
- Zenarmor on LAN

[dpeter]

Same here, 22.1.8_1 + 22.7b kernel+base and all is OK.

I am also stable since the panics I had earlier, though removing the Atheros wifi card seemed to help with that.

https://forum.opnsense.org/index.php?topic=28422

[weust]

OPNsense 22.1.8_1-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1o 3 May 2022

Now we wait...

Running on a HP T620 Plus with a dual SFP port Intel i350 card.
AMD GX-420CA SOC with Radeon(tm) HD Graphics (4 cores, 4 threads)

[RedVortex]

OPNsense 22.1.8_1-amd64
FreeBSD 13.1-RELEASE

All good so far

Multi WAN (PPPoE and Starlink)
HE tunnel for IPv6 testing
Both old and new ddclient (still need the old for GoDaddy)
X520-DA2 card and 4x1G intel card
Multiple VLANs
Acme, netflow, mdns, IPsec, OpenVPN

[marjohn56]

All OK here.


native dhcp/6 on WAN, 3 tracking interfaces, no issues.


UDP Broadcast Relay - no issues.
Wireguard  - no issues.
ddclient - Google Domains, IPv4 only - No issues.
Green across the board.


Qotom core I5-5250U
4 * Intel NICs
8Gb Mem

[MCMLIX]

Everything seems to be good with:

# opnsense-update -bkzr 22.7.b
# opnsense-shell reboot

##Proxmox 7.2

# Intel Corporation I350 Gigabit Network Connection two port passthrough
Port One = WAN
Port Two = Vlan parent (4 vlan in total)

# Intel Corporation 82574L Gigabit Network Connection passthrough
LAN

No parent interface enabled

openVPN to Surfshark

Used this Guide:
https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/
Substituted OpenVPN for Wineguard

OPNsense 22.1.8_1-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1o 3 May 2022

os-api-backup (installed)   1.0_1   2.35KiB   OPNsense
os-chrony (installed)   1.5   20.6KiB   OPNsense
os-firewall (installed)   1.1   56.4KiB   OPNsense
os-qemu-guest-agent (installed)   1.1   19.2KiB   OPNsense
os-theme-rebellion (installed)   1.8.8   5.20MiB   OPNsense
os-udpbroadcastrelay (installed)   1.0_2   44.8KiB   OPNsense
os-wol (installed)

I've been using OPNsense on a Bare Metal box, so will post any problems I encounter with this VM.

[Lynxcat]

Works fine on Beelink GK55 mini PC, Intel J4125, 8GB RAM (also works fine replacing with 16GB sodimm), 128GB SSD, built-in dual Realtek NICs, purchased brand new on sale for CAD $215 Amazon.ca :

OPNsense 22.1.8_1-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1o 3 May 2022

- unbound : all blocklists enabled except WindowsSpyBlocker(Update & Extra)
- Suricata IDS/IPS
- Zenarmour/Sensei : Free Edition

Great many thanks to the Developers ensuring latest most secure OS version !

[phantomsfbw]

Lynxcat, how did you get Zenarmor running?