[update] after 22.7.9 update the gateway suddenly dies after 1 day or so

Started by manilx, December 03, 2022, 11:19:45 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 4 5 6
User actions
January 05, 2023, 11:29:04 PM #75
You have to use revert.
January 05, 2023, 11:32:31 PM #76
And to answer a previous poster, no, it's not fixed.  Lock Suricata at 6.0.8.  Everything else should work fine.

You can follow the Suricata bug report Franco linked to earlier.


Sent from my iPhone using Tapatalk
January 05, 2023, 11:34:46 PM #77
And, yes, .10, broke somethings for sure, but OPNsense has been a rock solid platform for me for several years up until this last change.


Sent from my iPhone using Tapatalk
January 06, 2023, 12:15:19 AM #78
ran revert to 22.7.9_3 and now my WAN port is going up/down every 5 min.  Crap!
January 06, 2023, 12:40:35 AM #79
Quote from: gurpal2000 on January 05, 2023, 07:34:43 PM
Noticed internet access was very slow since doing the upgrade couple days ago.

Thankfully came across this thread. Not an opnsense expert. Running opnsense on a dedicated physical machine.

Rolled back to 22.7.9 and things seem to back to 'normal'.

opnsense-revert -r 22.7.9 opnsense
opnsense-update -kr 22.7.9
# then reboot

Cheers,
Do the commands exactly as shown above.  Revert, update, then reboot.  First command reverts the package, second command updates the kernel to the specific package.
January 06, 2023, 12:44:02 AM #80
And restore your last good config on .9.
January 06, 2023, 05:07:35 AM #81 Last Edit: January 06, 2023, 05:32:32 AM by comet
Quote from: chknpikr on January 05, 2023, 11:32:31 PM
And to answer a previous poster, no, it's not fixed.  Lock Suricata at 6.0.8.  Everything else should work fine.
Thanks for the response.  Still running 22.7.8 here so don't have to revert anything, and I'm not using Suricata but I know it is installed on the router because I see it update when I update OPNsense.  So what I'm trying to clarify is, if I lock my current version of Suricata can I then upgrade to the current OPNsense version without issues, or am I still likely to have problems?  In other words is it definitely just Suricata that is causing all the weirdness and the loss of Internet connectivity, or are there other factors at play also?

And assuming you can do normal upgrades once you have locked Suricata, then my question is, how do you lock Suricata at the current version?  EDIT:  After more searching I found the post on Reddit that gave this procedure:

QuoteSystem - Firmware - Packages

Scroll down to Suricata. On the far right there's a lock icon. Clicking it toggles locked/unlocked.

Is that the procedure you used to lock it?

As I said previously, OPNsense has been such a joy to use up until this, but I cannot take the risk of doing an update and having the router lose internet connectivity (whether immediately or a day later).  I would really hate having to go to pfsense or some other router software after all this time, so I hope a solution that permanently fixes this problem appears soon!
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
January 06, 2023, 02:58:22 PM #82
That is the procedure.

I'm running fine on .10 with Suricata locked at .8, but I would hold at the version you're on now.  There's no need to rush the upgrade.  I suspect there are other underlying gremlins complicating various configs, judging from forum posts here and elsewhere.

In tech, "upgrading" a perfectly stable setup, usually turns into, "ruining your entire weekend".  We're all masochists.
January 07, 2023, 01:55:35 PM #83
Amen to that last post!  My last two weekends have been toast.  I tried reverting to 22.7.9 and it made my WAN Flapping worse.  I'm thinking about going to 22.7.8, but I'm also outside my wheelhouse of expertise and fearful that I will make the problem worse
January 09, 2023, 01:56:22 PM #84
This thread is a bit of a mess, I'm sorry to say.

Despite claims here the only change in 22.7.9 was Suricata 6.0.9 which we reverted in 22.7.9_2 / 6.0.9_1.

The issue being triggered is INHERENT to the system configuration, hardware (or VM) being used and FreeBSD kernel. So far it looks like 6.0.9 just triggers it more often than not and I think that poking at it will just make it worse if you insist on using IPS with the hardware (or VM) at hand.

Please DO NOT spread oversimplified statements about a particular OPNsense version worse than another one, because it is always a SINGLE component in the release notes causing this behaviour on YOUR system, NOT everyone's system.


Cheers,
Franco
January 09, 2023, 02:42:51 PM #85
Also, fact: up until one specific update all worked for many updates and major versions before. IPS etc.
And then ONE update breaks all in a way that the basic usage is completely compromised.
That's a fact and no finger pointing and blaming......
January 09, 2023, 02:49:09 PM #86 Last Edit: January 09, 2023, 02:52:16 PM by franco
I think that argument is a bit spurious, the all-or-nothing seems to indicate that this is not a specific issue with the update. Reverts, even partial have to work in order for your theory to be confirmed. So as soon as you can pinpoint I'm happy to look at it as always.  :)

The free support advice is to disable IPS or replace hardware, whichever is more convenient. Complaining to others likely isn't as convenient as it looks at first glance.

If there is another issue with Suricata 6.0.9 it's good to look into it, but rest assured that we cannot do QA for other projects on a large scale and hold back stable updates forever, especially with security updates intermingled by the respective authors.


Cheers,
Franco
January 09, 2023, 02:58:46 PM #87
Again: I'm looking (was looking) at it from an end user perspective. If my car breaks down after an intervention I can't know if it's Bosch or Siemens part of if BMW screwed up. I just want a car working as before. Might be a stupid example I know.
And if the update broke my system I blame the update not the parts it's made of.
You might be technically right but that's not what I meant (as OP). I had "really" big issues and spent many days trying to fix it, without success.
I found a "workaround" and will see what the next big version update brings.

No hard feelings anyway.
January 09, 2023, 03:10:55 PM #88
> And if the update broke my system I blame the update not the parts it's made of.

I know your intention but the bottom line is the culprit was fixed in 22.7.9_2 and so was 22.7.10. Whatever you see on those versions after a clean reboot with a passed health audit is what was the case in 22.7 install and FreeBSD 13.1 by extension.

That's the reason why I'm asking which component in which version the complaint is about and wether you have switched IPS mode off to confirm the problem goes away.


Cheers,
Franco
January 16, 2023, 03:03:05 PM #89
@franco - appreciate your comments.

Perhaps if you can put a final statement (fix/advice) and maybe lock the thread before it causes further confusion (for want of a better word).

thanks
OPNsense + TP-Link W9970
Print
Go Up Pages 1 ... 4 5 6
User actions