Upgrading to 16.7, known issues and workarounds

Started by AdSchellevis, July 28, 2016, 11:16:33 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
July 28, 2016, 11:16:33 AM Last Edit: July 30, 2016, 05:25:33 PM by AdSchellevis
Hi All,

With the release of 16.7 we will use this forum post to keep you informed about issues that have been reported and fixes / workarounds.



[1] if IPS is not working, disable it temporarily or switch to IDS mode.
For intel cards there's a temporary fix available, we working on putting it into our standard release.
Please execute:

Code Select
opnsense-update -khr 16.7-em

Then reboot, and after reboot enable IPS again.

[2] some people using imported configurations, experience missing interfaces in the firewall section.
This is caused by a different interpretation of the configuration data underneath it, a fix is simple.
* Save each missing interface configuration under Interfaces: [IF], apply and finally reboot



Stay safe,

Your OPNsense team
July 28, 2016, 12:29:47 PM #1 Last Edit: July 28, 2016, 12:44:28 PM by Julien
After the update is done, I can't get any options on my home lobby dashboard.
even I tried to re-add them they won't appear.
tried it with google chrome, IE, Edge,Firewall.... none of them has works.
I have empty the cookies, deleted the browse history , nothing helps
after I noticed there is no VMware tools installed,
installed VMware tools and rebooted the box.
et voila everything is back to normal .
DEC4240 – OPNsense Owner
July 28, 2016, 02:37:52 PM #2
Suricata still crashes for me when IPS mode is disabed.

July 28, 2016, 09:00:32 PM #3
Upgrade to OPNsense 17.1.a_19-i386 without problems so far.
July 30, 2016, 06:36:55 PM #4
Performed the latest upgrade from web interface and update froze
Checked the router and numerous write errors reported (using nano image)
Checked the media - fine; media reader was dead/killed

Fresh install of OPNsense-16.7-OpenSSL-nano-amd64.img
Prolonged pause still present at boot (flashing cursor for about 70secs then boot continues; detection pause NOT present with pfsense builds)
Set up VLANs via console; DHCP server working; DHCP addressed received on test computer
Test computer unable to access router via web or by ping

Restore to factory defaults
Set up VLANs through web interface
DHCP address received on test computer
Unable to access router via web or by ping

Restore to factory defaults
Restore configuration from config file
VLANs working, DHCP working, web/ping working

Update via web interface
Screen states updating but no text of packages being received/updating reported (blank report window)

Update via console
Update proceeds uneventfully and system fully updated


I've set up VLANs numerous times with OPNsense/pfsense and had no issues previously
I keep this opnsense unit updated regularly - this most recent update was a tedious process
August 07, 2016, 05:29:39 PM #5 Last Edit: August 07, 2016, 05:31:40 PM by Yordan Yordanov
After upgrading to 16.7 all the site-to-site VPNs from the router stopped working. The status does indicate that the tunnel is connected, however no traffic gets through. I had to replace the device with a backup device with 16.1.20. Is it possible to revert 16.7 to 16.1.20 and how? Or if you have any idea how to fix them on the 16.7 I would be grateful. I have Multi-WAN if it matters.
August 07, 2016, 06:50:28 PM #6
Hi Yordan,

Yes it matters. VPN does not skip your Multi-WAN policies anymore. You need to add them manually or exclude VPN traffic. From the notes:

"The Disable Negate rule on policy routing rules option is no longer available as automatic VPN skip rules for policy-based routing have been removed. If you want to skip your VPN, please add an explicit rule."

I think your IPSec traffic is redirected here when it shouldn't.


Cheers,
Franco
August 07, 2016, 06:54:22 PM #7
Thanks Franco. Can you tell me in which section I should create the rule and how it looks like? Do I need one for each IPsec tunnel?
August 08, 2016, 07:52:25 AM #8
Hi Yordan,

What this old stuff did was for each Mutli-WAN rule there was a "pass" exception generated for the VPN destinations so those won't be policy-routed.

I didn't work on this so I cannot say for sure, but I'd start with adding a pass rule for the desired IPSec networks (one rule per IPSec it seems or use an alias for all...) before each policy routing rule in the interface firewall rule tabs.


Cheers,
Franco
August 24, 2016, 03:43:03 PM #9
hi

i installed 16.7.1
and IDS theme is not loading ...

please put your commnet

tnx
August 24, 2016, 03:54:47 PM #10
hi
I have  such a problem too.Just in IDS panel.(CSS doesn't load correctly)
August 25, 2016, 09:06:00 AM #11
We've had one report of this on a fresh install, but it was unsubstantial and fixed itself after the box/browser had access to the Internet.

Does this happen for the Proxy Server and Firmware Updates pages too?
August 25, 2016, 09:43:53 AM #12 Last Edit: August 25, 2016, 09:45:51 AM by Aadolf
thanks franco.

IDS and proxy server had problems and both of them are solved.But I didn't understand what the problem was and how it was solved???
August 25, 2016, 09:53:09 AM #13
We aren't sure either, but we'll keep looking out for this.
September 06, 2016, 08:48:47 AM #14
Is the IPS still a problem possibly with new installs? For me it seemed to be working at first but I needed to disable it for a while to overcome some issues, but I haven't been able to get it working again since no matter what I try. I posted a separate thread about it here.
Print
Go Up Pages1 2
User actions