Upgrading from 23.1 to 23.7 - Newbie Question

Started by connervt, September 16, 2023, 02:50:57 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
September 16, 2023, 02:50:57 PM
I have been running OPNSense for my home network for the past 6 months, and have been learning much about it.  I am currently on 23.1 and am ready to take the plunge to 23.7.  Before I mess up totally and take the house network down for an extended amount of time, thought I'd ask a quick question.

Is it recommended that I do an offline update (as noted in the OPNSense Documentation) or can it be done from System > Firmware > Updates in OPNSense itself?  My configuration is as basic/vanilla as it can get.

September 16, 2023, 03:23:19 PM #1
No need for an offline update. If on slower hardware keep in mind there could be 15+ minutes before the FW is back up.

When you're up on 23.7 check for updates again to get on 23.7.4
September 16, 2023, 07:51:30 PM #2
Thanks for the response.  This was just one of those times that you reach a fork in the road and if you take the wrong branch there may not be an easy way to go back.  Hunting for answers on your phone after you make a poor choice is never fun.  (Ask me how I know  ::) )

My move to OPNSense came with getting one of those Topton N5105 boxes, migrating away from a getting old Asus router running Tomato.  No worries on a 15 minute update, but thanks for the heads up to be patient.
September 16, 2023, 10:38:03 PM #3
N5105 is a fast one, should be  ~6 minutes down
September 18, 2023, 01:39:53 AM #4
Done, and completely painless.  You were right smack on the money, just about 6 minutes to having the login screen back.  Updated again to 23.7.4, ran a quick audit and all is good.
September 20, 2023, 03:37:10 PM #5
In the future, make sure you download your config before doing an update.  Also make sure you have a copy of the installer handy.  That way if the update does go sideways you can reinstall and import the config.

That said, I've yet to need them in any of the updates I've done, but it's still cheap peace of mind.
September 21, 2023, 01:46:30 AM #6
Thanks, I had both.  Some may laugh at my key ring full of flash drives, but I have on hand what I need to get myself out of most situations.  Along with my aversion to any software version that ends in .0 (or even .1, for that matter) is why I waited for 23.7.4 to be released.

Well, that and os-ddclient to work properly with duckdns.  Which it still isn't for me.   >:(
September 21, 2023, 02:09:47 AM #7
Quote from: connervt on September 21, 2023, 01:46:30 AM
Well, that and os-ddclient to work properly with duckdns.  Which it still isn't for me.   >:(

Did you change the backend ?
September 21, 2023, 10:57:21 AM #8
I did.  Set up per this post, from 2023-09-02:
https://forum.opnsense.org/index.php?topic=34575.msg173857#msg173857

Created a test domain, manually gave it an incorrect address (to see if it changed by ddclient).  I get nothing but KO in my logs:

DuckDNS update failed for 0da****1-4d80-4820-b**d-b83***6f3815 [duckdns - TEST] with ip 67.246.*3.*6 for domains qwertytest.duckdns.org, response: KO

(some data obscured by me)
September 21, 2023, 11:21:58 AM #9
Try a simpler password, I think I read something about special characters causing issues recently
September 21, 2023, 11:59:54 AM #10
Just to clarify: "offline" upgrade here means the sytem will fetch all packages to install and do the upgrade before starting network connectivity. This is done to avoid scenarious where tools would try to fetch extra packages from somewhere else that could break or in cases when network connectivity cannot be established due to OS updates or mismatches between core and OS (these are upgraded incrementally).


Cheers,
Franco
September 21, 2023, 02:56:40 PM #11
Quote from: connervt on September 21, 2023, 01:46:30 AM
Thanks, I had both.  Some may laugh at my key ring full of flash drives, but I have on hand what I need to get myself out of most situations.  Along with my aversion to any software version that ends in .0 (or even .1, for that matter) is why I waited for 23.7.4 to be released.

Well, that and os-ddclient to work properly with duckdns.  Which it still isn't for me.   >:(

Check out ventoy.  It will help consolidate those drives.  Also, there are actual devices that you can load isos and which will emulate a usb cdrom.

Quote from: connervt on September 21, 2023, 10:57:21 AM
I did.  Set up per this post, from 2023-09-02:
https://forum.opnsense.org/index.php?topic=34575.msg173857#msg173857

Created a test domain, manually gave it an incorrect address (to see if it changed by ddclient).  I get nothing but KO in my logs:

DuckDNS update failed for 0da****1-4d80-4820-b**d-b83***6f3815 [duckdns - TEST] with ip 67.246.*3.*6 for domains qwertytest.duckdns.org, response: KO

(some data obscured by me)

Double check your backend.  That format doesn't look like what I've seen for messages from the native backend.

This is one of the reasons I'm lamenting the lack of verbose logging in the new backend.  It doesn't provide you with the req/resp anymore.  You can try doing a packet capture to grab the URL being used and then testing it via curl and adding &verbose=true to see what DuckDNS gives as the failure reason.

https://www.duckdns.org/spec.jsp

Quote from: newsense on September 21, 2023, 11:21:58 AM
Try a simpler password, I think I read something about special characters causing issues recently

DuckDNS doesn't use a password.  It's your account token which doesn't contain special characters.  Although it does annoy me that they're using a GET for a change request.

Quote from: franco on September 21, 2023, 11:59:54 AM
Just to clarify: "offline" upgrade here means the sytem will fetch all packages to install and do the upgrade before starting network connectivity. This is done to avoid scenarious where tools would try to fetch extra packages from somewhere else that could break or in cases when network connectivity cannot be established due to OS updates or mismatches between core and OS (these are upgraded incrementally).

Good to know.  I'm going to have to remember to look for the option next time I update.
September 22, 2023, 01:27:22 AM #12
franco, CJ and newsense - Thank you all for your input.  I keep on learning with it all.  As for my flash drive collection, old habits die hard.  But still a good choice - portable, can usually get it to boot on any system, and lives in the desk drawer where my servers and network live, so I (usually) can find what I need.

CJ is right - Duckdns uses a token in the password field.  I cut/past it right from my duckdns.org account page.  What is interesting (and probably a good thing?) is while the string from the log is similar in format to my token, they are not the same.  (same 8-4-4-4-12 char cadence)

As I wrote earlier, I set things up based on a recent post from here.  Not really all that much to configure, so unsure if it is dumbness on my end or ...?  Screenshots attached.

September 22, 2023, 06:17:24 AM #13
Just went through the whole setup and worked just fine - apart from a curve ball when checking the IP with an external service.

Using dg6464 post as a reference from another thread - however I did _not_ uncheck Force SSL

QuoteMy Working Settings:

General ->

Interval = 600 seconds
Backend = native

Accounts ->

Service = duckdns
Username = blank
Password = <token>
Hostnames = hostname.duckdns.org
Check ip method = Interface [IPv4]
Interface to monitor = WAN
Check ip timeout = 10
Force SSL = checked

Two things for you to try:

1) Change the backend - Save - Apply - Revert to Native - Save Apply


2) If that doesn't change much delete the configuration, remove and reinstall the package, create a new DuckDNS profile.

Code Select
pkg remove  os-ddclient && pkg install  os-ddclient
September 22, 2023, 07:39:04 AM #14
You don't need to reinstall, but removing all the old account entries from the plugin is a good idea.


Cheers,
Franco
Print
Go Up Pages1 2
User actions