Can we get an upgrade to 25.7.2 that doesn't break our platform pls!!

Started by TheTecnophen, August 24, 2025, 10:15:53 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 24, 2025, 10:15:53 PM
I can't upgrade from 25.7 to 25.7.2 on my N100 without breaking OPNsense. It literally reboots itself and then won't go into the GUI. I'm having to re-install every single time I try. PLEASE FOR THE LOVE OF GOD!!!
August 25, 2025, 05:58:47 AM #1
Well, single user mode, mount the disk, go from there.

It's also a "community" version, so I am not sure we can criticize those offering a free product.
Open source free stuff comes with the risks.

Are you running UFS or ZFS filesystem?

August 25, 2025, 09:55:58 AM #2
> PLEASE FOR THE LOVE OF GOD!!!

I'm not here to bash you, but "buy once cry once" is becoming more evident these days. We write software and include software that increasingly breaks when bad cheap hardware is used which breaks the software by returning garbage results to it. N100 and friends have been a disaster. Intel is taking a hit. This is only going to get worse.


Cheers,
Franco
August 25, 2025, 12:17:22 PM #3
Running UFS. This is not my first rodeo with OPNsense. Honestly, been using it for years now without hiccup using suricata and adblockhome for my home lab. N100 is actually quite fine: Intel chipset, Intel NICs, lots of RAM and NVME so don't know what you're talking about Franc. Lots of people use N100, it's a good option. Honestly have 2 as I also run CAKE on OpenWRT on a symmetrical gigabit line without issue. I'm just saying, I have backups for a reason, but I can't use them if I can't install the platform that the plugins are looking for. I wouldn't have to re-install the platform if the 25.7.2 update didn't kill my Opnsense software after install. Yes I understand it's opensource and "community" and all that and no software is absolutely perfect. BUT. When you release an update that breaks the entire platform and then you leave the user unable to not only update (which isn't THAT big of a deal) but then the plugins won't install either because of said update not being implemented, it's a bit of an annoyance to put it subtly.
August 25, 2025, 02:00:25 PM #4
I understand your points, but you're asking at the wrong end.  N100 vs. FreeBSD is not our battle.



Cheers,
Franco
August 25, 2025, 06:01:28 PM #5
Nice. So let's deploy an update to a stable platform that breaks it for a bunch of users then throw your hands up and say "not my problem". good job..
August 25, 2025, 06:43:27 PM #6
You didnt even say so far what your issue is. What is the crash that happens, why doesn't it boot?

Can't you get any diagnostics at all?

Just saying "It does not work plz fix" does not help here.
Hardware:
DEC740
August 25, 2025, 07:32:19 PM #7 Last Edit: August 25, 2025, 07:58:06 PM by meyergru
1. As already noted, you first posting does tell us nothing about what is potentially wrong.

2. When you opt to use a cheap N100 box, you should not be too surprised that it is not as well maintained as Deciso hardware, for starters. And BTW, as you will soon see, your "glorious" N100 maybe is not as rock-solid as you think. I use one, too, but I do not complain about OpnSense.

3. What Franco told you between the lines is that there are known problems with current micorocode updates on N100 CPUs in FreeBSD, which manifest only on UFS setups, which you also deliberately chose over the recommended ZFS setup. Had you gone with ZFS, you would not have ended up in this spot in the first place.

4. What you should do before an upgrade to more current releases of OpnSense is pointed to here, #23.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
August 26, 2025, 01:33:22 AM #8
Ok.
1) N100 is not cheap for a home network.

2) all three tunables have been added.

3) and actually thank you I learned something. I thought you could only use zfs for raids, not for single drives so there's that.

I'll try to reinstall 25.7 with zfs over the weekend and do the tunables, then try to update 25.7.2. Thanks for helping a frustrated old man.
August 26, 2025, 02:46:26 AM #9 Last Edit: August 26, 2025, 02:52:02 AM by OPNenthu
The tunable to disable PCID (vm.pmap.pcid_enabled=0) is only needed in some cases, as it's off by default in recent versions of FreeBSD (since 13.2 apparently).  I guess it depends how long ago the system was installed.

OPNsense moved to the FreeBSD 13.2 base in 23.7 (Community) / 23.10 (Business).

The N100 was launched in January 2023, so if this bug is impacting then my guess is it falls into one of these scenarios:

- Early production unit with initial OPNsense install using pre-23.7 image.
- Transplanted OS disk from an earlier installed system, or installed with an earlier downloaded pre-23.7 image.
- Config import explicitly passing along the enabled tunable (vm.pmap.pcid_enabled=1)

That's one possible cause of UFS corruptions.

There are reports of earlier intel microcode causing issues as well and people have had luck with uninstalling the microcode and re-installing it afresh.  I'm not sure what that's about...
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 250GB | 4x 2.5GbE (I226-V)
Site 2 |  J4125 | 8GB | 1000GB | 4x 1GbE (I210)
August 26, 2025, 03:38:08 AM #10
Single user mode, start there. Look in the log files to see what's not happy.
A boot that leads to a reboot ........... hmmmmm, are there any .core files on the disk?

Did you happen to save a config before upgrading?
August 28, 2025, 09:13:55 AM #11
I would suggest to be more investigating and less criticizing. I have several of N300 (stronger version of N100) and for whole time only one issue with platform (not updating EFI bootloader) got me to unusable state. Every update smooth like hell. But if you want to raise problem and get feedback what to perform to solve issue phrases like "PLEASE FOR THE LOVE OF GOD!!!" wont help at all. Post screen, logs, console output etc. to get to the point and to get solution. If your box is sensitive to software issues, follow best practice of having 2 (they are cheap like hell) and setup either flow TEST and PROD, or HA to prevent your internet to be disconnected.
August 28, 2025, 12:24:34 PM #12
Well, to be fair I did post this after trying to work on this n100 for about 10 hours with no success. But yes, I did write this thread with a hot head so. Anyway, that being said, I did install the platform using zfs and putting those tunables in first and rebooting before upgrade. Went smooth without a hitch. Thanks for the link meyergru.
August 28, 2025, 08:42:36 PM #13
Hello,
could you please share what those "3 tunables" are and what you changed? I seem to be missing something. I also use N100 with ZFS any my attempts to upgrade failed 1 week ago - since I haven't heard of single user mode before and rolled back, I simply don't know.
August 29, 2025, 04:52:21 AM #14
I spent the day figuring stuff out for the N100 I have.  I moved from UFS to ZFS on a fresh install and was able to restore my config.  Here are the tunables and another idea that franco mentioned in a different thread:

N100 tunables
system>settings>Tunables
vm.pmap.pcid_enabled=0
hw.ibrs_disable=0
vm.pmap.pti=1
Also for N100:
Drop to the console and do
# pkg install os-cpu-microcode-intel

and reboot to activate...
# opnsense-shell reboot

(from https://forum.opnsense.org/index.php?topic=48343.0)
Print
Go Up Pages1 2
User actions