UI lockout after 26.1 upgrade

Started by RutgerDiehard, January 29, 2026, 03:12:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 29, 2026, 03:12:30 PM
I've just completed the 26.1 upgrade from the last version of OPNsense.

I watched the first reboot by checking ping responses and then reconnected to the UI.

Shortly after I have lost all connectivity, even when sat on the same LAN. SSH is not responding.

I assume this is firewall rule related. How can I reset the rules from console to restore access?
January 29, 2026, 03:19:58 PM #1
Any console output? Wouldn't assume anything without info. Rules behaviour hasn't changed.


Cheers,
Franco
January 29, 2026, 03:36:46 PM #2
Continuous

netmap_transmit igc3 drop but that needs checksum


January 29, 2026, 04:27:16 PM #3
Sounds like intrusion detection or Zenarmor active? Not sure if this is the issue, but it can cause traffic drops.


Cheers,
Franco
January 29, 2026, 04:44:29 PM #4
Well that was quite a scary upgrade!

Luckily I had a snapshot but foolishly overwrote the snapshot with another attempt at an upgrade.

Franco, you are quite right, I do have Zenarmor installed but don't use Suricata.

The interfaces that netmap_transmit was flooding the logs alternate between igc3 and igc5. Just so happened to be the ones Zenarmor protect.

After the upgrade, I managed to access the UI from another interface and checked Zenarmor. It was complaining that I seem to have enabled hardware offload - I can guarantee I hadn't!

Anyway, what fixed everything was changing "VLAN Hardware Filtering" from "Leave default" to "Disable VLAN Hardware Filtering"
January 29, 2026, 05:13:30 PM #5
We changed the location of the hardware disables in the config.xml... I assume Zenarmor is still reading the old one.

We did, however, flip the default for "Disable VLAN Hardware Filtering".  I'm not sure if there is a bug in the migration but I'll take a look for sure.

I'll move this to the Zenarmor forum for more visibility.


Cheers,
Franco
January 29, 2026, 05:21:36 PM #6
Can you send me the diff shown in System: Configuration: History for the latest "run_migrations.php" change?  Best via mail to franco AT opnsense DOT org.


Thanks,
Franco
Today at 09:20:31 AM #7
I've moved this topic back to 26.1 now that we know there's a problem with some people's migrations but not sure why yet.

If you can please run

# pluginctl -g OPNsense.Interfaces.settings
# pluginctl -m

And if the first one is empty and the second one shows an error grab the migration error from the system log please.


Cheers,
Franco
Today at 09:48:19 AM #8
Code Select
root@OPNsense:~ # pluginctl -g OPNsense.Interfaces.settings
{
    "@attributes": {
        "version": "0.0.0",
        "persisted_at": "1769701369.97",
        "description": "Global interface settings"
    },
    "disablechecksumoffloading": "1",
    "disablesegmentationoffloading": "1",
    "disablelargereceiveoffloading": "1",
    "disablevlanhwfilter": "1",
    "disableipv6": "0",
    "dhcp6_norelease": "0",
    "dhcp6_debug": "0",
    "dhcp6_duid": "",
    "dhcp6_ratimeout": "10"
}
root@OPNsense:~ # pluginctl -m
*** OPNsense\Interfaces\Settings migration failed from 0.0.0 to 1.0.0, check log for details
I've checked the system logs for errors around the time of the upgrade and there is nothing relating to "migration".

Today at 11:06:12 AM #9
Coming from this PPPoE connection timeout thread, I've tried the above commands and got nothing for the first one, with indication of migration problems in the second. Here's the (hopefully) relevant log output when it happened:
Code Select
2026-01-30T01:45:00 Notice kernel <118>[25] *** OPNsense\Interfaces\Settings migration failed from 0.0.0 to 1.0.0, check log for details
2026-01-30T01:45:00 Notice kernel <118>[25] Migrated OPNsense\Firewall\DNat
2026-01-30T01:45:00 Notice kernel <118>[25] Migrated OPNsense\IDS\IDS from 1.1.1 to 1.1.2
2026-01-30T01:45:00 Error config #2 {main} )
2026-01-30T01:45:00 Error config #1 /usr/local/opnsense/mvc/script/run_migrations.php(54): OPNsense\Base\BaseModel->runMigrations()
2026-01-30T01:45:00 Error config #0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(939): OPNsense\Base\BaseModel->serializeToConfig()
2026-01-30T01:45:00 Error config Stack trace:
2026-01-30T01:45:00 Error config   in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:814
2026-01-30T01:45:00 Error config Model OPNsense\Interfaces\Settings can't be saved, skip ( OPNsense\Base\ValidationException: [OPNsense\Interfaces\Settings:dhcp6_norelease] Value should be a boolean (0,1).{yes}
Today at 11:17:16 AM #10
Print
Go Up Pages1
User actions