Upstream how far? Beyond the local network? Between the jail/client and the FreeBSD servers? Or between the jail/client and the gateway (before the internet is involved)?
Anywhere between the jail/client and the FreeBSD servers.
Presumably, the real concern is an attacker who has that level of control inside your local network.
2 Likes
Thanks - thatās the one.
We are not sharing all details since that might then be a āhow toā guide for attackers. Weād like to focus on having the extended Community update first. Ideally, the updates happen without anyone using the vulnerability.
Anyone went to 13.3-U1 already? Issues?
None - uneventful update.
3 Likes
When I verify the PGP signature for the 13.3-U1 iso then I get an āInvalid signatureā error. The sha256 hash checks out. Also the 13.0-U6.3 PGP signature and hash checkout.
I just upgraded from TrueNAS 13.0-U6.2 to TrueNAS13.3-U1 based on the recommendation from this announcement.
I am running jails and one VM, and while my jails seem to be working fine, I am not able to access VNC in order to start my VM, as I need to access the boot file under VNC. Currently, I see a āConnecting ā¦ā message and shortly after the display remains black.
What are my options?
Try a VNC client instead of the builtin NoVNC.
I installed RealVNC and upon connecting I get the āThe connection closed unexpectedly.ā.
What else should I try?
I have noticed the following:
- Under VM Device VNC settings, I have āvnc_port: 6484ā
- However, under TrueNAS13.0-U6.2, noVNC is using port 6384.
- If I use RealVNC and with port 6484 I did get dialog about unencrypted connection, however I ws still getting the black window. At that time, the VM seemed to have crashed and couldnāt restart it.
I have now restarted my system under the TrueNAS13.0-U6.2 environment and just proceeded with the update to TrueNAS13.0-U6.3.
I now have my VM working again with both noVNC on port 6384 and RealVNC on port 6484 working.
Iāll try again TrueNAS13.3-U1, but if I am unsuccessful, I will have to stay with TrueNAS13.0-U6.3.
It appears the GPG signature for 13.3-U1 is invalid. The checksum displayed matches the download, but GPG verification fails. I downloaded the .iso and .gpg file twice, with the same result.
The signature on 13.0-U6.3 is fine, though.
Well, since I have to build it myself due to missing i915 sysctl for correct passthrough for bhyve I donāt really care 
I verified the signature and figured out the issue. It was done against the wrong ISO, and I am sorry about that. I have fixed the signature. You can redownload it.
5 Likes
I am a fairly new user here, partly because I have had so few problems.
I have been using TrueNAS-13.0-U3.1 for a couple of years now without incident. It is a fairly simple setup booting from a pair of mirrored NVMeās with 4 2TB drives in a mirrored pool and using 16GB of RAM. It is a simple file server with Plex running in a jail. I depend on it for all the shared files and archived media on my network.
Frankly I donāt want to mess with things and have to start all over so I am hesitating about installing updates. The release notes are heavy on features but short on tutorials and instructions. Are there any links to material that might be helpful, or should I just keep on with the status quo until the machine reaches EOL?
If it is working okay and you donāt need any changes, you are just missing the security updates and bug fixes.
It probably depends on how many clients are using the machine and can you trust them to not attack your NAS. If there is any Internet access to the system or clients, these risks are greatly amplified.
We have to assume Enterprise and University environments where there could be many threats and some valuable data. So, we have to provide the defensive tools.
Upgrading within a release versionā¦ 13.0-U3 to 13.0-U6.x is low risk if the later version has been out for a few weeks and issues can be reported.
Is anyone else missing screen since 13.3 or am i alone?
I know that at least tmux is still available but i realy like using screen in ssh-sessions and Tmux is my constant guest on the right screen on localhost 
,
Itās just a bit irritating, or maybe the most that the muscle memory tends to call for screen and it ALWAYS fails 
.
I assume you mean shell/ CLI access?
It was deprecated in favor of direct ssh accessā¦
I would assume he really does mean screen. The SCALE analog is tmux.
Maybe tmux is used in CORE as well?
1 Like
Webuiā¦ hah!!! No i of course meant screen
cb@asterix ~ % ssh nas
Last login: Sat Nov 30 11:15:51 2024 from 10.10.2.8
FreeBSD 13.3-RELEASE-p4 n257491-41f6a830f8e TRUENAS
TrueNAS (c) 2009-2024, iXsystems, Inc.
All rights reserved.
TrueNAS code is released under the modified BSD license with some
files copyrighted by (c) iXsystems, Inc.
For more information, documentation, help or support, go here:
http://truenas.com
Welcome to TrueNAS
Warning: the supported mechanisms for making configuration changes
are the TrueNAS WebUI and API exclusively. ALL OTHERS ARE
NOT SUPPORTED AND WILL RESULT IN UNDEFINED BEHAVIOR AND MAY
RESULT IN SYSTEM FAILURE.
root@nas ~ # command -v screen
1 root@nas ~ # command -v tmux
/usr/local/bin/tmux
root@nas ~ #