@munson Was there anything in the logs about why it wasn't starting?
Did you try backup/save your config, reset to factory defaults, then try to upgrade?
How about going through steps in the Upgrade Troubleshooting guide?

I don't think that I've seen a lot of failures like you're saying.

@mer The only reason I suggested this was I ran into a similar issue a few weeks ago on an SG-2100 and I've also seen it reported for the SG-1100. I don't know if it's an aarch64 specific issue or not.

The main advantages of ZFS are stability and features such as native compression, mirroring, snapshots, etc. Some things we don't take full advantage of quite yet in pfSense.

ZFS isn't really known for its performance, but filesystem speed on a firewall isn't critical compared to stability. It also has increased memory requirements compared to UFS, which is why it's not ideal for certain platforms (e.g. 32-bit ARM, systems with low RAM).

When the time comes, take a fresh local backup (just in case), then boot the install media and choose "recover config.xml", then install, pick ZFS, select the drive(s), and go on from there. It will boot back up with your existing configuration in place, reinstall your packages, and be back up and running as it was before.

So I'm upgrading again today from 21.02 to 21.05 and I'm having this issue again. I'm actually pretty confident this has happened every time I upgrade this box from the GUI. Has there really been no one else having this issue?

@fsc830 Packages can't fully reinstall if the boot after the main image upgrade fails.

This was my problem after the 21.02 to 21.02.2 upgrade.

The firmware update applied BUT then the firewall core dumped and it never got to the point that packed would auto update. I had to disable PFB and reboot for the packages to update.

The root cause of all this instability is the PHP bug apparently and the patch provided is not a long-term solution but a temp workaround.

Well that was strange... On the SG-1100, I reviewed the IPSEC VPN config and it all looked right, but the tunnel still wouldn't come up. So, I just re-saved the phase 1 and phase 2 configs and then the tunnel came up.

The moral of the story is: power cycle before applying this update and be ready to kick your IPSEC VPN.

@steveits

I have a Teamviewer connection to a pc on the network the pfsense box resides. i can hit the web gui or ssh from there. That's it...

That was the issue.

Now I know I'm not crazy.

I have my FW on a Virtualbox VM with an Immutable disk, last time I was on site I tried updating to 2.5.0 and something went wrong, it froze, so I manually restarted it, the thing is, it seems I forgot to set the drive to Immutable time ago, but it still stayed at 2.4.5_p1 after the update failed.

Time went by and last week I started having VPN issues. I've logged in to check, and it was updated to 2.5.1!

I had to get an image when it was 2.4.4 set to update to the DEPRECATED channel, updated to 2.4.5_p1 and set it to immutable. Let's see what happens.

@kom Indeed I agree Kom. There is a site wide network infrastructure upgrade about to commence and I will add the UPS requirement into those works.

Thanks again for your input. Take care.

@jknott said in 2.4.5p1 ISO too large for CD:

@rosmaniac

Are there any computers that can't boot from USB, but can still run a current version of pfsense?

Yes, the Dell SC1425 I'm working on has trouble with USB booting and only has a CD drive. Fully 64-bit, even though it's old.

@stephenw10 That is such awesome news! Thank you for answering my question. I look forward to being able to migrate to pfSense Plus. :)

Thanks again Stephenw10.

@pzanga I just encountered the same problem dusting off an old SG-2220 that I hadn't used in nearly two years (due to divorce). After doing the factory reset I couldn't get any packages and I speculated it was due to not being able to do a successful update. I had already done this but came here to post this as the solution and here it was.. the solution was right here for me all along.

Just wanted to drop the note here this is a very valid path and that it is still relevant.

Yup upgrading at the console will give you far more error output.

You can also try running pkg -d update. That will show even more error output if there are issues reaching the update repo.

Steve

It's hard to recommend using Rufus, I've seen that fail many times. Usually because it's not being used in bit-for-bit mode (dd).
I would always use Etcher which only writes full images and is available for, almost, any OS.

Steve

Nice find! That seems to have resurrected my XTM800 too.

There are fan control values in the BIOS. It doesn't go super quiet though, it's a power hungry box. 😉

WGXepc should detect the hardware but I never found a way to set the LED on that board (despite looking for a long time!) and the fan control in the BIOS was 'good enough' for me. You do need a VGA console to access it though which is a PITA. Might be possible to add it.

Steve

@steveits
I didn't see that, will take a look, thank you very much.

Yeah the documented upgrade and backup procedures are pretty good: https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html

Takes you through the whole thing...backup....removing packages...etc.

The mounting word concerns me...you're not mounting anything. The backup is a big fat xml file with all the settings. It just downloads to your desktop or wherever.

Obviously if you've got a ton of boot images or something else critical on tftp, copying the files themselves off is a necessity.

The restore is pretty easy. Get the machine up from a blank state, click through the setup webpages quick, load the packages, then shove in the config file. Reboots, then poof you're all set generally; just re-upload the tfpt stuff after.

After a discussion with support I decided my new upgrade procedure will be:

Download img for current install version (if I don't already have it). Download img for new release. Backup my config. Run the upgrade from the console. If it is successful -> done If it fails install the img from the new release with the retain config option. If the new img is successful but the config failed restore the config from backup. If the new img install fails do #6/7 using the old img.

Determining what is successful can be subjective or could take a while to realize. Fortunately our firewall configuration is somewhat static so we can run on a new release for a while and still roll back relatively easily.

For major releases (21.02) I'm leaning towards going directly to a img install on those.

@jared-busch said in Downgrade to 2.5.0:

Great, they have it, but nothing on that screen shows anything related to older versions. Who, besides you, wastes time clicking around on unrelated links?

I would guess any "Linux Professional" would use that URL to get a shasum file to verify the download. On linux the file is easy to use for veriify.

Curiosity doesn't just kill cats , it can also expand your knowledge.

@mdreon Sure. Open a ticket at go.netgate.com and let us know you need the latest firmware download for an SG-4860 and the serial number.

@trickyt I am not running ZFS. There is a specific installer for this class of equipment, you will want to follow the instructions and links from here: https://docs.netgate.com/platforms/minnowboard/pfsense-dual-ethernet.html

Choose the USB image and VGA and AMD64 architecture.

I would back it up and try to upgrade, and only wipe it if necessary. But that's just me.

@vjizzle Any time I upgrade, I have at hand:

backup image to reinstall if necessary current copy of config.xml telnet session open to the console phone with Internet in case thing go totally sideways

@bwales said in Upgrade not available:

the other on 2.4.4. The device on 2.4.4 does not show that an upgrade to 2.4.5 is available.

Hi,

Version 2.4.4 is quite old, do not neglect your firewall...
I would save and request a fresh image from Netgate, everything else is harder way 😉

+++edit:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

Especially since you will be covered by version 21.02.xy (FE to Plus)

@rrauenza said in upgrade options from 2.4.5p1 catch 22:

@kom Can't contact their support without an account. I don't see a way to make an account.

"To open a ticket, go to the Ticket Portal, create an account, then submit your ticket."

There is no create account option. There is a phone number... so I guess I can try that tomorrow.

Those of us who purchased hardware but not a support contract are in a grey area of non support but entitled to the plus releases?

You do not have to actually have an account (nor create one) in order to obtain an image. Put in your email address and the serial number of your appliance. They will respond with a link and instructions very quickly.

I know the page makes it seem like you need an account, but you do not for obtaining images. You would need an account for one-on-one technical support stuff.

@ptt Thanks. I'm so Sorry

Just as an FYI to anyone else finding this post, I ended up doing a backup and then a new re-install to the latest version. Imported my backup and I'm good to go with no more errors being seen.

@patosawa
Possibly you can install the screensavers from the proper FreeBSD project and activate them: FreeBSD Manual Pages > Screensaver

However, non of them will be able to shut off the display. You can use blank screen at best, which will not provide any notable power savings.

As mentioned, shutting off the screen is a hardware feature and usually notebooks do this when closing the lid. Possibly you can get a BIOS upgrade which has this ability.

@kasheem What hardware are you running this on? It needs to be 64-bit for 2.4.0

@gertjan

Thanks for all that. I do make it a point to watch several tuts and read discussion groups about things before plunging in. I got it all set up and working, now I'm trying to learn to tweak it by assigning an IP address.

pfSense is running smoothly now, haven't had any problems in the last day or two. Thanks for everyone's help!!

@balanga Dont. 2.4.5p1 is the last stable release

ok, put in new NIC card and all is well.

@gertjan Yes but no problem with fresh install. Very strange !

Further to this issue, FYI the same problem did not present again, when later upgrading from pfSense v2.5.0 to the quickly following update v2.5.1, instead successfully progressing and completing without incident and all appears to be working without issue after update completion.