There are a number of points that the boot can actually hang or appear to hang that indicate different issues.
If restoring the config appears to break it it's probably a bad console setting that makes it appear to hang.
the version of ssh that comes with pfsense will be the one that is included with freebsd. When freebsd updates their version, then pfsense will update. Yeah its a bit dated.. Complain to freebsd about that ;)
I had the same issue on a SG4860-1U AFTER a cold shutdown. I reimaged the netgate appliance and it worked fine, rebooted and shutdown properly and everything was fine. When I pulled the power cable, got this error all of again. It seems the appliance cant withstand cold shutdowns. I am using a twins SSD, not sure if that is related.
Mysteriously, if I usie the power button as opposed to pull the cord for a cold shutdown, the issue doesnt happen. If I pull the damn cord, I need to reimage the device. Noticed it started happening after 21.05 upgrade, but I didnt cold shutdown on 21.02 though
@dominikhoffmann Thank you! You saved me a lot of GTS searching. I even dusted off an external DVD burner thinking that might help, somehow....but nope. Redid the USB several times (even though I just used it on another generic miniPC). Thankfully I found your post!
Good question, from my understanding it should be fixed in 2.5.2-RELEASE hmmm.
Anyway, I Re- downloaded the 2.5.2 Image from Netgate to be sure that I have a recent Image. Its not a "Big Deal" cause I have always a actual config file but if the recovery would work it would save some time ... 😏
The installer will delete any existing partitions. The only time I'm aware of that it won't do that is if you have an existing geom mirror defined. It will install into that instead.
If you use the default options you should never see the above error. You would only see that if you removed the default configured root partition and do not add another one.
You might hit that if, for example, you remove the swap partition and want to re-create root to fill the space.
OK, closing out this thread and linking it to another. The root cause of the problem I reported is that on the MBT board, the ZFS module combined with the i915 HDMI module exhausts the available EFI staging area. I don't fully understand the details, but thanks to help from @stephenw10 the solution is relatively simple: just reinstall pfSense and use UFS for the file system rather than ZFS. I have confirmed this works with CE 2.5.1.
If you want to see additional details, this thread has more information.
So glad that this issue can finally be put to bed!
I ran a number of APU2 devices on ZFS.
The memstick method was successful but slow,
so I created my own dd image (via ubuntu live disk).
and then used Etcher to create new SD Cards in order build the rest of the APU2 devices.
For anyone finding this in future, I am glad to report that my router upgrades were successful (thank you pfSense team and contributors).
I did have to go from 2.4.4_3 to 2.4.5_1 first (on both the 7100 and the 3100). After the upgrade, I did not touch any of the plugins, changed the update branch to latest and rebooted again (just to be sure).
Then I was able to go from 2.4.5_1 straight to 21.05 and it even then upgraded all the plugins to the latest for me.
It did take me several hours because I had two routers to do, I had CARP failover and IPSec tunnels and I waited to make sure none of my alerting systems went crazy. But the actual upgrade process was suprisingly and refreshingly straight forward without any drama.
I wouldn't expect you to have to run an upgrade more than once. It may have updated the pkg repo itself and then found newer packages. It should have just done that without requiring any interaction though.
When it says The process will require 4 MiB more space. that just means the updated packages will be 4MB larger than before the update. That's expected and not filesystem space issue.
yeah, Brother is a Dev Op i think the name he gave me lol. Not that high up myself but he brags about pfsense and his machine. I started with a 2100 for a small office and I need a second office up. Did not had this issues with my first one but this one.. i see is going to make me learn. An eye opener for sure, like you said -> Definetly will be ready for any future problems. Thank for reply
@bingo600 thanks Bingo. So it appears the issue is, the pfSense-CE-2.5.2-RELEASE-amd64.iso.gz file is automatically uncompressed when downloading on a Mac. I just see the ISO and had not noticed the filename during the download (which was as per your reply, pfSense-CE-2.5.2-RELEASE-amd64.iso.gz.
I can simply burn the ISO - too easy.
Thanks for taking the time to reply, it's much appreciated!
@o51@Gertjan Comparing pfsense, which is a networking solution, to Windows or MacOS is not correct. I built for the last 30 years networking devices using Linux as the base OS and they always restarted regardless of how bad the previous shutdown was (unless a real hardware failure occurred). And that is what the expectation should be; a network device (and for that matter any embedded device) are expected to survive any soft failure (including cutting the power cord abruptly) including during upgrade.
I have 10 or more VMs here. And also various physical servers. After a bad power outage they all went back online, as they should, except for the 4 pfsense VM that I use as routers. The 4 of them died in the same fashion; filesystem corruption. Luckily, I was able to retrieve the latest config.xml and redo the 4 installations from scratch. Not fun, I lost 1/2 day. And not expected for something like pfsense.
The only way to make device, like routers, resilient is to have the main filesystem read-only (like squashfs or equivalent), get everything that is disposable (log, etc.) into a ram disk or alternate read-write filesystem (which would be reconstructed at boot time if necessary) and everything that you must not lose in yet another filesystem and have multiple copies. Overlays file system make all this painless. The beauty with pfsense is that everything is in 1 file. Super easy. (I presume there is a fail save mechanism when writing the XML file).
IIUC, nano was not exactly that but it is a pity that it was cancelled rather than evolved toward a real networking resilient software stack.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.