Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    All interfaces down after upgrade from 2.5.2 to 2.6

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 5 Posters 910 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      ddepaolis
      last edited by

      Hi all, I've a PFSense 2.5.2 (FreeBSD 12.2-STABLE) running on a virtual machine in a VMWare Cloud Director platform.
      I planned upgrade to 2.6 version. After reboot, system began the extraction and installation of new packages.
      After extraction of package "perl5-5.32" they appeared messages:
      /bin/sh/makewhatis: not found
      pkg-static: POST-INSTALL script failed

      Then it continued extraction of other package correctly, till number 40: php74-pear-net-socket when they appeared other warning messages related to unavailabity of dinamic libraries "ldap.so" and "intl.so"(unable to load this libraries).

      Then the upgrade continued without other unusual messages and it completed.
      But when I tried to ping other hosts on same subnet from PFSense CLI I received always timeout; same when I tried to ping default gateway on WAN.

      For now I had to do a rollback to previous 2.5.2 through a VMWare snapshot.
      These're optional packages installed on my PFSense:

      • haproxy;
      • mailreport;
      • snort;
      • ntopng;
      • OpenVMTools;
      • openVPN-Client-Export;
      • zabbix-agent

      Thanks for any suggestion or help !

      S S 2 Replies Last reply Reply Quote 0
      • S
        Saqqara @ddepaolis
        last edited by Saqqara

        Instead of an upgrade, backup your existing system, do a full reinstall of PFSense 2.6 and restore your backup

        It maybe zabbix-agent causing the issue

        D 1 Reply Last reply Reply Quote 0
        • D
          ddepaolis @Saqqara
          last edited by

          @saqqara
          Well this could be the easier solution, but this PFSense is in a production environment and timeout time should be minimum possible. I updated two other PFSense firewalls from 2.5.2 to 2.6 version without any problem; but they're both on physical machines...
          So upgrade of this virtual machine is the better solution to reduce timeout time. This version 2.5.2 has been installed from scratch at its time.

          1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @ddepaolis
            last edited by

            @ddepaolis I seem to also remember posts about the Zabbix package but don't recall which version had trouble.

            In general Netgate recommends removing packages when upgrading. Snort/Suricata and pfBlockerNG-devel leave their settings behind during an uninstall.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            bmeeksB 1 Reply Last reply Reply Quote 0
            • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
            • bmeeksB
              bmeeks @SteveITS
              last edited by bmeeks

              @steveits said in All interfaces down after upgrade from 2.5.2 to 2.6:

              Snort/Suricata and pfBlockerNG-devel leave their settings behind during an uninstall.

              One small tweak to the statement quoted above in case someone comes across it in the future--

              Snort/Suricata and pfBlockerNG-devel leave their settings behind during an uninstall unless the user clears the check box to retain settings when uninstalling.

              For Snort and Suricata that checkbox is on the GLOBAL SETTINGS tab and it is checked by default (meaning settings are retained when the package is uninstalled). When the box is cleared (not checked), all existing settings are cleared when the package is uninstalled.

              The idea for this logic is that typically users don't want to lose their settings when temporarily removing the package. There can be several reasons for uninstalling and then installing again without losing settings. But if you do want to uninstall and start over with a new install on a completely clean slate, then you have that option available. Also, should you no longer wish to have the package installed, you can uninstall it and have it clean out everything including settings.

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @bmeeks
                last edited by

                @bmeeks said in All interfaces down after upgrade from 2.5.2 to 2.6:

                unless the user clears the check box

                Thanks for catching that...I meant to write that but it's just me here today and I got a few phone calls while writing that post. :)

                Since reading Netgate's suggestion a few years ago I have always uninstalled Snort/Suricata and pfBlockerNG-devel when upgrading. Otherwise the upgrade process tries to uninstall/reinstall all packages on the fly, as I understand it. And re: Zabbix, I want to say the package names changed or something? I don't use Zabbix so didn't pay much attention but I recall several posts, if the OP wants to search the forum.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Since it's a VM you can spin up a new instance, install 2.6 clean, import your old config and make sure it loads cleanly. Then swap it into place. If there are issues just swap back.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • D
                    ddepaolis
                    last edited by

                    Thanks all for replies; I'm planning to do a test setting up another PFSense 2.5.2 in same VMWare environment. With same packages and same configurations (importing them). Then I uninistall packages like Snort and NtopNG, and I'll do upgrade to 2.6 version to verify the behavior.

                    As my actual PFSense manages 6 public IPs (set as Virtual IPs on WAN interface) it's not so quick "move" them from a PFSense to another one.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.