Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Install older version of Packages

    Scheduled Pinned Locked Moved General pfSense Questions
    38 Posts 5 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ericreiss
      last edited by

      Hello All:

      I was wondering if it is possible to install an older version of a package.

      I have a test environment on a PC and production environment on a Netgate 6100 MAX.

      I originally tried to install Squid 0.4.46 on the PC and was seeing some errors. I could not get it working reliably.

      I then installed Squid on the 6100 Max and had similar problems.

      I noticed others posting similar problems on the forum but I have not seen anything post describing the full working/reliability issue.

      So I am wondering if users are doing upgrades from the pervious version and not having all of the problems I have noticed.

      I would like to be able to install a previous version/package to see how it works then maybe do the upgrade and see if it keeps working.

      Is there any way to install a previous version of a package?

      Thank you,

      Eri

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @ericreiss
        last edited by

        @ericreiss said in Install older version of Packages:

        Is there any way to install a previous version of a package?

        Not to my knowledge. The closest I know of is to:

        • install pfSense 2.6
        • set its update branch to Previous Stable (2.6) so it isn't looking at 2.7 packages
        • install that package

        Note one can't restore config files from newer config versions: https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html

        Installing packages for a different version of pfSense may break pfSense.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        E 1 Reply Last reply Reply Quote 1
        • E
          ericreiss @SteveITS
          last edited by

          @SteveITS Thanks for the reply.

          I am currently running 23.05.1-RELEASE on both environments and have Snort, Tailscale and Wireguard.

          Everything is working very well and I am pleased with pfSense. We are new to using it.

          I don't really want to rollback the devices to an earlier version.

          I guess I will keep working through the issues and hope they get addressed.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, there is no way to install an older pfSense package, it would not match the running version.

            For some things you might be able to compile a FreeBSD pkg yourself and install but Squid is not one those things! It's huge and complex, I'd expect endless issues.

            What problem are you seeing?

            Steve

            E JonathanLeeJ 2 Replies Last reply Reply Quote 0
            • E
              ericreiss @stephenw10
              last edited by

              Hi @stephenw10,

              I had problem with the the Squid ERROR moessages and figured out how to copy the files from the templates folder when SSHed into the box.

              This was before I found that someone else had the same problem in this post:
              https://forum.netgate.com/topic/180262/23-05-squid-error-loading-file-9-usr-local-etc-squid-errors-en-err_zero_size_object-2-no-such-file-or-directory/8

              When that is fixed there is also a warning about DNS_v4_first regardless of the "Resolve DNS IPv4 First" setting being turned off on the main Squid config page.
              ERROR: Directive 'dns_v4_first' is obsolete.

              These seem to be minor things.

              The bigger problem I see is that the "Transparent HTTP Proxy" setting does not work. I had to point my windows client to the pfSense on that (same LAN subnet) to get it to work at all.

              But the real problems are that I have ClamAV configured and I had "HTTPS/SSL Interception" set with a self signed Cert created with the Certificate Manager and put that in the Trusted Root CA of my Windows Test PC.

              I had the ClamAV working when I tested with an EICAR file two weeks ago.

              It shows in the logs.

              d04abced-955e-4040-8a81-1afbe412e228-image.png

              But that is not working now and I keep seeing erratic behaviour.

              In that thread I put a link to above, Pete-wright wrote "i have a system running 23.01 with the older squid pkg and it is working fine, but an identical config on a 23.05 system and squid is pretty much non-functional. it's pretty frustrating to be honest."

              My installs (PC and Netgate 6100 MAX) are doing the same thing. They are new setups. The PC I started at the opensource version before getting a token and moving to the Netgate 23.01 stream and updated to 23.05 then on Friday 23.05.1.

              The reason I had asked about older versions is I am thinking others who are updating their firewall and Squid, already had an older version of Squid working and they are doing upgrades and it is working.

              But on a fresh install of pfSense and then Squid 0.4.46, something is not working correctly.

              I am having odd behaviour and non-repeatable results.

              If these other things like the ERROR message templates and the DNS setting are not working, I am wondering if there are other things wrong causing new installs to not work and masked by users doing upgrades.

              I have tried to work through this slowly.

              1. Not worry about ClamAV just get Squid working, by turning ClamAV off
              2. Not worry about HTTPS just get HTTP working (Althought there are not many HTTP sites left out there to test with)

              My interest is to be able to blacklist and whitelist sites, not really in the caching of content and then if we can do AV at our network border in addition to on our computers.

              I am open to any suggestions or help to step through this piecemeal to try to determine where there might be a problem if it is not something in my settings.

              I just remember there is a setting:
              "Keep Settings/Data" which I unchecked, then removed the Squid Package, rebooted, reinstalled Squid Package and my settings were all there.

              I figured out how to deleted when SSH-ed in after uninstalling the package. On a reinstall of the Squid Package, my settings were then wiped as I wanted.

              So that setting does not seem to work correctly either.

              E 1 Reply Last reply Reply Quote 0
              • E
                ericreiss @ericreiss
                last edited by

                Also, this link from Netgate is what I followed to wipe the Squid settings:

                https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Hmm, OK, these were both fresh installs? I have test boxes here running Squid/Squidguard but I think they were all upgraded. It sounds like something was lost from the pkg...

                  E 1 Reply Last reply Reply Quote 0
                  • E
                    ericreiss @stephenw10
                    last edited by

                    @stephenw10 Yes fresh installs. Had not used pfSense before as an admin. I setup the PC which you helped me with the Activation Token after adding two dual network cards to previously. I was using the PC as a development environment while we were determining what Netgate model to buy.

                    So the PC came first and I have been using it to test things before doing them on the NEtgate 6100 MAX which was just delivered a week or two ago.

                    Both were at Release 23.05 before ever installing Squid for the first time. So the Squid install was new, not an upgrade.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Mmm, OK I see the language issues here. Digging...

                      E 1 Reply Last reply Reply Quote 0
                      • E
                        ericreiss @stephenw10
                        last edited by

                        @stephenw10 To reproduce the DNS log ERROR, I think if you have Squid Enabled, and the "Resolve DNS IPv4 First" unchecked on the main settings page.

                        Then on the AntiVirus tab, disable the Antivirus and Save.

                        I think that will trip the Error message in the Log.

                        It just did it for me.

                        RE-enabling the AV and saving does it too.

                        E 1 Reply Last reply Reply Quote 1
                        • E
                          ericreiss @ericreiss
                          last edited by

                          @stephenw10 HAve you had time to dig into this Squid issue any further?

                          Thanks.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Not yet. There is already a bug report open for the missing languages issue: https://redmine.pfsense.org/issues/14406

                            E 1 Reply Last reply Reply Quote 0
                            • E
                              ericreiss @stephenw10
                              last edited by

                              @stephenw10 Yes I saw that from the other tread. And you can just copy the files and get the ERROR messages to go away. I am more concerned that there is a potential bigger problem.

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Yes, I understand. We need to know what caused that though, there's a good chance these things have the same root cause.

                                E 1 Reply Last reply Reply Quote 0
                                • E
                                  ericreiss @stephenw10
                                  last edited by

                                  @stephenw10 OK, Thanks.

                                  E 1 Reply Last reply Reply Quote 0
                                  • E
                                    ericreiss @ericreiss
                                    last edited by

                                    @Pete-wright and @JonathanLee you might want to follow this thread relative to your Squid conversation.

                                    1 Reply Last reply Reply Quote 0
                                    • JonathanLeeJ
                                      JonathanLee
                                      last edited by

                                      My Squid and Squidguard packages are working great as of now. Again I am running patches that are now part of this new version as well as the adapted error files.

                                      Does any of this occur?
                                      https://redmine.pfsense.org/issues/13984

                                      These patches on that Redime are now part of the new Squid and Squidguard versions. I am running SSL intercept and transparent at the same time and utilize custom options. Thank you Marcos for fixing all of those issues for us.

                                      What are your error logs showing?

                                      Make sure to upvote

                                      E 1 Reply Last reply Reply Quote 0
                                      • E
                                        ericreiss @JonathanLee
                                        last edited by

                                        @JonathanLee In general, Squid and ClamAV are not working. I fixed those ERROR Templates just as you did, I had not ready your thread. I was also seeing the DNS first error even thought it is unchecked.

                                        I am not running Squidguard which is a difference from your setup.

                                        And these are clean installs. I did not have an earlier version of Squid installed.

                                        I went from pfSense CE 2.7.0 to pfSense 23.01 then 23.05 on a PC and on a Netgate 6100 MAX from pfSense+ 223.01 to 23.05.

                                        Squid 0.4.46 was a clean/new install.

                                        Those patches should be incorpated as you mentioned since I only recently installed.

                                        stephenw10 is looking into it.

                                        JonathanLeeJ 1 Reply Last reply Reply Quote 0
                                        • JonathanLeeJ
                                          JonathanLee @ericreiss
                                          last edited by

                                          @ericreiss I have seen the DNS first error for many years. It's a warning. IPv4 first is outdated or something. They just want you to have IPv6 now. Don't stress that one.

                                          Make sure to upvote

                                          E 1 Reply Last reply Reply Quote 0
                                          • E
                                            ericreiss @JonathanLee
                                            last edited by

                                            @JonathanLee Thanks Jonathan.

                                            Sorry I did not repond sooner, I had short notice Thursday evening to drive down to our office (1.5 hour one way drive) for Friday to test our newly installed 100G symmetric Fiber installation and in stall the Netgate pfSense 6100 MAX.

                                            The 6100 MAX worked like a champ. I had a little issue with a WIFI router I loaned them with DD-WRT firmware as I am trying to convince my boss about the benefits of using it of Lionksys' firmware.

                                            When I returned home and checked it that night, I was able to Tailscale VPN and Wireguard VPN in to manage it.

                                            Love the pfSense.

                                            Then I had a busy weekend personal stuff.

                                            Regarding the DNS v4 first issue, I liked Stephenw10's reply about the Template and DNS v4 first having possible root cause problems causing the other problems I was having.

                                            Looking forward to seeing it working reliably be the other packages and pfSense have been great.

                                            Thanks.

                                            ~Eric

                                            E 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.