Problems after Netgate 1100 Can't Update from 23.05.1 to 23.09
-
I upgraded my second device and had no problems at all.
Previous 23.05.01 update had trashed the second device and I had to reinstall using the tac image so I assume it was "clean"
both devices seem to be fine now and report the correct versions, the ipsec tunnel was still working regardless of the state of the packlages
I would have to say it took alot longer than i expected , possible approaching 30 minutes
I did capture a partial log using putty / serial connection to the second device, everything I saw upgradedI captured this message at the end of the install which may be informative to some , i saw another post about problems with openvpn after upgrade .
Message from boost-libs-1.82.0_1: -- You have built the Boost library with thread support. Don't forget to add -pthread to your linker options when linking your code. You may need to manually remove /usr/local/etc/strongswan.conf if it is no longer needed. ===== Message from strongswan-5.9.11_1: -- The default strongSwan configuration interface have been updated to vici. To use the stroke interface by default either compile the port without the vici option or set 'strongswan_interface="stroke"' in your rc.conf file. ===== Message from php82-gmp-8.2.11: -- This file has been added to automatically load the installed extension: /usr/local/etc/php/ext-20-gmp.ini ===== Message from openvpn-2.6.5: -- Note that OpenVPN now configures a separate user and group "openvpn", which should be used instead of the NFS user "nobody" when an unprivileged user account is desired. It is advisable to review existing configuration files and to consider adding/changing user openvpn and group openvpn. ===== Message from dhcpcd-10.0.2: -- The default FreeBSD kernel does not allow userland to provide IPv6 Prefix Routes when the kernel is handling Router Advertisements. The default dhcpcd configuration will disable the kernel from handling Router Advertisements. See http://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194485 for a patch.
-
That OpenVPN message is expected. The new pkg prints that to the console when it's upgraded.
Those PHP errors are probably from before the upgrade was completed. As long as you're not seeing those after upgrading all pkgs and rebooting that shouldn't be an issue.
-
@ctowne uh oh :-(
I tried to login via ssh - login worked, but no sudo.
Then I ranpkg-static info -x pfsense
via the "Diagnostics / Command Prompt" UI and got the same output as @stephen-betts
pkg-static upgrade
however, first asked for confirmation "Continue? [y]" - which I couldn't respond to via the UI.
I tried again withpkg-static upgrade -y
(hoping it would automatically answer "yes" to such prompts - it didn't)
but it did time out and I got a "bad gateway" error.and now I seem to have entered the valley of doom :-(
All done via {pfsense-host}/diag_command.php
pkg-static info -x pfsense pfSense-23.05.1 pfSense-Status_Monitoring-php82-1.8_3 pfSense-base-23.09 pfSense-boot-23.09 pfSense-composer-deps-0.1 pfSense-default-config-serial-23.05.1 pfSense-kernel-pfSense-23.09 pfSense-pkg-aws-wizard-0.10 pfSense-pkg-ipsec-profile-wizard-1.1_1 pfSense-repo-23.09 pfSense-repoc-20230912 pfSense-u-boot-1100-20220428 pfSense-u-boot-2100-20210930_1 pfSense-u-boot-env-20230123 pfSense-upgrade-1.2_6 php82-pfSense-module-0.95 pkg-static upgrade Updating pfSense-core repository catalogue... pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package repository pfSense-core has no meta file, using default settings pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package repository pfSense has no meta file, using default settings pkg-static: An error occured while fetching package pkg-static: An error occured while fetching package Unable to update repository pfSense Error updating repositories!
... but the SG1100 IS still running and I am still connected to the net... for now.
And to make it all that much more fun, I'm going on holidays on Monday (which is a good thing!)
Thanks for helping!
-
You should be able to run that with
-y
there. But it would be much better to use the real command line. You can't ssh in as admin? -
@stephenw10 :-(
I think it's dead Jim :-(
Years ago I set up a second user and was able to do everything that way, including ssh key etc. i.e. never use "admin/admin"
I don't have an ssh key for admin - and when I try to ssh as admin I just get "admin@{pfsense host}: Permission denied (publickey)"
Now the front-end is dead too - I got the login screen but now I tried to login as admin and just get "502 bad gateway" since then (it's been about 30 minutes now).
But I can still ssh in with my "other" (non-admin) user.
Just, nosudo
andsu
just replies with "su: Sorry"I recently did a full re-install (my SG1100 was one of the ones that needed the full firmware upgrade) and still have my configuration backup but I deleted the install image (since it all went so well at the time )
So, "contact support, get a fresh re-install image"?
I'm thinking that's beginning to sound like my only option... sigh -
If you installed ZFS you can probably just roll back the BE.
-
@stephenw10 hhmm....
as non-admin... (as I said, ssh is the only thing I have left)
% bectl list BE Active Mountpoint Space Created auto-default-20230910233855 - - 693M 2023-09-10 23:38 auto-default-20231108132804 - - 855M 2023-11-08 13:28 default NRT / 3.46G 2023-02-10 22:00
I just read that a snapshot is made just before an upgrade (https://docs.netgate.com/pfsense/en/latest/backup/zfsbe/gui.html)
So... I could do a
bectl activate auto-default-20231108132804
and reboot?
I only found docs for the GUI or "interrupting the boot process" (via JTAG/USB?) -
Yup exactly that. Or you can select the BE from the loader menu by pressing option 8, then:
+---- Welcome to Netgate pfSense Plus ----+ __________________________ | | / ___\ | 1. Back to main menu [Backspace] | | /` | 2. Active: zfs:pfSense/ROOT/default (1 of 3)| / :-| | 3. bootfs: zfs:pfSense/ROOT/default | | _________ ___/ /_ | | | | /` ____ / /__ ___/ | | | | / / / / / / | | | | / /___/ / / / | | | | / ______/ / / _ | | | |/ / / / _| |_ | | | / /___/ |_ _| | | | / |_| | | | /_________________________/ +-----------------------------------------+
-
@stephenw10 ok - here goes...
if I don't come back, I'm offline ;-)
-
short story: after several failed attempts at booting from old BE backups, I'm back on
default
and everything seems to have cleared up.long story:
from the old BE images it boots, but the GUI is dead:
Both backup images showed an unresponsive menu and a red error message:
"local/www/head.inc, Line: 535, Message: Uncaught TypeError: count: Argument #1 ($value) must be of type Countable|array, bool given in /us/local/www/head.inc:535 Stack trace: #0 /us/local/www/index. php(309): include0) #1 (main) thrown
I then switched back to the default image and I can log in again (as admin).
pkg-static seems to think it's all OK, at leastpkg-static info -x pfsense
says I'm on 23.09-RELEASE andpkg-static upgrade
also says I'm up-to-date.So to sum up: booting from the BE images did not work, but after a few round trips, I seem to be back on track after booting into the default environment again.
Anyway, thanks for your help
Time for a holiday, no more updates until after I get back
-
@hoopy said in Problems after Netgate 1100 Can't Update from 23.05.1 to 23.09:
pkg-static upgrade
I forgot to mention, I don't have SSH enabled, and that I connected to the console to run pkg-static upgrade. I hope that didn't contribute to any extra work. I did attempt to enable SSH when in was in the half updated state but it would not work (I was also missing /etc/rc.initial). After fully updating with pkg-static upgrade the file is now there. Next chance I'll get I'll enable SSH and try to login.
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html
-