23.09 disaster; reverted to 23.05 and multiple problems
-
Netgate 4100. Been running fine on 23.05. Made the mistake of updating to 23.09, where nothing worked correctly (due to URL download error, but I didn't know a patch was available). Tried installing 23.09 from memstick (binary provided by TAC). That didn't work. Set IP address for LAN, but device wouldn't respond at the assigned address. TAC provided binary for 23.05. Installed, then restored latest backup.
Here's the problem: pfb_dnsbl, pfb_filter, and snort will not start.
Reinstalled snort; still won't start. Reinstalled pfBlockerNG_devel; neither pfb_dnsbl nor pfb_filter will start.
Got an error reinstalling pfBlocker:
ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php"
pkg-static: DEINSTALL script failed
ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php"
pkg-static: POST-INSTALL script failed
Have no idea what that means or why I would even get that error, since (presumably) I'm running the same pfsense with the same configuration that ran just fine for the past many months.Company has been operating without a firewall since Sunday, a violation of our contract with a particularly sensitive client. Sure could use some help... Thank you.
-
@rloeb Did you maybe install 23.05 then install packages from 23.09? That can pull in “future” libraries or code. Change the branch per my sig.
On the down side once it’s been done I don’t know if there’s a way to recover other than reinstall clean.
-
@SteveITS I believe you're on target. I figured that restoring the backup from 23.05 would set that correctly, but it may not have. Unfortunately, there's no way I can recover other than start over, again.
This time, I'm going to get 23.05 running and immediately upgrade to 23.09, then restore the configuration.Incidentally, I attempted to recover by setting System/Update/Update Settings, which did show 23.09, back to 23.05. That didn't work, so I tried to upgrade to 23.09, and that failed, too. Strange messages...
>>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: . done pfSense-core repository update completed. 5 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: .......... done Processing entries: Processing entries............. done pfSense repository update completed. 726 packages processed. All repositories are up to date. >>> Upgrading -upgrade... failed.edit: code box added so can read text by mod.
-
@rloeb Forum deleted the message text because it was considered spam. Strange. Here's a file containing the messages. Netgate 4100 upgrade error messages.txt
-
@rloeb said in 23.09 disaster; reverted to 23.05 and multiple problems:
Forum deleted the message text because it was considered spam
No it didn't it just got hidden with formatting, I put it in a code box so you can see it.
If your going to paste up text, especially if has characters that are used for mark up - its good to put it inside code box
I didn't have any issues upgrading to 23.09 from 23.05.1 - while I don't use snort, and while I do have pfblocker installed and being used, I don't use the dnsbl functionality.
For future.. Get an image from tac, before you do anything. Also good idea is you should have your last current version install available as welll (normally from the last time you did an upgrade) Take a backup of your config, I like to console in so can watch the upgrade while it happens..
if for whatever reason something goes horrible wrong, you should be able to get back to working in a few minutes. Also you should of just been able to rollback to your zfs image.. This is one of the + version features that can be a life saver in a production setup.
edit: I can prob clean some of these up ;)
-
@johnpoz Thank you. I attempted to boot to the previous environment and got a boatload of error messages. Not sure why, but it may be because the repository now showed 23.09 and the reversion caused some of the applications to reinstall, possibly to the wrong version. There's a problem related to a missing "libcrypto.so.30"
-
@rloeb Now running, sort of, on 23.09. Installed firmware from memstick and finally got running.
-
You just installed the 23.09 image directly? What was different to when you initially tried to do that?
