Upgraded to 23.09; no internet access
-
After three days of agony, I think I've got 23.09 running, except for the URL download fix. HOWEVER, I cannot reach the Internet from a browser. pfsense can reach the Internet, so I'm guessing that the lack of URL downloads for my blocklists is restricting access, although that is not showing in either Snort or pfBlockerNG. How do I temporarily get around this? [May be obvious, but my brain is frazzled with what it took to just get this far...]
-
@rloeb I think I have this fixed now...maybe.
-
@rloeb said in Upgraded to 23.09; no internet access:
lack of URL downloads for my blocklists
If that's the URL alias bug you can apply the patch from https://redmine.pfsense.org/issues/14947 (a6cf534d0fa0297547f1e587a12729f9d7066bae) or try using URL Table aliases.
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
@SteveITS Thank you. Applied patch. Expected it to be found in the Patch package.
This bug cost my company three days of excruciating effort and operation without a firewall (in violation of our contract with a specific client). We upgraded to 23.09 on Sunday and immediately encountered the download error, making the firewall inoperable. (We download several passlists, e.g., Amazon, Google, Akamai, etc., so we can block everything else. Without those lists, the firewall blocked almost everything.)
We tried reverting to 23.05.1, which failed, probably because we had already downloaded 23.09 versions of multiple packages. (Basically, once the repository is set to 23.09, any attempts to download for an earlier version fail, regardless of what is set in System|Update|Update Settings.) I won't bother to bore you with the rest of the many efforts ...
Bottomline: in my opinion, not updating the release version to handle the URL download bug as soon as it was discovered was irresponsible. Alternatively, posting a highlighted message informing everyone about the problem and pointing directly to the fix. That problem cost us thousands of dollars, disrupted our business, and seriously tarnished Netgate's reputation, both with us and our clients.
-
@rloeb I usually wait a week or two while lurking in the forums. (which I do a lot anyway)
System Patches requires a package update to see new patches so they seem to bunch them up a bit, perhaps with internal testing from comments I've seen. I expect it would be there if you check in a week or two.
Valid point about a "known issue" message in the release notes. Most bugs don't break things that badly but in this case it could greatly impact access depending on how one's rules were set up.
-
@SteveITS Thank you for acknowledging that a more aggressive notification would have been appropriate.
-
Yes, it wasn't known at release but it could certainly be there now....
