Upgrade pfsense CE 2.7.0 to 2.7.1
-
Try running the upgrade from the actual command line with:
pfSense-upgrade -d
That will show you more useful error output.
-
@stephenw10 Hi Stephen, yes I agree, hard to read, but I have been unsuccessful at uploading screenshots to this interface. I can run pfSense pretty well, and I think I will find my problem, I always have so far, but this interface is a little cumbersome.
So what image formats does this interface accept? Cut and paste certainly does not work, and I think I failed at trying to get png from a screenshot to upload. Please excuse me while I unzip my ignorance.
After all the years of posting here you'd think I'd have figured this out.
Roy
-
Hmm, just accepts most things I try (png, jpeg) but the rules could be more relaxed for admin users.
If not though you can always link to an image somewhere else.
Or alternatively show the outbound NAT rules from the /tmp/rules.debug file like:
# Outbound NAT rules (manual) nat on $WAN inet proto { tcp udp } from 192.168.54.0/24 to any -> 172.21.16.22/32 port 1024:65535 # Test # Outbound NAT rules (automatic) # Subnets to NAT table <tonatsubnets> { 127.0.0.0/8 ::1/128 192.168.22.0/24 172.25.10.0/24 192.168.251.0/25 } nat on $WAN inet from <tonatsubnets> to any port 500 -> 172.21.16.22/32 static-port nat on $WAN inet6 from <tonatsubnets> to any port 500 -> (em0) static-port nat on $WAN inet from <tonatsubnets> to any -> 172.21.16.22/32 port 1024:65535 nat on $WAN inet6 from <tonatsubnets> to any -> (em0) port 1024:65535
-
@reberhar copy/paste may need a certain number of upvotes? Stuff like changing signature does.
-
@SteveITS Link then ... I can understand why you might want to do that.
I have forum entries on different platforms. I just haven't spent enough time helping these good folks. I remember how confusing it was at first. Yet, pfSense has been worth the struggle. Now I watch the people I supervise struggle, but that's ok. Productive failures are good teachers.
Thanks for your help.
-
@reberhar said in Upgrade pfsense CE 2.7.0 to 2.7.1:
So what image formats does this interface accept? Cut and paste certainly does not work, and I think I failed at trying to get png from a screenshot to upload.
I always paste the screen shot into a paint program, clip / redact as required, save as a jpeg, then in the forum click on the picture icon to upload
-
@stephenw10 said in Upgrade pfsense CE 2.7.0 to 2.7.1:
pfSense-upgrade -d
Thank you.
[2.7.0-RELEASE][admin@pfSense.here]/root: pfSense-upgrade -d ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php" ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php" ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php" /usr/local/libexec/pfSense-upgrade: /usr/local/sbin/-repo-setup: not found Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: . done pfSense-core repository update completed. 4 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: ....... done Processing entries: Processing entries............. done pfSense repository update completed. 549 packages processed. All repositories are up to date. Upgrading -upgrade... pkg-static: illegal option -- u Usage: pkg upgrade [-fInFqUy] [-r reponame] [-Cgix] <pkg-name> ...
-
That is much more useful as real txt. I restored it back to that.
Ok so it looks like that lib error is the source of your problems there. Everything after that is caused by it. Do this.
Set the update branch back to 2.7.0 in System > Updates > Update Settings.
Then at the command line run:
pkg-static upgrade pkg
That will force pkg to downgrade back to the 2.7.0 version along with the cryptolib.
Once there make sure
pkg-static -d update
works.Now try setting the branch back to 2.7.1 and upgrading again.
Steve
-
[2.7.0-RELEASE][admin@pfSense.here]/root: pkg-static upgrade pkg
No active remote repositories configured. -
You set the branch to 2.7.0 first?
Oh you might need to run
pfSense-repo-setup
-
@stephenw10 said in Upgrade pfsense CE 2.7.0 to 2.7.1:
pfSense-repo-setup
I did. Looks like maybe a rebuild is in order?
[2.7.0-RELEASE][admin@pfSense.here]/root: pfSense-repo-setup
ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php"
ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php"
cp: /usr/local/etc/pkg/repos/.conf: No such file or directory
/usr/local/sbin/pfSense-repo-setup: /usr/local/sbin/-repoc-static: not found
failed to update the repository settings!!! -
Might be easiest/quickest.
What does
cat /etc/platform
show?If that doesn't show pfSense you can try setting it to that.
You could also try:
pfSense-repoc-static
-
@stephenw10 said in Upgrade pfsense CE 2.7.0 to 2.7.1:
pfSense-repoc-static
[2.7.0-RELEASE][admin@pfSense.here]/root: cat /etc/platform
pfSense
[2.7.0-RELEASE][admin@pfSense.here]/root: pfSense-repoc-static
ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "php"
pfSense-repoc-static: cannot read pfSense pkg prefix
failed to collect the system information. -
Hmm, I'd love to know how it's got into that state but installing 2.7.1 directly and restoring the config is going to be the fastest way back I think. If you're able to do that.
-
I will rebuild (already have 2.71 downloaded). I can tell you the steps I took to see if that sheds any light for you. Everything was working well prior to attempting the upgrade. Before I attempted the 2.7.1 upgrade, I updated all the packages that showed they were out of date. That included:
nmap
openvpn-clinet-export
pfBlockerNG
snort
LightSquidafter the upgrades, I attempted the 2.7.1 upgrade and it failed just like you've seen above, but then I started getting a bunch of php failures (specifically having to do with the LightSquid package). It seemed like one of the package upgrades impacted the php install and caused all of the problems we're seeing now. At least that is what it appears like to me. Thank you for your assistance.
-
@cclarsen said in Upgrade pfsense CE 2.7.0 to 2.7.1:
Before I attempted the 2.7.1 upgrade, I updated all the packages that showed they were out of date
That will break things, never do that. See my sig. Uninstall packages as suggested per the upgrade guide, or just upgrade and the upgrade will uninstall/reinstall for you.
-
This post is deleted! -
@Patch Thanks Patch ... I will try that. It has been somewhat frustrating to get some images placed on this site. If necessary I will just past a link.
-
-
@stephenw10 Hi Stephen,
So my update problem with my secondary servers appears to be DNS. In the unbound DNS resolver, If I include either WAN or localhost in the outgoing DNS window I get resolution on my secondary. I am including localhost. I had already included localhost in the Interfaces window, as per normal in my understanding, unless of course I got them reversed. pfBlockers windows tend to confuse the isse. I always thought that for the firewall to be able to access the Internet I need to put localhost in Network interfaces. Now I am wondering if I got them switched, that is if I need to put localhost in the outgoing window instead. As localhost is not an Internet port I am a little confused as to what is happening.
I have to think about this for a little while, run some tests, reresarch it, and understand it. Understanding is important. Just enabling things because they work is not recommended procedure.
Of course your wise input is always appreciated.
Roy
-
What did you have selected for outgoing interfaces when it was failing?