Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ISC DHCP (and OpenVPN) update

    Scheduled Pinned Locked Moved DHCP and DNS
    21 Posts 8 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RobbieTTR
      RobbieTT @johnpoz
      last edited by RobbieTT

      @johnpoz said in ISC DHCP (and OpenVPN) update:

      @RobbieTT not sure how your could of been current, I just ran it this morning and pulled the 3 updates. Did you run "upgrade"?

      As said, I just did this:

      [23.09-RELEASE]/root: pkg update
      Updating pfSense-core repository catalogue...
      Fetching meta.conf:   0%
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      Fetching meta.conf:   0%
      pfSense repository is up to date.
      All repositories are up to date.
      [23.09-RELEASE]/root: 
      

      I presumed that would tell me if something needed to be updated. I have now run pkg upgrade - I had 5 updates.

      ☕️

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @RobbieTT
        last edited by johnpoz

        @RobbieTT said in ISC DHCP (and OpenVPN) update:

        I have now run pkg upgrade - I had 5 updates.

        yeah its not the same as with say apt, where after you run an update it tells you there are actually upgrades available.

        root@i9-win:/home/user# apt update
        Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
        Hit:2 https://developer.download.nvidia.com/compute/cuda/repos/wsl-ubuntu/x86_64  InRelease
        Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
        Get:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
        Hit:5 https://ppa.launchpadcontent.net/isc/bind/ubuntu jammy InRelease
        Hit:6 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy InRelease
        Hit:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
        Fetched 229 kB in 1s (272 kB/s)
        Reading package lists... Done
        Building dependency tree... Done
        Reading state information... Done
        1 package can be upgraded. Run 'apt list --upgradable' to see it.
        root@i9-win:/home/user#
        

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @johnpoz
          last edited by

          @johnpoz said in ISC DHCP (and OpenVPN) update:

          yeah its not the same as with say apt, where after you run an update it tells you there are actually upgrades available.

          Didn't understand at first, but now I get it : that's must be an Ubuntu gadget.
          I'm running the original OS here : example : one of my backup MX servers :

          root@mail2.bhf.fr:~# apt-get update
          Hit:1 http://deb.debian.org/debian bullseye InRelease
          Hit:2 http://deb.debian.org/debian bullseye-updates InRelease
          Hit:3 http://deb.debian.org/debian bullseye-backports InRelease
          Hit:4 https://security.debian.org/debian-security bullseye-security InRelease
          Reading package lists... Done
          root@mail2.bhf.fr:~# apt-get upgrade
          Reading package lists... Done
          Building dependency tree... Done
          Reading state information... Done
          Calculating upgrade... Done
          The following packages were automatically installed and are no longer required:
            linux-image-5.10.0-23-amd64 linux-image-5.10.0-24-amd64
          Use 'apt autoremove' to remove them.
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          

          My OS :

          root@mail2.bhf.fr:~# cat /etc/debian_version
          11.8
          

          also called Bullseye.

          So 'my OS' behaves as a FreeBSD.

          Note the : apt-get update does what it does : it updates [something].
          Not the system, software or packages, but the system's packages cache with contains only the name and some other minimal info./
          apt-get upgrade will do the actual "compare installed with available" and propose an action.

          @johnpoz said in ISC DHCP (and OpenVPN) update:

          Maybe he forgot the PSA: in front of his title.

          Impossible. Don't even know what PSA means.
          But confident that I will very soon ^^
          If you think it's needed : please do.

          I was just posting here because not everybody knows that there is more then what the pfSense packages GUI interface shows us.
          There is a script here somewhere on the forum that executes a apt update for you (cron it), and mails you when updates are available - GUI packages included. Even if there is an pfSense upgrade.

          For the less luck among us : no, please, don't upgrade "openvpn" remotely ;)

          And no, these don't auto install, as that would mean that pfSense could upgrade itself, which is a big nono, something that was mentioned already on the forum.

          @RobbieTT said in ISC DHCP (and OpenVPN) update:

          I do have all patches applied

          The GUI Patches package ?
          That one can only modify GUI 'text file' (mostly PHP) files.
          "Patches" can't change binary files like pfSense (FreeBSD) packages.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Gertjan
            last edited by johnpoz

            @Gertjan said in ISC DHCP (and OpenVPN) update:

            But confident that I will very soon ^^

            https://encyclopedia.thefreedictionary.com/Public+Service+Announcement

            apt-get is a bit different than just apt update ;)

            root@NewUC:/home/user# apt-get update
            Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
            Hit:2 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease
            Hit:3 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease              
            Hit:4 http://us.archive.ubuntu.com/ubuntu jammy-security InRelease               
            Hit:5 https://ppa.launchpadcontent.net/isc/bind/ubuntu jammy InRelease           
            Reading package lists... Done                              
            root@NewUC:/home/user# 
            
            root@NewUC:/home/user# apt update
            Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
            Get:2 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
            Get:3 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease [109 kB]                 
            Get:4 http://us.archive.ubuntu.com/ubuntu jammy-security InRelease [110 kB]                 
            Hit:5 https://ppa.launchpadcontent.net/isc/bind/ubuntu jammy InRelease
            Get:6 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1,212 kB]
            Get:7 http://us.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1,185 kB]
            Get:8 http://us.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1,010 kB]
            Get:9 http://us.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [224 kB]
            Fetched 3,968 kB in 2s (1,632 kB/s)                       
            Reading package lists... Done
            Building dependency tree... Done
            Reading state information... Done
            3 packages can be upgraded. Run 'apt list --upgradable' to see them.
            root@NewUC:/home/user# 
            

            My point was just running pkg update - prob isn't going to show you or tell you or actually upgrade anything.. It will tell you if it found updates to its list of stuff. But if its current, it won't tell you hey there are X number of things in my list that need to be upgraded.. It just updates the list ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @michmoor
              last edited by bmeeks

              @michmoor said in ISC DHCP (and OpenVPN) update:

              Its been explained to me but im just not getting it.
              So these updates here are different then whats in system patches?
              Are these updates pulling from the pfsense repo or from freeBSD?

              The System Patches package only patches the PHP source files that make up the pfSense GUI. System Patches cannot patch binary executable files. Those are precompiled and must be installed by the pkg utility.

              For example, dhcpd is a precompiled binary executable that must be installed by the pkg utility. The precompiled binary is pulled down from the pfSense pkg repo appropriate for your pfSense version. But the pfSense GUI creates the text-based configuration files the dhcpd binary uses to load its configuration. The GUI creates those files using interepreted PHP.

              System Patches applies a diff patch to PHP source code files using the matching patch utility. The GUI on pfSense is written in PHP. PHP is an interpreted language. That means the code is not precompiled. Instead, the text-based PHP source code modules are loaded into the PHP binary interpreter program and then compiled and executed on-the-fly.

              M 1 Reply Last reply Reply Quote 1
              • M
                michmoor LAYER 8 Rebel Alliance @bmeeks
                last edited by

                @bmeeks Ah ok got it.
                So when do the binaries get updated then? When i install a new version of pfsense?

                Also, because its pulled into the pfsense repo i assume its safe to upgrade pkgs that require it. Is that right?

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                bmeeksB 2 Replies Last reply Reply Quote 0
                • bmeeksB
                  bmeeks @michmoor
                  last edited by bmeeks

                  @michmoor said in ISC DHCP (and OpenVPN) update:

                  o when do the binaries get updated then? When i install a new version of pfsense?

                  Generally, yes. But it depends on the binary and whether or not it's in a dedicated package. For example, when a Snort or Suricata update is available many of those carry binary updates along with them. Nearly all packages consist of both binary and GUI parts with the GUI parts written in PHP. The binary pieces are pre-compiled executable code.

                  But core binaries used on pfSense such as the dhcpd daemon, unbound, and others pretty much only come with new pfSense versions. Or that was the case in the past. I think some changes are just starting as it appears there is a move to split some pfSense core pieces out to individual packages that are easier to update. I believe that is just getting going with the recent release. For example, in the past if an update was needed for the DNS Resolver, unbound, then the issuance of a new pfSense version was required because unbound was included in the big bundle of pfSense core components and you could not easily update it.

                  1 Reply Last reply Reply Quote 0
                  • bmeeksB
                    bmeeks @michmoor
                    last edited by

                    @michmoor said in ISC DHCP (and OpenVPN) update:

                    Also, because its pulled into the pfsense repo i assume its safe to upgrade pkgs that require it. Is that right?

                    Anything you install from the pfSense repo associated with your current pfSense version is safe and compatible. Folks get themselves into trouble by not being on the current RELEASE version of pfSense before updating some optional package they installed. Package binary pieces are compiled against whatever is the "current" version of pfSense.

                    1 Reply Last reply Reply Quote 1
                    • S
                      SteveITS Galactic Empire @michmoor
                      last edited by

                      @michmoor AFAIK the System Patches package is only PHP or other non binary changes. It applies a +/- patch to change text in a file.

                      Tbh I wasn’t aware until last month one could update binaries between pfSense releases but the DHCP fix was mentioned in the Redmine for that. (It wasn’t available the next day). I assume (?) they are slipstreaming it in for anyone who hasn’t upgraded yet.

                      I also saw a reference in Redmine to 23.09.1 so presumably that’s not far off.

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      M 1 Reply Last reply Reply Quote 1
                      • M
                        mcury @SteveITS
                        last edited by mcury

                        curl 8.5 released, it is already available through pkg update and pkg upgrade
                        https://curl.se/changes.html#8_5_0

                        It is a very big release notes.. Already updated here.

                        Two vulnerabilities fixed:
                        low
                        medium

                        But, it is not clear to me if these apply to pfSense use case or if you should update it.

                        dead on arrival, nowhere to be found.

                        GertjanG 1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @mcury
                          last edited by

                          @mcury

                          pfSense 23.09.1 (and pfSense 2.7.2 CE) uses the pfSense (Netgate) repositories.
                          So, if Netgate incorporated these upgrades into the pfSense repository, then you can be pretty sure they are meant to be used.

                          Installed packages to be UPGRADED:
                                  curl: 8.4.0 -> 8.5.0 [pfSense]
                          

                          So, its console time, option "13" or option "8" and then

                          pkg update
                          pkg upgrade
                          

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 2
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.