Upgrade 2.70 to 2.72
-
Thanks Steve,
I am going to hand over to my colleague who is working on this problem !
Thanks!
-
-
I 2nd this posting..
for the first time in my usage of pfsense, i've been having problems. everything up to 2.7 went without a hitch.. all very quiet and effortless.
in the 3 boxes that i've updated from 2.7 to 2.7.1, (over these past couple of weeks) i've had wipe out each one and install everything from scratch.
i'm on 2.7.2 at home, but again, i attempted the update the other day and it broke. one broke from updating pfblockerng-dev, after the update, the box would no longer boot.
i woudn't have updated to 2.7.2 but the 2.7.2 update came so quickly after 2.7.1 i figured they identified the issue and it was a quick release.. turns out it was to address a long standing zfs bug.
either way, there seems to be quite a few people speaking up about having various stability problems.
i'm trying the 2.7.2 version now and we'll see how it goes. i noticed during a speed test this morning i wasn't getting the throughput i had before.. but that may not have anything to do with it.
either way, a user pointed me out to accessing previous builds.. so if this turns out to be a dud i'll wipe it all out again and go back to 2.7.
it's shocking and disappointing.. upgrades until now have been effortless.
-
@jc1976 said in Upgrade 2.70 to 2.72:
I 2nd this posting..
for the first time in my usage of pfsense, i've been having problems. everything up to 2.7 went without a hitch.. all very quiet and effortless.
in the 3 boxes that i've updated from 2.7 to 2.7.1, (over these past couple of weeks) i've had wipe out each one and install everything from scratch.
i'm on 2.7.2 at home, but again, i attempted the update the other day and it broke. one broke from updating pfblockerng-dev, after the update, the box would no longer boot.
i woudn't have updated to 2.7.2 but the 2.7.2 update came so quickly after 2.7.1 i figured they identified the issue and it was a quick release.. turns out it was to address a long standing zfs bug.
either way, there seems to be quite a few people speaking up about having various stability problems.
i'm trying the 2.7.2 version now and we'll see how it goes. i noticed during a speed test this morning i wasn't getting the throughput i had before.. but that may not have anything to do with it.
either way, a user pointed me out to accessing previous builds.. so if this turns out to be a dud i'll wipe it all out again and go back to 2.7.
it's shocking and disappointing.. upgrades until now have been effortless.
same here. Today I spend whole day...and finaly go back to 2.7.0 :(
-
Upgrading from 2.7.1 or 2.7.0?
In either case it would be better to install 2.7.2 clean if you have some issue upgrading.
-
that's what i ended up doing.. just downloading 2.7.2 and doing a fresh reinstall from scratch. but if it's this problematic i may do it all again back with 2.7. everything worked fine with that one, dunno what's going on. hopefully netgate isn't going by way of microsoft in that they're more interested in ramming 'features' or useless junk down our throats instead of just fixing the bugs and leaving well enough, alone.. i can't afford to have an unreliable firewall and this is the first time pfsense hasn't been for the most part bulletproof..
-
@Jake-Biker at least your system rebooted.. all 3 of mine wouldn't boot after the update.. seemed to be a conflict between pfsense 2.7.2 and pfblockerng-dev. i also run squid to have clamav scan unencrypted traffic and supposedly they're depricating it. a user created his own script that would update squid/clamav to the latest version and would be compatible with 2.7.2.. i dunno what netgate is doing to pfsense to lose compatiblity with these packages.
-
Upgrades from 2.7.2 to whatever's next are much more likely to be error free than coming from 2.7.0. I would still recommend being on 2.7.2 if only for that reason.
-
@jc1976 said in Upgrade 2.70 to 2.72:
conflict between pfsense 2.7.2 and pfblockerng-dev
I suggest uninstalling pfBlocker before upgrading pfSense, and reinstalling (per the upgrade guide).
@jc1976 said in Upgrade 2.70 to 2.72:
i dunno what netgate is doing to pfsense to lose compatiblity with these packages
Unfixed security issues:
https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software -
@SteveITS
Hi, so if you have squid package installed on 2.7.0 you can not update to 2.7.2?
Because it says it has no update on stable 2.7.2 branch... weird...
Thank you. -
No, you can upgrade to 2.7.2 just fine and Squid will still be present.
[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pkg search squid lightsquid-1.8_5 Light and fast web based squid proxy traffic analyser pfSense-pkg-Lightsquid-3.0.7_3 pfSense package Lightsquid pfSense-pkg-squid-0.4.46 pfSense package squid pfSense-pkg-squidGuard-1.16.19 pfSense package squidGuard squid-6.3 HTTP Caching Proxy squidGuard-1.4_15 Fast redirector for squid squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later squidclamav-7.2 Clamav c-icap service and redirector for Squid
At some point we will probably have to remove Squid from our repo because the known security issues in it will make nonviable. Unless they are fixed perhaps.
-
@stephenw10
Hi, thanks for replying .
But then why is it looking like this? What can I try to force the upgrade?
-
@mdalacu try this:
https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting -
@SteveITS said in Upgrade 2.70 to 2.72:
https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting
Thanks for the heads up. I will try it in weekend and report back.
Regards! :-) -
Yup coming from 2.7.0 you probably need to run
certctl rehash
as shown there. -
I run the pkg-static -d update, it gave the following log. Do anyone here have any ideas about the problem in upgrading we met?
Shell Output - pkg-static -d update
DBG(1)[35712]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[35712]> PkgRepo: verifying update for pfSense-core
DBG(1)[35712]> PkgRepo: need forced update of pfSense-core
DBG(1)[35712]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[35712]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf
DBG(1)[35712]> curl_open
DBG(1)[35712]> Fetch: fetcher used: pkg+https
DBG(1)[35712]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.confDBG(1)[35712]> CURL> attempting to fetch from , left retry 3
-
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 2 -
Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
-
Trying 208.123.73.207:443...
-
Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 1 -
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg01-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
pkg-static: An error occured while fetching package
DBG(1)[35712]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.txz
DBG(1)[35712]> curl_open
DBG(1)[35712]> Fetch: fetcher used: pkg+https
DBG(1)[35712]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.txz
DBG(1)[35712]> CURL> attempting to fetch from , left retry 3
-
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg01-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 2 -
Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg00-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.207:443...
-
Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 1 -
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg01-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
pkg-static: An error occured while fetching package
repository pfSense-core has no meta file, using default settings
-
-
@tommyn said in Upgrade 2.70 to 2.72:
SSL certificate problem: self-signed certificate in certificate chain
Yup that error is what running
certctl rehash
solves. -
@stephenw10 Yes, that was it!
I have managed to upgrade it directly from 2.7.0 to 2.7.2 without any apparent issue.
Thank you Stephen for you help!