Upgrade 2.70 to 2.72
-
@Jake-Biker at least your system rebooted.. all 3 of mine wouldn't boot after the update.. seemed to be a conflict between pfsense 2.7.2 and pfblockerng-dev. i also run squid to have clamav scan unencrypted traffic and supposedly they're depricating it. a user created his own script that would update squid/clamav to the latest version and would be compatible with 2.7.2.. i dunno what netgate is doing to pfsense to lose compatiblity with these packages.
-
Upgrades from 2.7.2 to whatever's next are much more likely to be error free than coming from 2.7.0. I would still recommend being on 2.7.2 if only for that reason.
-
@jc1976 said in Upgrade 2.70 to 2.72:
conflict between pfsense 2.7.2 and pfblockerng-dev
I suggest uninstalling pfBlocker before upgrading pfSense, and reinstalling (per the upgrade guide).
@jc1976 said in Upgrade 2.70 to 2.72:
i dunno what netgate is doing to pfsense to lose compatiblity with these packages
Unfixed security issues:
https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software -
@SteveITS
Hi, so if you have squid package installed on 2.7.0 you can not update to 2.7.2?
Because it says it has no update on stable 2.7.2 branch... weird...
Thank you. -
No, you can upgrade to 2.7.2 just fine and Squid will still be present.
[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pkg search squid lightsquid-1.8_5 Light and fast web based squid proxy traffic analyser pfSense-pkg-Lightsquid-3.0.7_3 pfSense package Lightsquid pfSense-pkg-squid-0.4.46 pfSense package squid pfSense-pkg-squidGuard-1.16.19 pfSense package squidGuard squid-6.3 HTTP Caching Proxy squidGuard-1.4_15 Fast redirector for squid squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later squidclamav-7.2 Clamav c-icap service and redirector for Squid
At some point we will probably have to remove Squid from our repo because the known security issues in it will make nonviable. Unless they are fixed perhaps.
-
@stephenw10
Hi, thanks for replying .
But then why is it looking like this? What can I try to force the upgrade?
-
@mdalacu try this:
https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting -
@SteveITS said in Upgrade 2.70 to 2.72:
https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting
Thanks for the heads up. I will try it in weekend and report back.
Regards! :-) -
Yup coming from 2.7.0 you probably need to run
certctl rehash
as shown there. -
I run the pkg-static -d update, it gave the following log. Do anyone here have any ideas about the problem in upgrading we met?
Shell Output - pkg-static -d update
DBG(1)[35712]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[35712]> PkgRepo: verifying update for pfSense-core
DBG(1)[35712]> PkgRepo: need forced update of pfSense-core
DBG(1)[35712]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[35712]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf
DBG(1)[35712]> curl_open
DBG(1)[35712]> Fetch: fetcher used: pkg+https
DBG(1)[35712]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.confDBG(1)[35712]> CURL> attempting to fetch from , left retry 3
-
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 2 -
Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
-
Trying 208.123.73.207:443...
-
Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 1 -
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg01-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
pkg-static: An error occured while fetching package
DBG(1)[35712]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.txz
DBG(1)[35712]> curl_open
DBG(1)[35712]> Fetch: fetcher used: pkg+https
DBG(1)[35712]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.txz
DBG(1)[35712]> CURL> attempting to fetch from , left retry 3
-
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg01-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 2 -
Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg00-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.207:443...
-
Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
DBG(1)[35712]> CURL> attempting to fetch from , left retry 1 -
Couldn't find host pkg01-atx.netgate.com in the .netrc file; using defaults
-
Hostname pkg01-atx.netgate.com was found in DNS cache
-
Trying 208.123.73.209:443...
-
Connected to pkg01-atx.netgate.com (208.123.73.209) port 443
-
ALPN: curl offers http/1.1
-
CAfile: none
-
CApath: /etc/ssl/certs/
-
SSL certificate problem: self-signed certificate in certificate chain
-
Closing connection
pkg-static: An error occured while fetching package
repository pfSense-core has no meta file, using default settings
-
-
@tommyn said in Upgrade 2.70 to 2.72:
SSL certificate problem: self-signed certificate in certificate chain
Yup that error is what running
certctl rehash
solves. -
@stephenw10 Yes, that was it!
I have managed to upgrade it directly from 2.7.0 to 2.7.2 without any apparent issue.
Thank you Stephen for you help!