23.09.1 to 24.03 - upgrade fails

stephenw10

Hmm, is that actually a 2GB eMMC? Try running geom disk list

You may need to reinstall that as UFS if so. Or add an m.2 SSD.

04CC40

@stephenw10

Here's the output:

Geom name: da0
Providers:
1. Name: da0
   Mediasize: 3825205248 (3.6G)
   Sectorsize: 512
   Mode: r1w1e2
   descr: Generic Ultra HS-COMBO
   ident: 000000225001
   rotationrate: unknown
   fwsectors: 63
   fwheads: 255

At some point I considered adding an M.2 but there are no local stores that sell the older non-NVMe and I'm not located in one of those places where one can simply log into the superstore and get a cheap one with free shipping...

stephenw10

Ah, yes that's one of the early ones with small eMMC. I suspect you may have SWAP enabled taking up some of that space.

I'm slightly surprised you were able to install ZFS on that. the installer usually won't allow it. I'd also be concerned about the write life on what must be an old drive.

I recommend reinstalling 24.03 using UFS and removing the SWAP partition during the install. I would also enable RAM disks to minimise the drive writes until you're able to install an SSD.

04CC40

@stephenw10 I like it and I'm surprised it's made it this far (it was a hand-me-down, even survived the recall), but I think I'd rather spend that money towards a new 1100 or 2100. In the meantime I can stay at 23.09.1. Thanks for all the help.

SteveITS

@04CC40 you could check lifetime with https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html#emmc

04CC40

@SteveITS Gave it a shot, no dice:

[23.09.1-RELEASE][crapmin@pfSense.home.arpa]/dev: mmc extcsd read /dev/da0
open: Permission denied

Gertjan

@04CC40 said in 23.09.1 to 24.03 - upgrade fails:

crapmin

crapmin isn't allowed to do admin stuff.
crapmin is not admin.

stephenw10

That won't work on the SG-2220 anyway because the eMMC is USB connected (da0). That can only read the detailed eMMC info when the controller is directly attached (mmcsd0).

I would still reinstall it as UFS with RAM disks if I had that. ZFS itself creates significantly more drive writes.

04CC40

@stephenw10 Do I need to ask for the iso via support and reinstall via USB for this?

04CC40

@Gertjan crapmin has failed upwards to attain su privileges, not bad for a non-IT guy...

Gertjan

@04CC40 said in 23.09.1 to 24.03 - upgrade fails:

crapmin has failed upwards to attain su privileges

I get it.
On a game / file / content server, it's good practice to create non admin users for the ordinary users.

But pfSense is not a server. It's a firewall router. It doesn't share 'content' with people.
You, an admin, only connects to it when you need to change a setting. That's an admin task.
The task probably needs admin rights anyway to set some 'OS' (FreeBSD) network setting.
Ordinary "don't know nothing about anything users" don't need a user account on pfSense. They have nothing to do on pfSense.

And because there are always possible exceptions : if you use a captive portal with user/password accounts, then you can add these to System> User Manager and remember that for each of them you have to set their 'right' like "Can only visit the portal login page".

edit : good security on pfSense : make the GUI only accessible on the LAN.
All other users, the ones you don't trust : create a second LAN, called OPT1, and have them use that LAN/OPT1. On this interface, block ssh and webgui access.
Now, your pfSense is secured, and they can only try to access the pfSense GUI (or SSH) if they have physical access to the pfSense LAN interface.

To protect the SSH access even further :

and create certificates, so SSH access will need this certificate.

The webgui : use a password generator, and have it go wild on you.

stephenw10

@04CC40 Yes you need the recovery image. The new Net Installer will work fine on the SG-2220 but if you want to remove the SWAP partition at install you should use the legacy installer.

04CC40

@Gertjan VLAN's, rules and a silly Bitwarden password are in place. "crapmin" was just some self-deprecating humor.