pfSense® Plus software version 24.03-RELEASE is here! 🥳

sandie · Apr 23, 2024, 9:40 PM

Just upgraded:
6100 Max - all went fine and took only few minutes.
7100 DT - all went fine, for unknown reason this took nearly 15 minutes. I started to worry significantly, but all looks good.

Interesting things:
a) for the unknown reason on 6100 Max had to do "tailscale login" - otherwise tailscale was not starting. 7100 DT had no troubles and I did not have to do "tailscale login". Both routers have non-expiring keys, so I do not understand 6100 tailscale problem :)
b) I had custom patch applied in 7100 DT (https://forum.netgate.com/topic/183961/nut-package-2-8-1-and-above/58). Reverted it before upgrading, unclicked Auto Apply (it is still uncliked), but this custom patch was re-applied for some reason (?). It had no Auto Apply - I disabled it before uprade. Anyway is it okay to keep this patch? (it was really helpfull with NUT problems)
c) In both upgraded (24.03) routers I see small glitch in Boot Environments. Icon for Diagnostics / Configuration History is missing. See picture kindly.

sandie · Apr 23, 2024, 9:43 PM

@sandie login-to-view

sandie · Apr 23, 2024, 9:57 PM

Forgot to say "well done" (and can not edit posts anymore ;)). Thanks!

markster · Apr 24, 2024, 12:42 AM

Updated Netgate-5100 and no issues.
services all started fine.

login-to-view

Great work. Thank you.

cwagz · Apr 24, 2024, 3:55 AM

@sandie - on my 6100 max Tailscale was not online after first boot up post upgrade, but is online after a single reboot.

sandie · Apr 24, 2024, 5:55 AM

@sandie
I will try to respond to myself for b) question.

b) I had custom patch applied in 7100 DT (https://forum.netgate.com/topic/183961/nut-package-2-8-1-and-above/58). Reverted it before upgrading, unclicked Auto Apply (it is still uncliked), but this custom patch was re-applied for some reason (?). It had no Auto Apply - I disabled it before uprade. Anyway is it okay to keep this patch? (it was really helpfull with NUT problems)
The patch is now incorporated into 24.03 build (applied to baseline and released as part of build) and System Patches app mistakenly thinks it was (custom) applied and allows to Revert? :) Do I understand I should ignore that and remove somehow this custom patch, because it should never be reverted by anyone?

Please confirm kindly suggested steps.

Also 23.09.1 patch for Terrapin in System Patches is no longer available and is no longer needed? (SSH upgraded?)

Lurick · Apr 24, 2024, 4:01 PM

@jimp Would this also resolve the issues with trying to fetch pfBlocker and Suricata updates to lists after upgrade before interfaces come up?

the other · Apr 24, 2024, 4:15 PM

hey there,
just run thru update process...did a reboot prior to pressing that "update" button as recommended. Kept all packets though...

It took around 8 minutes (6100 appliance), rebooted...what to say? All seems to be working fine, terrapin patch included in 24.03, ULA patch not necessary any more (reverted the old patch still showing, deleted it then...still working for ULAs in VIP, all shown on tables).
All services came online by themselves. Settings (iE for freeradius) still there and VPN with 2fa still working...

So far: great work, people! Thanx... :)

the other · Apr 24, 2024, 7:17 PM

@the-other ok, another facepalm to myself...
It is clearly stated under System / Patches NOT to revert a patch after upgrade...happy are those who can read (and understand what they are reading...).
So of course all ULAs were gone from tables...re-aplied that patch and all is well again.
Sorry for any confusion...

Cylosoft · Apr 24, 2024, 7:24 PM

24.03_1 is out now?

the other · Apr 24, 2024, 7:29 PM

@Cylosoft yeah, scroll to the very first post in this thread...it's explained there (update)... :)

Antibiotic · Apr 24, 2024, 9:31 PM

@Cylosoft Where did you get about 24.03_1 as only 24.03 out?

dennypage · Apr 24, 2024, 9:34 PM

@Antibiotic said in pfSense Plus software version 24.03-RELEASE is here! 🥳:

Where did you get about 24.03_1 as only 24.03 out?

See the announcement at the top of this thread.

crucialguy · Apr 24, 2024, 10:56 PM

Seems to have worked OK in the main biw, but a bit of oddness with my upgrade process.

It seemed to be taking too long and I was a bit nervous (I was still waiting for pings 8 mins in) - so I hooked up a monitor to my appliance to have a quick look. As per the upgrade process it was refreshing the packages and it was reinstalling Snort, I'm not sure if this is an issue with the Snort package or pfSense....but....it was trying to download all the block lists/community rule sets for Snort etc BEFORE any interface had initiated, so the reason it took ages to come up is because every rule set was trying and timing out on the download, as expected...because it was trying to do it before it brought the interfaces up!

I did another couple of reboots after that and the same symptom didn't re-occur, so I imagine this was just an upgrade oddity and it sorted it's self out (just needed to be patient).

There is also a fundamental issue with pfBlocker, but this is resolved with a custom patch someone has made (see this thread - https://forum.netgate.com/topic/185207/24-03-development-php-fatal-error-uncaught-valueerror-range-argument-3) - Hopefully that's updated at some point to remove that issue from the main release.

The first thing I wanted to try, something I've been keen to test is the WAN Gateway failover...failback, and it works a charm. I don't know if anyone else uses Wireguard tunnels, but on a gateway failback these never, ever came back to the primary connection without pulling the plug on the backup connection - but now they do recover and swing back to the primary on gateway restore without any intervention. It does take a bit of time, 2-3 mins, so I'm going to look and see if there's anything I can do to improve it slightly - but it's still an improvement and removes the manual intervention.

Antibiotic · Apr 24, 2024, 11:05 PM

@crucialguy Do you use traffic shaping?

crucialguy · Apr 24, 2024, 11:09 PM

@Antibiotic Nope, no traffic shaping whatsoever here.

Standard traffic flows and gateway groups with PBR etc.

sandie · Apr 24, 2024, 11:18 PM

@crucialguy For me slowly upgraded 7100 DT router (15 minutes) has Suricata. 6100 which upgraded reasonably fast does not have Suricata.
It could be the reason you pointed.
I am happy to run latest pfSense+ software.

Phizix · Apr 24, 2024, 11:49 PM

Woooohooooo!

Up and running 24.03-RELEASE.
SG-5100 on ZFS (128 GB M.2 SSD & 16 GB RAM). Took about 10 mins and not glitches.

I run pfBlockerNG, but no issues that I see yet.

Phizix

SteveITS · Apr 25, 2024, 12:08 AM

@crucialguy Believe your issue of pre interface downloads was discussed somewhere here a week or two ago.

Thanks for the pfB pointer.

Bob.Dig · Apr 25, 2024, 8:38 AM

@the-other said in pfSense Plus software version 24.03-RELEASE is here! 🥳:

So of course all ULAs were gone from tables...re-aplied that patch and all is well again.
Sorry for any confusion...

Now I am confused, so you are saying, you still need that patch?