Updating pfBlockerNG-devel on 23.09 caused instability. Upgrading to 23.09.1 (w/ 3.2.0_8) solved it.
-
Point of clarification to my OP that I just figured out: I installed pfBlockerNG-devel 3.2.0_15 when using 23.09. Installing 23.09.1 rolled it back to 3.2.0_8.
@Gertjan said in Updating pfBlockerNG-devel on 23.09 caused instability. Upgrading to 23.09.1 (w/ 3.2.0_8) solved it.:
And on the forum the upgrade of 23.09 -> 24.03 was mentioned a couple of zillion times.
pfSense not proposing 24.03 as an upgrade : check here Home pfSense
Software Problems Installing or Upgrading pfSense Software : very first pinned post, or have a look at the several forum posts over there.I checked the pinned posts and don't see any warnings about installing 24.03. I see it offered on my System Update, but I'm afraid to touch anything right now.
-
@GPinzone said in Updating pfBlockerNG-devel on 23.09 caused instability. Upgrading to 23.09.1 (w/ 3.2.0_8) solved it.:
any warnings about installing 24.03.
There are no "warnings about 24.03".
If there were, it's more like this "you use 23.09 ? Then upgrade to 24.03 asap".When you see this :
you know when (a couple of minutes ago) the last check was made and that it was successful.
This setting :
should be set (and kept on !) "Current stable".
If you pin-point it to 23.09 (after 24.03 came out) then you will stay on "23.09" and it will show : "up to date". -
@Gertjan said in Updating pfBlockerNG-devel on 23.09 caused instability. Upgrading to 23.09.1 (w/ 3.2.0_8) solved it.:
There are no "warnings about 24.03".
If there were, it's more like this "you use 23.09 ? Then upgrade to 24.03 asap".I thought you were referring to the threads where people who upgraded to 24.03 were having issues and were told to wait until 23.08. None of the pinned threads warn against installing 24.03 (which is now 24.03_1).
-
I ran into this same exact issue with pfblockerNG-devel update hanging and then the GUI also hanging.
I was able to solve this via SSH. Make sure you close your browser.
ran
pkg delete pfSense-pkg-pfblockerNG-develIt complained another process was holding it up.
kill <whatever process ID # it complained about>ran this again
pkg delete pfSense-pkg-pfblockerNG-develIt got stuck loading something or other like the GUI update.
Opened a second SSH session.
top -aSHkill <process ID # of the php-fpm process(es) which are at or near 100% CPU usage>I had three of them I had to kill.
ran this one more time to confirm it was removed.
pkg delete pfSense-pkg-pfblockerNG-develIf it complains again about a process holding it, kill that again.
Then I was able to login to the GUI and install pfblockerNG-devel no problem.
I'm on 24.03. I checked to see if there was a pfsense update since this behavior is very similar to what happens when you update a package before updating pfsense. I am not seeing any pfsense updates available.
I ended up with the crash report below when I got back into the GUI.
[24-Sep-2024 11:10:26 America/New_York] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733 [24-Sep-2024 11:12:31 America/New_York] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733 -
these are the clearest problems thus far on remedying this problem..
Thank you for providing them.
I had this issue last night, although i'm on ce 2.7.2. do you think that'll matter?
at the moment i get an nginx 502 error when i try to go to the pfsense gui. is that what you experienced as well?
-
@jc1976 yeah I had the same error. My steps fixed that.
-
The pfBlockerNG development pkg has now been updated to remove that issue. 3.2.0_17 is safe to upgrade to.
-
@stephenw10 thanks for the tip.
It seems like 3.2.0_17 is the version the GUI ended up installing after having all this trouble and going through the steps outlined. -
THANK YOU THANK YOU THANK YOU!!
that worked.. took a bit of figuring out, dunno how you only had 3 php processes holding you up because I had 20+, but it worked!!
once i got into the gui i was able to go to the package manager and run the install of 3.2.0_17 and that went through without a hitch..
thankfully, all my configs were still there so when it installed, all came back without any interaction from me..
thanks again!
-
i have another firewall that i manage and it shows the update to 3.2.0_8..
obviously i want to skip that upgrade.. is it possible to upgrade directly to 3.2.0_17, bypassing 3.2.0_8 so I don't have to deal with it's problems?
-
3.2.0_8 is OK. That's the package version for the non-devel package.
The problem versions were _15 and _16 but that was only ever the development package. Neither of those should be available anywhere now. You should only see no update for non-dev or _17 for the devel.
-
I use the dev version on both firewalls. both firewalls have the same configuration and the one that blew up on me was for _8.
as of this moment, looking at installed packages, mine says it's on 3.2.0_8, with a prompt to update.
this was the same on my other firewall that i had to repair.i don't see anything to indicate the update would be to 3.2.0_17.
am i reading this wrong? I always thought the version shown in the package manager is the version it would be updated to.
my fear is that being this is my firewall at my office that many others are dependent on, i can't risk the downtime so i just want to be sure that it will update to the latest repaired version without any issue.
thanks!!
-
Well the safest option is to do nothing. Just don't update it.
If you mouse-over the update symbol in the package manager it shows what version is available:
-
-
my fear is that being this is my firewall at my office that many others are dependent on, i can't risk the downtime so i just want to be sure that it will update to the latest repaired version without any issue.
lol I had this issue on the office firewall when I first ran into it. I can assure you there was no downtime. Everything still worked as intended including my OpenVPN for remote access. Just the GUI access and the pfblocker update was an issue. I'm not entirely sure if pfblocker was still functional during this time, but that was really not a big deal if it was down for the few minutes it took me to resolve this issue. Pfblocker was back up after the update and then force reload.
-
@Raffi_ Thx, thx and thx for your advice, This saved my day. I didn't use ssh but the built in command promt. Killed every pid associating with "pkg delete yes pfSense-pkg-pfblockerNG-devel" and finally
I could use the dashboard again. What a relief, and the package was removed from package manager.
Now I installed the none dev version of pfblock. It's been two days of nervousness since my firewall is in a production environment. Many thx Raffi_, my command vas kill pid_nr & pkg delete --yes pfSense-pkg-pfblockerNG-devel. I created an account here on netgate only to express my gratitude.
-
Now I installed the none dev version of pfblock. It's been two days of nervousness since my firewall is in a production environment. Many thx Raffi_, my command vas kill pid_nr & pkg delete --yes pfSense-pkg-pfblockerNG-devel. I created an account here on netgate only to express my gratitude.
I haven't been on these forums for some time. Is the pfblockerNG-devel an actual development version now? I'm getting the feeling it is now, but it wasn't in the past. In the past it was just the name given to the latest version.
When you installed pfblockerNG non dev, did all your config and settings carry over?
-
The config is the same for both packages. It will carry across if you uninstall/install either.
-
@stephenw10 said in Updating pfBlockerNG-devel on 23.09 caused instability. Upgrading to 23.09.1 (w/ 3.2.0_8) solved it.:
The config is the same for both packages. It will carry across if you uninstall/install either.
Thanks, good to know.
Is the dev version an actual dev version now? In other words, is the non dev version recommended for production environments ?
-
It still is the development version, new features/fixes are added there first. However it's now much closer to the non-dev package. A while ago it was a long way ahead but that's no longer the case.
