Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to upgrate 23.09.1 to 24.11

    Problems Installing or Upgrading pfSense Software
    3
    34
    904
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nanda
      last edited by

      Hi

      I have been maintaining three firewalls and trying to upgrade one pfSense firewall from 23.09.1 to 24.11, but failed. The problems are elaborated below.

      a) Infeasible update via GUI

      When I check the main screen, it shows 24.11 is available (see Fig 1).

      fae15f16-a27d-473b-9776-cd9e81d672cc-image.png
      Figure 1: Pfsense main screen with update availability information.

      A confirmation button for the upgrade process initiation should appear after changing the branch to 24.11 in the system update page, but the status remains 'Up to date' (see Figure 2).

      e1ea0ced-af6c-4889-acec-edb572e21156-image.png
      Figure 2: System update page with 'Up to date' status

      b) via option 13.

      I tried to update via terminal through option 13, but the version remains the same, and the GUI status is also the same (see Fig 3).

      43565acc-16a5-40c7-bcc2-c7bfc45d7ea9-image.png
      Figure 3: Option 13 execution via terminal

      c) via Commands

      I have read similar posts on upgrade issues and tried certctl rehash before pkg-static -d update. I do not see any errors but I can see 304 status in the command output (see the below output).

      $ pkg-static -d update
      DBG(1)[39150]> pkg initialized
      Updating pfSense-core repository catalogue...
      DBG(1)[39150]> PkgRepo: verifying update for pfSense-core
      DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
      DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
      DBG(1)[39150]> curl_open
      DBG(1)[39150]> Fetch: fetcher used: pkg+https
      DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
      
      DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
      
      * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
      *   Trying 208.123.73.207:443...
      * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
      * ALPN: curl offers http/1.1
      *  CAfile: /etc/ssl/netgate-ca.pem
      *  CApath: /etc/ssl/certs/
      * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
      * ALPN: server accepted http/1.1
      * Server certificate:
      *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
      *  start date: Mar 15 20:23:11 2022 GMT
      *  expire date: Feb 19 20:23:11 2122 GMT
      *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
      *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
      *  SSL certificate verify ok.
      * using HTTP/1.1
      > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
      Host: pfsense-plus-pkg00.atx.netgate.com
      User-Agent: pkg/1.20.8
      Accept: */*
      If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
      
      < HTTP/1.1 200 OK
      Fetching meta.conf: < Server: nginx
      < Date: Sun, 16 Mar 2025 08:49:48 GMT
      < Content-Type: application/octet-stream
      < Content-Length: 163
      < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
      < Connection: keep-alive
      < ETag: "6570ff06-a3"
      < Accept-Ranges: bytes
      <
      * The requested document is not new enough
      * Simulate an HTTP 304 response
      * Closing connection
      
      DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
      DBG(1)[39150]> curl_open
      DBG(1)[39150]> Fetch: fetcher used: pkg+https
      DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
      
      DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
      
      * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
      * Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache
      *   Trying 208.123.73.207:443...
      * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
      * ALPN: curl offers http/1.1
      *  CAfile: /etc/ssl/netgate-ca.pem
      *  CApath: /etc/ssl/certs/
      * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
      * ALPN: server accepted http/1.1
      * Server certificate:
      *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
      *  start date: Mar 15 20:23:11 2022 GMT
      *  expire date: Feb 19 20:23:11 2122 GMT
      *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
      *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
      *  SSL certificate verify ok.
      * using HTTP/1.1
      > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
      Host: pfsense-plus-pkg00.atx.netgate.com
      User-Agent: pkg/1.20.8
      Accept: */*
      If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
      
      < HTTP/1.1 304 Not Modified
      < Server: nginx
      < Date: Sun, 16 Mar 2025 08:49:49 GMT
      < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
      < Connection: keep-alive
      < ETag: "6570ff07-628"
      <
      * Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      DBG(1)[39150]> PkgRepo: verifying update for pfSense
      DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
      DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
      DBG(1)[39150]> curl_open
      DBG(1)[39150]> Fetch: fetcher used: pkg+https
      DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
      
      DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
      
      * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
      *   Trying 208.123.73.207:443...
      * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
      * ALPN: curl offers http/1.1
      *  CAfile: /etc/ssl/netgate-ca.pem
      *  CApath: /etc/ssl/certs/
      * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
      * ALPN: server accepted http/1.1
      * Server certificate:
      *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
      *  start date: Mar 15 20:23:11 2022 GMT
      *  expire date: Feb 19 20:23:11 2122 GMT
      *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
      *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
      *  SSL certificate verify ok.
      * using HTTP/1.1
      > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
      Host: pfsense-plus-pkg00.atx.netgate.com
      User-Agent: pkg/1.20.8
      Accept: */*
      If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
      
      < HTTP/1.1 304 Not Modified
      < Server: nginx
      < Date: Sun, 16 Mar 2025 08:49:49 GMT
      < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
      < Connection: keep-alive
      < ETag: "67813b81-b2"
      <
      * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
      DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
      DBG(1)[39150]> curl_open
      DBG(1)[39150]> Fetch: fetcher used: pkg+https
      DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
      
      DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
      
      * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
      * Found bundle for host: 0x3c78bb8fec20 [serially]
      * Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
      > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
      Host: pfsense-plus-pkg00.atx.netgate.com
      User-Agent: pkg/1.20.8
      Accept: */*
      If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
      
      < HTTP/1.1 304 Not Modified
      < Server: nginx
      < Date: Sun, 16 Mar 2025 08:49:49 GMT
      < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
      < Connection: keep-alive
      < ETag: "67813b81-30264"
      <
      * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
      pfSense repository is up to date.
      All repositories are up to date.
      

      Am I doing anything wrong here?
      Any help on this is highly appreciated.

      stephenw10S 1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator @nanda
        last edited by

        @nanda said in Unable to upgrate 23.09.1 to 24.11:

        DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
        DBG(1)[39150]> curl_open
        DBG(1)[39150]> Fetch: fetcher used: pkg+https
        DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg

        You can see there it's still checking against the 23.09.1 repo.

        Try going to Sys > Update > Update Settings and resave the branch as 24.11.

        N patient0P 2 Replies Last reply Reply Quote 0
        • N
          nanda @stephenw10
          last edited by

          @stephenw10

          I did as you suggested, but the result is the same.

          e6db5b8d-4cd1-4787-95f6-4ea0f8a16901-image.png
          Figure 1: Changing update settings

          a) via GUI
          8928529c-c2cc-4697-824f-24f9e0ff5238-image.png
          Figure 2: Trying to update after new settings

          b) via Command
          pkg-static -d update command output.

          $ pkg-static -d update
          DBG(1)[96662]> pkg initialized
          Updating pfSense-core repository catalogue...
          DBG(1)[96662]> PkgRepo: verifying update for pfSense-core
          DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
          DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
          DBG(1)[96662]> curl_open
          DBG(1)[96662]> Fetch: fetcher used: pkg+https
          DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
          
          DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
          
          * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
          *   Trying 208.123.73.207:443...
          * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
          * ALPN: curl offers http/1.1
          *  CAfile: /etc/ssl/netgate-ca.pem
          *  CApath: /etc/ssl/certs/
          * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
          * ALPN: server accepted http/1.1
          * Server certificate:
          *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
          *  start date: Mar 15 20:23:11 2022 GMT
          *  expire date: Feb 19 20:23:11 2122 GMT
          *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
          *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
          *  SSL certificate verify ok.
          * using HTTP/1.1
          > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
          Host: pfsense-plus-pkg00.atx.netgate.com
          User-Agent: pkg/1.20.8
          Accept: */*
          If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
          
          < HTTP/1.1 200 OK
          Fetching meta.conf: < Server: nginx
          < Date: Mon, 17 Mar 2025 06:16:07 GMT
          < Content-Type: application/octet-stream
          < Content-Length: 163
          < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
          < Connection: keep-alive
          < ETag: "6570ff06-a3"
          < Accept-Ranges: bytes
          <
          * The requested document is not new enough
          * Simulate an HTTP 304 response
          * Closing connection
          
          DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
          DBG(1)[96662]> curl_open
          DBG(1)[96662]> Fetch: fetcher used: pkg+https
          DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
          
          DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
          
          * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
          * Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache
          *   Trying 208.123.73.207:443...
          * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
          * ALPN: curl offers http/1.1
          *  CAfile: /etc/ssl/netgate-ca.pem
          *  CApath: /etc/ssl/certs/
          * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
          * ALPN: server accepted http/1.1
          * Server certificate:
          *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
          *  start date: Mar 15 20:23:11 2022 GMT
          *  expire date: Feb 19 20:23:11 2122 GMT
          *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
          *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
          *  SSL certificate verify ok.
          * using HTTP/1.1
          > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
          Host: pfsense-plus-pkg00.atx.netgate.com
          User-Agent: pkg/1.20.8
          Accept: */*
          If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
          
          < HTTP/1.1 304 Not Modified
          < Server: nginx
          < Date: Mon, 17 Mar 2025 06:16:08 GMT
          < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
          < Connection: keep-alive
          < ETag: "6570ff07-628"
          <
          * Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact
          pfSense-core repository is up to date.
          Updating pfSense repository catalogue...
          DBG(1)[96662]> PkgRepo: verifying update for pfSense
          DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
          DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
          DBG(1)[96662]> curl_open
          DBG(1)[96662]> Fetch: fetcher used: pkg+https
          DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
          
          DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
          
          * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
          *   Trying 208.123.73.207:443...
          * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
          * ALPN: curl offers http/1.1
          *  CAfile: /etc/ssl/netgate-ca.pem
          *  CApath: /etc/ssl/certs/
          * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
          * ALPN: server accepted http/1.1
          * Server certificate:
          *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
          *  start date: Mar 15 20:23:11 2022 GMT
          *  expire date: Feb 19 20:23:11 2122 GMT
          *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
          *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
          *  SSL certificate verify ok.
          * using HTTP/1.1
          > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
          Host: pfsense-plus-pkg00.atx.netgate.com
          User-Agent: pkg/1.20.8
          Accept: */*
          If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
          
          < HTTP/1.1 304 Not Modified
          < Server: nginx
          < Date: Mon, 17 Mar 2025 06:16:08 GMT
          < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
          < Connection: keep-alive
          < ETag: "67813b81-b2"
          <
          * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
          DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
          DBG(1)[96662]> curl_open
          DBG(1)[96662]> Fetch: fetcher used: pkg+https
          DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
          
          DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
          
          * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
          * Found bundle for host: 0x21bd3a2fec20 [serially]
          * Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
          > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
          Host: pfsense-plus-pkg00.atx.netgate.com
          User-Agent: pkg/1.20.8
          Accept: */*
          If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
          
          < HTTP/1.1 304 Not Modified
          < Server: nginx
          < Date: Mon, 17 Mar 2025 06:16:08 GMT
          < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
          < Connection: keep-alive
          < ETag: "67813b81-30264"
          <
          * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
          pfSense repository is up to date.
          All repositories are up to date.
          
          1 Reply Last reply Reply Quote 0
          • patient0P
            patient0 @stephenw10
            last edited by patient0

            @stephenw10 is the update procedure different in the Azure cloud? I guess it's running there since in the first screenshot there is a line

            "Microsoft Azure - Netgate Device ID: ...."

            Addition: The pfSense+ docu states under "Does the appliance support a live update of the software?":

            "This may be possible, but it is currently untested and unsupported. Since a real system console is not available, a definitive recovery process for failures during upgrades would be difficult to define.

            The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."

            N 1 Reply Last reply Reply Quote 0
            • N
              nanda @patient0
              last edited by

              @patient0 @stephenw10

              "The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."

              Indeed, we deployed pfSense in Microsoft Azure through the official Azure marketplace. The above statement on replacing the old instance with the new instance may lead to problems with the operational costs. pfSense firewall instance was deployed through Azure reservation. If we forgo the current instance, it will, perhaps, take away the reservation.

              Please provide a technical solution to solve the upgrade issue.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Hmm, OK try running: pfSense-repoc

                Make sure that returns cleanly. Then try saving the branch again.

                You should be able to upgrade in Azure.

                N 1 Reply Last reply Reply Quote 0
                • N
                  nanda @stephenw10
                  last edited by

                  @stephenw10

                  I executed the command pfSense-repoc and it did not return any message. So I assume that it was a clean execution (see Figure 1), then saved the branch again (Figure 2). The result was the same (see Figure 3).

                  7ac1fe0c-e4cf-4dab-9c9d-af8bab668fcb-image.png
                  Figure 1: pfSense-repoc execution

                  12bbba58-e129-416b-a5ee-5d8d9390866f-image.png
                  Figure 2: Save the branch again

                  732c092b-541a-493d-b503-1ec8a409e70e-image.png
                  Figure 3: Trying after the above steps

                  Verified again via pkg-static -d update command, but the result still points to 23.09.1 repo.

                  $ pkg-static -d update
                  DBG(1)[18723]> pkg initialized
                  Updating pfSense-core repository catalogue...
                  DBG(1)[18723]> PkgRepo: verifying update for pfSense-core
                  DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
                  DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
                  DBG(1)[18723]> curl_open
                  DBG(1)[18723]> Fetch: fetcher used: pkg+https
                  DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
                  
                  DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                  
                  * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                  *   Trying 208.123.73.209:443...
                  * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
                  * ALPN: curl offers http/1.1
                  *  CAfile: /etc/ssl/netgate-ca.pem
                  *  CApath: /etc/ssl/certs/
                  * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
                  * ALPN: server accepted http/1.1
                  * Server certificate:
                  *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
                  *  start date: Mar 15 20:23:37 2022 GMT
                  *  expire date: Feb 19 20:23:37 2122 GMT
                  *  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
                  *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
                  *  SSL certificate verify ok.
                  * using HTTP/1.1
                  > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
                  Host: pfsense-plus-pkg01.atx.netgate.com
                  User-Agent: pkg/1.20.8
                  Accept: */*
                  If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
                  
                  < HTTP/1.1 200 OK
                  Fetching meta.conf: < Server: nginx
                  < Date: Mon, 17 Mar 2025 18:50:51 GMT
                  < Content-Type: application/octet-stream
                  < Content-Length: 163
                  < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
                  < Connection: keep-alive
                  < ETag: "6570ff06-a3"
                  < Accept-Ranges: bytes
                  <
                  * The requested document is not new enough
                  * Simulate an HTTP 304 response
                  * Closing connection
                  
                  DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
                  DBG(1)[18723]> curl_open
                  DBG(1)[18723]> Fetch: fetcher used: pkg+https
                  DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
                  
                  DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                  
                  * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                  * Hostname pfsense-plus-pkg01.atx.netgate.com was found in DNS cache
                  *   Trying 208.123.73.209:443...
                  * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
                  * ALPN: curl offers http/1.1
                  *  CAfile: /etc/ssl/netgate-ca.pem
                  *  CApath: /etc/ssl/certs/
                  * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
                  * ALPN: server accepted http/1.1
                  * Server certificate:
                  *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
                  *  start date: Mar 15 20:23:37 2022 GMT
                  *  expire date: Feb 19 20:23:37 2122 GMT
                  *  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
                  *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
                  *  SSL certificate verify ok.
                  * using HTTP/1.1
                  > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
                  Host: pfsense-plus-pkg01.atx.netgate.com
                  User-Agent: pkg/1.20.8
                  Accept: */*
                  If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
                  
                  < HTTP/1.1 304 Not Modified
                  < Server: nginx
                  < Date: Mon, 17 Mar 2025 18:50:51 GMT
                  < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
                  < Connection: keep-alive
                  < ETag: "6570ff07-628"
                  <
                  * Connection #1 to host pfsense-plus-pkg01.atx.netgate.com left intact
                  pfSense-core repository is up to date.
                  Updating pfSense repository catalogue...
                  DBG(1)[18723]> PkgRepo: verifying update for pfSense
                  DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
                  DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
                  DBG(1)[18723]> curl_open
                  DBG(1)[18723]> Fetch: fetcher used: pkg+https
                  DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
                  
                  DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                  
                  * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                  *   Trying 208.123.73.209:443...
                  * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
                  * ALPN: curl offers http/1.1
                  *  CAfile: /etc/ssl/netgate-ca.pem
                  *  CApath: /etc/ssl/certs/
                  * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
                  * ALPN: server accepted http/1.1
                  * Server certificate:
                  *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
                  *  start date: Mar 15 20:23:37 2022 GMT
                  *  expire date: Feb 19 20:23:37 2122 GMT
                  *  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
                  *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
                  *  SSL certificate verify ok.
                  * using HTTP/1.1
                  > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
                  Host: pfsense-plus-pkg01.atx.netgate.com
                  User-Agent: pkg/1.20.8
                  Accept: */*
                  If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
                  
                  < HTTP/1.1 304 Not Modified
                  < Server: nginx
                  < Date: Mon, 17 Mar 2025 18:50:52 GMT
                  < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
                  < Connection: keep-alive
                  < ETag: "67813b81-b2"
                  <
                  * Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
                  DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
                  DBG(1)[18723]> curl_open
                  DBG(1)[18723]> Fetch: fetcher used: pkg+https
                  DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
                  
                  DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                  
                  * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                  * Found bundle for host: 0x398516efec20 [serially]
                  * Re-using existing connection with host pfsense-plus-pkg01.atx.netgate.com
                  > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
                  Host: pfsense-plus-pkg01.atx.netgate.com
                  User-Agent: pkg/1.20.8
                  Accept: */*
                  If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
                  
                  < HTTP/1.1 304 Not Modified
                  < Server: nginx
                  < Date: Mon, 17 Mar 2025 18:50:52 GMT
                  < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
                  < Connection: keep-alive
                  < ETag: "67813b81-30264"
                  <
                  * Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
                  pfSense repository is up to date.
                  All repositories are up to date.
                  

                  Tried rebooting and then the system update, but the webpage still returning "Up to date" message.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Hmm, odd. Try running: pfSense-repoc -DJ

                    That should show you what info is being sent and which branches are being pushed back. Obviously don't post that output here.

                    N 1 Reply Last reply Reply Quote 0
                    • N
                      nanda @stephenw10
                      last edited by

                      @stephenw10

                      In the post data repo section, I can see three repos: 24.11, 24.03, 23.09.1. The 23.09.1 has the default field set to yes; other repo sections do not have this field.

                      Would you tell me, how to deduce/solve the problem with the command response?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Ok try running: ls -ls /usr/local/etc/pkg/repos

                        That should show a symlink for pfSense.conf that points to the selected repo like:

                        24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: ls -ls /usr/local/etc/pkg/repos
                        total 1
                        1 -rw-r--r--  1 root wheel 25 Apr 19  2024 FreeBSD.conf
                        1 lrwxr-xr-x  1 root wheel 55 Mar 18 12:49 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf
                        

                        When you change the update branch in the webgui that symlink should be updated.

                        Then if you check that repo it should be 24.11 like:

                        [24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: cat /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf
                        FreeBSD: { enabled: no }
                        
                        pfSense-core: {
                            url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-core",
                            mirror_type: "srv",
                            signature_type: "fingerprints",
                            fingerprints: "/usr/local/share/pfSense/keys/pkg",
                            enabled: yes
                        }
                        
                        pfSense: {
                            url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11",
                            mirror_type: "srv",
                            signature_type: "fingerprints",
                            fingerprints: "/usr/local/share/pfSense/keys/pkg",
                            enabled: yes
                        }
                        

                        I'm guessing your install is not showing that for some reason.

                        N 1 Reply Last reply Reply Quote 0
                        • N
                          nanda @stephenw10
                          last edited by

                          @stephenw10

                          Your guess is true, symlink did not change to the selected repo when the update branch changed in the GUI. It stays with 23.09.1.

                          $ ls -ls /usr/local/etc/pkg/repos
                          total 4
                          4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                          0 lrwxr-xr-x  1 root wheel 62 Mar 18 16:45 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                          

                          pfSense-repo-23_09_1_rel.conf has urls for 23.09.1 in pfsense-core and pfsense section.

                          "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core"
                          "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1"
                          

                          Is there any command that can be executed via the terminal to change the repo?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Yes you can try manually creating the symlink. What conf files do you have in /usr/local/etc/pfSense/pkg/repos ?

                            N 1 Reply Last reply Reply Quote 0
                            • N
                              nanda @stephenw10
                              last edited by

                              @stephenw10

                              The repos directory has three config files for 23.09.1, 24.03 and 24.11

                              -rw-r--r--  1 root wheel 512 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                              -rw-r--r--  1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf
                              -rw-r--r--  1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                              
                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                OK first try running: pfSense-repo-setup then re-check.

                                N 1 Reply Last reply Reply Quote 0
                                • N
                                  nanda @stephenw10
                                  last edited by nanda

                                  @stephenw10

                                  pfSense-repo-setup command did not return any message, so it should be a clean execution.

                                  [23.09.1-RELEASE][...]/root: pfSense-repo-setup
                                  [23.09.1-RELEASE][...]/root: ls -l /usr/local/etc/pfSense/pkg/repos/*.conf
                                  -rw-r--r--  1 root wheel 512 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                  -rw-r--r--  1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf
                                  -rw-r--r--  1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                                  

                                  After saving the 24.11 update branch in the system update via GUI, symlink still stays with 23.09.1

                                  [23.09.1-RELEASE][...]/root: ls -ls/usr/local/etc/pfkg/repos
                                  total 4
                                  4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                  0 lrwxr-xr-x  1 root wheel 62 Mar 18 19:24 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                  [23.09.1-RELEASE][...]/root:
                                  
                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Hmm, weird. Is it not updating the line in the config perhaps?

                                    Anyway you should be able to run:
                                    rm /usr/local/etc/pkg/repos/pfSense.conf

                                    Then:
                                    ln -s /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf /usr/local/etc/pkg/repos/pfSense.conf

                                    That should allow it to see the 24.11 upgrade.

                                    N 1 Reply Last reply Reply Quote 0
                                    • N
                                      nanda @stephenw10
                                      last edited by

                                      @stephenw10

                                      ln -s ... command created the symlink pointing 24.11 conf and it is verified too.

                                      [23.09.1-RELEASE][...]/root: ls -ls /usr/local/etc/pkg/repos
                                      total 4
                                      4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                      0 lrwxr-xr-x  1 root wheel 56 Mar 18 20:06 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                                      

                                      When I tried to update via Sys => Update => System Update, the page returned 'Up to date' status with 23.09.1 as the base and latest versions. Symlink verification for pfSense.conf shows that the config reverted to 23.09.1. It seems the problem lies with the GUI.

                                      [23.09.1-RELEASE][...]/root: ls -ls/usr/local/etc/pfkg/repos
                                      total 4
                                      4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                      0 lrwxr-xr-x  1 root wheel 62 Mar 18 20:14 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                      

                                      Should I retry the update via option 13 after recreating the symlink?
                                      Will it cause problems?

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Try running pfSense-upgrade directly after creating the symlink.

                                        N 1 Reply Last reply Reply Quote 0
                                        • N
                                          nanda @stephenw10
                                          last edited by

                                          @stephenw10

                                          Sorry for my belated response. The firewall cannot be taken offline immediately.

                                          I executed the pfSense-upgrade command, but it did not upgrade the firewall. I verified the pfSense.conf symlink before and after command execution. It looks like the pfSense.conf again reverted to 23.09.1.

                                          [23.09.1-RELEASE][...]/root: ls -ls /usr/local/etc/pkg/repos
                                          total 4
                                          4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                          0 lrwxr-xr-x  1 root wheel 56 Mar 19 21:03 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                                          [23.09.1-RELEASE][...]/root: pfSense-upgrade
                                          >>> Updating repositories metadata...
                                          Updating pfSense-core repository catalogue...
                                          Fetching meta.conf: . done
                                          Fetching packagesite.pkg: . done
                                          Processing entries: . done
                                          pfSense-core repository update completed. 5 packages processed.
                                          Updating pfSense repository catalogue...
                                          Fetching meta.conf: . done
                                          Fetching packagesite.pkg: ....... done
                                          Processing entries: .......... done
                                          pfSense repository update completed. 739 packages processed.
                                          All repositories are up to date.
                                          Your packages are up to date
                                          [23.09.1-RELEASE][...]/root: ls -ls /usr/local/etc/pkg/repos
                                          total 4
                                          4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                          0 lrwxr-xr-x  1 root wheel 62 Mar 19 21:03 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                          
                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            OK check the config file. What branch is it saving there?

                                            Or change the branch then check the config history. You should see it switch from 23.09.1 to 24.11.

                                            N 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.