• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to upgrate 23.09.1 to 24.11

Problems Installing or Upgrading pfSense Software
3
34
903
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nanda
    last edited by Mar 16, 2025, 9:05 AM

    Hi

    I have been maintaining three firewalls and trying to upgrade one pfSense firewall from 23.09.1 to 24.11, but failed. The problems are elaborated below.

    a) Infeasible update via GUI

    When I check the main screen, it shows 24.11 is available (see Fig 1).

    🔒 Log in to view
    Figure 1: Pfsense main screen with update availability information.

    A confirmation button for the upgrade process initiation should appear after changing the branch to 24.11 in the system update page, but the status remains 'Up to date' (see Figure 2).

    🔒 Log in to view
    Figure 2: System update page with 'Up to date' status

    b) via option 13.

    I tried to update via terminal through option 13, but the version remains the same, and the GUI status is also the same (see Fig 3).

    🔒 Log in to view
    Figure 3: Option 13 execution via terminal

    c) via Commands

    I have read similar posts on upgrade issues and tried certctl rehash before pkg-static -d update. I do not see any errors but I can see 304 status in the command output (see the below output).

    $ pkg-static -d update
    DBG(1)[39150]> pkg initialized
    Updating pfSense-core repository catalogue...
    DBG(1)[39150]> PkgRepo: verifying update for pfSense-core
    DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
    DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
    DBG(1)[39150]> curl_open
    DBG(1)[39150]> Fetch: fetcher used: pkg+https
    DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
    
    DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
    
    * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
    *   Trying 208.123.73.207:443...
    * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
    * ALPN: curl offers http/1.1
    *  CAfile: /etc/ssl/netgate-ca.pem
    *  CApath: /etc/ssl/certs/
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * ALPN: server accepted http/1.1
    * Server certificate:
    *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
    *  start date: Mar 15 20:23:11 2022 GMT
    *  expire date: Feb 19 20:23:11 2122 GMT
    *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
    *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
    *  SSL certificate verify ok.
    * using HTTP/1.1
    > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
    Host: pfsense-plus-pkg00.atx.netgate.com
    User-Agent: pkg/1.20.8
    Accept: */*
    If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
    
    < HTTP/1.1 200 OK
    Fetching meta.conf: < Server: nginx
    < Date: Sun, 16 Mar 2025 08:49:48 GMT
    < Content-Type: application/octet-stream
    < Content-Length: 163
    < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
    < Connection: keep-alive
    < ETag: "6570ff06-a3"
    < Accept-Ranges: bytes
    <
    * The requested document is not new enough
    * Simulate an HTTP 304 response
    * Closing connection
    
    DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
    DBG(1)[39150]> curl_open
    DBG(1)[39150]> Fetch: fetcher used: pkg+https
    DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
    
    DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
    
    * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
    * Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache
    *   Trying 208.123.73.207:443...
    * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
    * ALPN: curl offers http/1.1
    *  CAfile: /etc/ssl/netgate-ca.pem
    *  CApath: /etc/ssl/certs/
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * ALPN: server accepted http/1.1
    * Server certificate:
    *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
    *  start date: Mar 15 20:23:11 2022 GMT
    *  expire date: Feb 19 20:23:11 2122 GMT
    *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
    *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
    *  SSL certificate verify ok.
    * using HTTP/1.1
    > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
    Host: pfsense-plus-pkg00.atx.netgate.com
    User-Agent: pkg/1.20.8
    Accept: */*
    If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
    
    < HTTP/1.1 304 Not Modified
    < Server: nginx
    < Date: Sun, 16 Mar 2025 08:49:49 GMT
    < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
    < Connection: keep-alive
    < ETag: "6570ff07-628"
    <
    * Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    DBG(1)[39150]> PkgRepo: verifying update for pfSense
    DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
    DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
    DBG(1)[39150]> curl_open
    DBG(1)[39150]> Fetch: fetcher used: pkg+https
    DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
    
    DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
    
    * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
    *   Trying 208.123.73.207:443...
    * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
    * ALPN: curl offers http/1.1
    *  CAfile: /etc/ssl/netgate-ca.pem
    *  CApath: /etc/ssl/certs/
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * ALPN: server accepted http/1.1
    * Server certificate:
    *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
    *  start date: Mar 15 20:23:11 2022 GMT
    *  expire date: Feb 19 20:23:11 2122 GMT
    *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
    *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
    *  SSL certificate verify ok.
    * using HTTP/1.1
    > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
    Host: pfsense-plus-pkg00.atx.netgate.com
    User-Agent: pkg/1.20.8
    Accept: */*
    If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
    
    < HTTP/1.1 304 Not Modified
    < Server: nginx
    < Date: Sun, 16 Mar 2025 08:49:49 GMT
    < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
    < Connection: keep-alive
    < ETag: "67813b81-b2"
    <
    * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
    DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
    DBG(1)[39150]> curl_open
    DBG(1)[39150]> Fetch: fetcher used: pkg+https
    DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
    
    DBG(1)[39150]> CURL> attempting to fetch from , left retry 3
    
    * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
    * Found bundle for host: 0x3c78bb8fec20 [serially]
    * Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
    > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
    Host: pfsense-plus-pkg00.atx.netgate.com
    User-Agent: pkg/1.20.8
    Accept: */*
    If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
    
    < HTTP/1.1 304 Not Modified
    < Server: nginx
    < Date: Sun, 16 Mar 2025 08:49:49 GMT
    < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
    < Connection: keep-alive
    < ETag: "67813b81-30264"
    <
    * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
    pfSense repository is up to date.
    All repositories are up to date.
    

    Am I doing anything wrong here?
    Any help on this is highly appreciated.

    S 1 Reply Last reply Mar 17, 2025, 2:52 AM Reply Quote 0
    • S
      stephenw10 Netgate Administrator @nanda
      last edited by Mar 17, 2025, 2:52 AM

      @nanda said in Unable to upgrate 23.09.1 to 24.11:

      DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
      DBG(1)[39150]> curl_open
      DBG(1)[39150]> Fetch: fetcher used: pkg+https
      DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg

      You can see there it's still checking against the 23.09.1 repo.

      Try going to Sys > Update > Update Settings and resave the branch as 24.11.

      N P 2 Replies Last reply Mar 17, 2025, 6:24 AM Reply Quote 0
      • N
        nanda @stephenw10
        last edited by Mar 17, 2025, 6:24 AM

        @stephenw10

        I did as you suggested, but the result is the same.

        🔒 Log in to view
        Figure 1: Changing update settings

        a) via GUI
        🔒 Log in to view
        Figure 2: Trying to update after new settings

        b) via Command
        pkg-static -d update command output.

        $ pkg-static -d update
        DBG(1)[96662]> pkg initialized
        Updating pfSense-core repository catalogue...
        DBG(1)[96662]> PkgRepo: verifying update for pfSense-core
        DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
        DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
        DBG(1)[96662]> curl_open
        DBG(1)[96662]> Fetch: fetcher used: pkg+https
        DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
        
        DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
        
        * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
        *   Trying 208.123.73.207:443...
        * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
        * ALPN: curl offers http/1.1
        *  CAfile: /etc/ssl/netgate-ca.pem
        *  CApath: /etc/ssl/certs/
        * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
        * ALPN: server accepted http/1.1
        * Server certificate:
        *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
        *  start date: Mar 15 20:23:11 2022 GMT
        *  expire date: Feb 19 20:23:11 2122 GMT
        *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
        *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
        *  SSL certificate verify ok.
        * using HTTP/1.1
        > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
        Host: pfsense-plus-pkg00.atx.netgate.com
        User-Agent: pkg/1.20.8
        Accept: */*
        If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
        
        < HTTP/1.1 200 OK
        Fetching meta.conf: < Server: nginx
        < Date: Mon, 17 Mar 2025 06:16:07 GMT
        < Content-Type: application/octet-stream
        < Content-Length: 163
        < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
        < Connection: keep-alive
        < ETag: "6570ff06-a3"
        < Accept-Ranges: bytes
        <
        * The requested document is not new enough
        * Simulate an HTTP 304 response
        * Closing connection
        
        DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
        DBG(1)[96662]> curl_open
        DBG(1)[96662]> Fetch: fetcher used: pkg+https
        DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
        
        DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
        
        * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
        * Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache
        *   Trying 208.123.73.207:443...
        * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
        * ALPN: curl offers http/1.1
        *  CAfile: /etc/ssl/netgate-ca.pem
        *  CApath: /etc/ssl/certs/
        * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
        * ALPN: server accepted http/1.1
        * Server certificate:
        *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
        *  start date: Mar 15 20:23:11 2022 GMT
        *  expire date: Feb 19 20:23:11 2122 GMT
        *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
        *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
        *  SSL certificate verify ok.
        * using HTTP/1.1
        > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
        Host: pfsense-plus-pkg00.atx.netgate.com
        User-Agent: pkg/1.20.8
        Accept: */*
        If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
        
        < HTTP/1.1 304 Not Modified
        < Server: nginx
        < Date: Mon, 17 Mar 2025 06:16:08 GMT
        < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
        < Connection: keep-alive
        < ETag: "6570ff07-628"
        <
        * Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact
        pfSense-core repository is up to date.
        Updating pfSense repository catalogue...
        DBG(1)[96662]> PkgRepo: verifying update for pfSense
        DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
        DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
        DBG(1)[96662]> curl_open
        DBG(1)[96662]> Fetch: fetcher used: pkg+https
        DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
        
        DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
        
        * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
        *   Trying 208.123.73.207:443...
        * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
        * ALPN: curl offers http/1.1
        *  CAfile: /etc/ssl/netgate-ca.pem
        *  CApath: /etc/ssl/certs/
        * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
        * ALPN: server accepted http/1.1
        * Server certificate:
        *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
        *  start date: Mar 15 20:23:11 2022 GMT
        *  expire date: Feb 19 20:23:11 2122 GMT
        *  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
        *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
        *  SSL certificate verify ok.
        * using HTTP/1.1
        > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
        Host: pfsense-plus-pkg00.atx.netgate.com
        User-Agent: pkg/1.20.8
        Accept: */*
        If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
        
        < HTTP/1.1 304 Not Modified
        < Server: nginx
        < Date: Mon, 17 Mar 2025 06:16:08 GMT
        < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
        < Connection: keep-alive
        < ETag: "67813b81-b2"
        <
        * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
        DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
        DBG(1)[96662]> curl_open
        DBG(1)[96662]> Fetch: fetcher used: pkg+https
        DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
        
        DBG(1)[96662]> CURL> attempting to fetch from , left retry 3
        
        * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
        * Found bundle for host: 0x21bd3a2fec20 [serially]
        * Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
        > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
        Host: pfsense-plus-pkg00.atx.netgate.com
        User-Agent: pkg/1.20.8
        Accept: */*
        If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
        
        < HTTP/1.1 304 Not Modified
        < Server: nginx
        < Date: Mon, 17 Mar 2025 06:16:08 GMT
        < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
        < Connection: keep-alive
        < ETag: "67813b81-30264"
        <
        * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
        pfSense repository is up to date.
        All repositories are up to date.
        
        1 Reply Last reply Reply Quote 0
        • P
          patient0 @stephenw10
          last edited by patient0 Mar 17, 2025, 6:51 AM Mar 17, 2025, 6:46 AM

          @stephenw10 is the update procedure different in the Azure cloud? I guess it's running there since in the first screenshot there is a line

          "Microsoft Azure - Netgate Device ID: ...."

          Addition: The pfSense+ docu states under "Does the appliance support a live update of the software?":

          "This may be possible, but it is currently untested and unsupported. Since a real system console is not available, a definitive recovery process for failures during upgrades would be difficult to define.

          The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."

          N 1 Reply Last reply Mar 17, 2025, 8:44 AM Reply Quote 0
          • N
            nanda @patient0
            last edited by Mar 17, 2025, 8:44 AM

            @patient0 @stephenw10

            "The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."

            Indeed, we deployed pfSense in Microsoft Azure through the official Azure marketplace. The above statement on replacing the old instance with the new instance may lead to problems with the operational costs. pfSense firewall instance was deployed through Azure reservation. If we forgo the current instance, it will, perhaps, take away the reservation.

            Please provide a technical solution to solve the upgrade issue.

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by stephenw10 Mar 17, 2025, 11:57 AM Mar 17, 2025, 11:56 AM

              Hmm, OK try running: pfSense-repoc

              Make sure that returns cleanly. Then try saving the branch again.

              You should be able to upgrade in Azure.

              N 1 Reply Last reply Mar 17, 2025, 7:02 PM Reply Quote 0
              • N
                nanda @stephenw10
                last edited by Mar 17, 2025, 7:02 PM

                @stephenw10

                I executed the command pfSense-repoc and it did not return any message. So I assume that it was a clean execution (see Figure 1), then saved the branch again (Figure 2). The result was the same (see Figure 3).

                🔒 Log in to view
                Figure 1: pfSense-repoc execution

                🔒 Log in to view
                Figure 2: Save the branch again

                🔒 Log in to view
                Figure 3: Trying after the above steps

                Verified again via pkg-static -d update command, but the result still points to 23.09.1 repo.

                $ pkg-static -d update
                DBG(1)[18723]> pkg initialized
                Updating pfSense-core repository catalogue...
                DBG(1)[18723]> PkgRepo: verifying update for pfSense-core
                DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
                DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
                DBG(1)[18723]> curl_open
                DBG(1)[18723]> Fetch: fetcher used: pkg+https
                DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
                
                DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                
                * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                *   Trying 208.123.73.209:443...
                * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
                * ALPN: curl offers http/1.1
                *  CAfile: /etc/ssl/netgate-ca.pem
                *  CApath: /etc/ssl/certs/
                * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
                * ALPN: server accepted http/1.1
                * Server certificate:
                *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
                *  start date: Mar 15 20:23:37 2022 GMT
                *  expire date: Feb 19 20:23:37 2122 GMT
                *  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
                *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
                *  SSL certificate verify ok.
                * using HTTP/1.1
                > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
                Host: pfsense-plus-pkg01.atx.netgate.com
                User-Agent: pkg/1.20.8
                Accept: */*
                If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
                
                < HTTP/1.1 200 OK
                Fetching meta.conf: < Server: nginx
                < Date: Mon, 17 Mar 2025 18:50:51 GMT
                < Content-Type: application/octet-stream
                < Content-Length: 163
                < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
                < Connection: keep-alive
                < ETag: "6570ff06-a3"
                < Accept-Ranges: bytes
                <
                * The requested document is not new enough
                * Simulate an HTTP 304 response
                * Closing connection
                
                DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
                DBG(1)[18723]> curl_open
                DBG(1)[18723]> Fetch: fetcher used: pkg+https
                DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
                
                DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                
                * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                * Hostname pfsense-plus-pkg01.atx.netgate.com was found in DNS cache
                *   Trying 208.123.73.209:443...
                * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
                * ALPN: curl offers http/1.1
                *  CAfile: /etc/ssl/netgate-ca.pem
                *  CApath: /etc/ssl/certs/
                * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
                * ALPN: server accepted http/1.1
                * Server certificate:
                *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
                *  start date: Mar 15 20:23:37 2022 GMT
                *  expire date: Feb 19 20:23:37 2122 GMT
                *  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
                *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
                *  SSL certificate verify ok.
                * using HTTP/1.1
                > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
                Host: pfsense-plus-pkg01.atx.netgate.com
                User-Agent: pkg/1.20.8
                Accept: */*
                If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT
                
                < HTTP/1.1 304 Not Modified
                < Server: nginx
                < Date: Mon, 17 Mar 2025 18:50:51 GMT
                < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
                < Connection: keep-alive
                < ETag: "6570ff07-628"
                <
                * Connection #1 to host pfsense-plus-pkg01.atx.netgate.com left intact
                pfSense-core repository is up to date.
                Updating pfSense repository catalogue...
                DBG(1)[18723]> PkgRepo: verifying update for pfSense
                DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
                DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
                DBG(1)[18723]> curl_open
                DBG(1)[18723]> Fetch: fetcher used: pkg+https
                DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
                
                DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                
                * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                *   Trying 208.123.73.209:443...
                * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
                * ALPN: curl offers http/1.1
                *  CAfile: /etc/ssl/netgate-ca.pem
                *  CApath: /etc/ssl/certs/
                * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
                * ALPN: server accepted http/1.1
                * Server certificate:
                *  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
                *  start date: Mar 15 20:23:37 2022 GMT
                *  expire date: Feb 19 20:23:37 2122 GMT
                *  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
                *  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
                *  SSL certificate verify ok.
                * using HTTP/1.1
                > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
                Host: pfsense-plus-pkg01.atx.netgate.com
                User-Agent: pkg/1.20.8
                Accept: */*
                If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
                
                < HTTP/1.1 304 Not Modified
                < Server: nginx
                < Date: Mon, 17 Mar 2025 18:50:52 GMT
                < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
                < Connection: keep-alive
                < ETag: "67813b81-b2"
                <
                * Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
                DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
                DBG(1)[18723]> curl_open
                DBG(1)[18723]> Fetch: fetcher used: pkg+https
                DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
                
                DBG(1)[18723]> CURL> attempting to fetch from , left retry 3
                
                * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
                * Found bundle for host: 0x398516efec20 [serially]
                * Re-using existing connection with host pfsense-plus-pkg01.atx.netgate.com
                > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
                Host: pfsense-plus-pkg01.atx.netgate.com
                User-Agent: pkg/1.20.8
                Accept: */*
                If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT
                
                < HTTP/1.1 304 Not Modified
                < Server: nginx
                < Date: Mon, 17 Mar 2025 18:50:52 GMT
                < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
                < Connection: keep-alive
                < ETag: "67813b81-30264"
                <
                * Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
                pfSense repository is up to date.
                All repositories are up to date.
                

                Tried rebooting and then the system update, but the webpage still returning "Up to date" message.

                1 Reply Last reply Reply Quote 0
                • S
                  stephenw10 Netgate Administrator
                  last edited by Mar 17, 2025, 7:38 PM

                  Hmm, odd. Try running: pfSense-repoc -DJ

                  That should show you what info is being sent and which branches are being pushed back. Obviously don't post that output here.

                  N 1 Reply Last reply Mar 18, 2025, 12:00 PM Reply Quote 0
                  • N
                    nanda @stephenw10
                    last edited by Mar 18, 2025, 12:00 PM

                    @stephenw10

                    In the post data repo section, I can see three repos: 24.11, 24.03, 23.09.1. The 23.09.1 has the default field set to yes; other repo sections do not have this field.

                    Would you tell me, how to deduce/solve the problem with the command response?

                    1 Reply Last reply Reply Quote 0
                    • S
                      stephenw10 Netgate Administrator
                      last edited by Mar 18, 2025, 1:07 PM

                      Ok try running: ls -ls /usr/local/etc/pkg/repos

                      That should show a symlink for pfSense.conf that points to the selected repo like:

                      24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: ls -ls /usr/local/etc/pkg/repos
                      total 1
                      1 -rw-r--r--  1 root wheel 25 Apr 19  2024 FreeBSD.conf
                      1 lrwxr-xr-x  1 root wheel 55 Mar 18 12:49 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf
                      

                      When you change the update branch in the webgui that symlink should be updated.

                      Then if you check that repo it should be 24.11 like:

                      [24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: cat /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf
                      FreeBSD: { enabled: no }
                      
                      pfSense-core: {
                          url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-core",
                          mirror_type: "srv",
                          signature_type: "fingerprints",
                          fingerprints: "/usr/local/share/pfSense/keys/pkg",
                          enabled: yes
                      }
                      
                      pfSense: {
                          url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11",
                          mirror_type: "srv",
                          signature_type: "fingerprints",
                          fingerprints: "/usr/local/share/pfSense/keys/pkg",
                          enabled: yes
                      }
                      

                      I'm guessing your install is not showing that for some reason.

                      N 1 Reply Last reply Mar 18, 2025, 3:00 PM Reply Quote 0
                      • N
                        nanda @stephenw10
                        last edited by Mar 18, 2025, 3:00 PM

                        @stephenw10

                        Your guess is true, symlink did not change to the selected repo when the update branch changed in the GUI. It stays with 23.09.1.

                        $ ls -ls /usr/local/etc/pkg/repos
                        total 4
                        4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                        0 lrwxr-xr-x  1 root wheel 62 Mar 18 16:45 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                        

                        pfSense-repo-23_09_1_rel.conf has urls for 23.09.1 in pfsense-core and pfsense section.

                        "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core"
                        "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1"
                        

                        Is there any command that can be executed via the terminal to change the repo?

                        1 Reply Last reply Reply Quote 0
                        • S
                          stephenw10 Netgate Administrator
                          last edited by Mar 18, 2025, 3:20 PM

                          Yes you can try manually creating the symlink. What conf files do you have in /usr/local/etc/pfSense/pkg/repos ?

                          N 1 Reply Last reply Mar 18, 2025, 3:31 PM Reply Quote 0
                          • N
                            nanda @stephenw10
                            last edited by Mar 18, 2025, 3:31 PM

                            @stephenw10

                            The repos directory has three config files for 23.09.1, 24.03 and 24.11

                            -rw-r--r--  1 root wheel 512 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                            -rw-r--r--  1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf
                            -rw-r--r--  1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                            
                            1 Reply Last reply Reply Quote 0
                            • S
                              stephenw10 Netgate Administrator
                              last edited by Mar 18, 2025, 5:11 PM

                              OK first try running: pfSense-repo-setup then re-check.

                              N 1 Reply Last reply Mar 18, 2025, 5:34 PM Reply Quote 0
                              • N
                                nanda @stephenw10
                                last edited by nanda Mar 18, 2025, 5:39 PM Mar 18, 2025, 5:34 PM

                                @stephenw10

                                pfSense-repo-setup command did not return any message, so it should be a clean execution.

                                [23.09.1-RELEASE][...]/root: pfSense-repo-setup
                                [23.09.1-RELEASE][...]/root: ls -l /usr/local/etc/pfSense/pkg/repos/*.conf
                                -rw-r--r--  1 root wheel 512 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                -rw-r--r--  1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf
                                -rw-r--r--  1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                                

                                After saving the 24.11 update branch in the system update via GUI, symlink still stays with 23.09.1

                                [23.09.1-RELEASE][...]/root: ls -ls/usr/local/etc/pfkg/repos
                                total 4
                                4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                0 lrwxr-xr-x  1 root wheel 62 Mar 18 19:24 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                [23.09.1-RELEASE][...]/root:
                                
                                1 Reply Last reply Reply Quote 0
                                • S
                                  stephenw10 Netgate Administrator
                                  last edited by Mar 18, 2025, 5:54 PM

                                  Hmm, weird. Is it not updating the line in the config perhaps?

                                  Anyway you should be able to run:
                                  rm /usr/local/etc/pkg/repos/pfSense.conf

                                  Then:
                                  ln -s /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf /usr/local/etc/pkg/repos/pfSense.conf

                                  That should allow it to see the 24.11 upgrade.

                                  N 1 Reply Last reply Mar 18, 2025, 6:29 PM Reply Quote 0
                                  • N
                                    nanda @stephenw10
                                    last edited by Mar 18, 2025, 6:29 PM

                                    @stephenw10

                                    ln -s ... command created the symlink pointing 24.11 conf and it is verified too.

                                    [23.09.1-RELEASE][...]/root: ls -ls /usr/local/etc/pkg/repos
                                    total 4
                                    4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                    0 lrwxr-xr-x  1 root wheel 56 Mar 18 20:06 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                                    

                                    When I tried to update via Sys => Update => System Update, the page returned 'Up to date' status with 23.09.1 as the base and latest versions. Symlink verification for pfSense.conf shows that the config reverted to 23.09.1. It seems the problem lies with the GUI.

                                    [23.09.1-RELEASE][...]/root: ls -ls/usr/local/etc/pfkg/repos
                                    total 4
                                    4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                    0 lrwxr-xr-x  1 root wheel 62 Mar 18 20:14 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                    

                                    Should I retry the update via option 13 after recreating the symlink?
                                    Will it cause problems?

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      stephenw10 Netgate Administrator
                                      last edited by Mar 18, 2025, 6:56 PM

                                      Try running pfSense-upgrade directly after creating the symlink.

                                      N 1 Reply Last reply Mar 19, 2025, 7:13 PM Reply Quote 0
                                      • N
                                        nanda @stephenw10
                                        last edited by Mar 19, 2025, 7:13 PM

                                        @stephenw10

                                        Sorry for my belated response. The firewall cannot be taken offline immediately.

                                        I executed the pfSense-upgrade command, but it did not upgrade the firewall. I verified the pfSense.conf symlink before and after command execution. It looks like the pfSense.conf again reverted to 23.09.1.

                                        [23.09.1-RELEASE][...]/root: ls -ls /usr/local/etc/pkg/repos
                                        total 4
                                        4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                        0 lrwxr-xr-x  1 root wheel 56 Mar 19 21:03 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                                        [23.09.1-RELEASE][...]/root: pfSense-upgrade
                                        >>> Updating repositories metadata...
                                        Updating pfSense-core repository catalogue...
                                        Fetching meta.conf: . done
                                        Fetching packagesite.pkg: . done
                                        Processing entries: . done
                                        pfSense-core repository update completed. 5 packages processed.
                                        Updating pfSense repository catalogue...
                                        Fetching meta.conf: . done
                                        Fetching packagesite.pkg: ....... done
                                        Processing entries: .......... done
                                        pfSense repository update completed. 739 packages processed.
                                        All repositories are up to date.
                                        Your packages are up to date
                                        [23.09.1-RELEASE][...]/root: ls -ls /usr/local/etc/pkg/repos
                                        total 4
                                        4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
                                        0 lrwxr-xr-x  1 root wheel 62 Mar 19 21:03 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          stephenw10 Netgate Administrator
                                          last edited by Mar 19, 2025, 8:05 PM

                                          OK check the config file. What branch is it saving there?

                                          Or change the branch then check the config history. You should see it switch from 23.09.1 to 24.11.

                                          N 1 Reply Last reply Mar 19, 2025, 9:09 PM Reply Quote 0
                                          7 out of 34
                                          • First post
                                            7/34
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.