pfSense 2.8.0 full iso/img

Popolou

@stephenw10 said in pfSense 2.8.0 full iso/img:

No it's not really about metrics. The Net Installer was required for Plus in order to allow direct installs rather than upgrading everything from CE. Having a single installer for both CE and Plus reduces the test load and possibility of bugs significantly.

Which is fine, but i struggle to see why that specifically precludes a parallel release of an ISO for CE for those who require it for their deployments.

jdeloach

@Popolou said in pfSense 2.8.0 full iso/img:

@stephenw10 said in pfSense 2.8.0 full iso/img:

No it's not really about metrics. The Net Installer was required for Plus in order to allow direct installs rather than upgrading everything from CE. Having a single installer for both CE and Plus reduces the test load and possibility of bugs significantly.

Which is fine, but i struggle to see why that specifically precludes a parallel release of an ISO for CE for those who require it for their deployments.

I AGREE.

I'm still using 2.6.x because it just works. I was never able to upgrade to 2.7.x because of issues with FreeBSD that the BSD folks (all flavors) didn't want to continue to fix. Seems pfSense folks keep trying to force people to move to Plus but I'm just waiting to make my move on to a Linux based system that the BSD folks have been recommending for the last few years because of the hole that BSD has dug.

stephenw10

I mean there is an ISO image for the Net Installer. I assume you mean an offline install image?

It adds a bunch of testing for us to have multiple installers.

You can still just use the 2.7.2 legacy image and upgrade though.

stephenw10

@jdeloach said in pfSense 2.8.0 full iso/img:

I was never able to upgrade to 2.7.x because of issues with FreeBSD that the BSD folks (all flavors) didn't want to continue to fix.

What issue was that?

I2e4per

The Installer is not a new thing. I recognized it and also the discussion about it a time ago. Seems it get's now bigger attention as folks want to upgrade to 2.8.0.

So far I was not able to direkt upgrade from 2.7.2 to 2.8.0. I did everything I was supposed to do by the upgrade guide and it fails. badly.
Systemfiles on boot up weren't be found, everything seemed corrupted.
No time to get deep into it -> Had to get online again.

Due to my experiences of the past I had already a stick with 2.7.2 and last config.xml prepared for this case and I got back to 2.7.2 very quickly.

I pulled the net installer (v1.0-rc) and prep'd a second stick.
Tried to configure WAN interface (PPPoE with VLAN) during installation. Device wasn't able to connect to my isp!
Double checked user and password and all settings etc... seemed still fine.

Terminated the process and tested my net installer stick inside vm environment. It took more than an hour to install. Machine was Intel Ultra 265 (new Hardware), so that couldn't be an issue, but stick worked fine.

Again tried it afterwards on my life box.... and again no ISP connection.

Got an old Dell R210 Box and managed to get WAN connection by using the net installer usb stick.
The only difference was, that this box only had the WAN interface physically connected and no other interface.

Now I tested this exact behavior on my life box (Intel N100). As soon as I had only the WAN interface physically connected, it managed to connect to the ISP and installed 2.8.0 from scratch.

I conclude there might be an issue with having more interfaces physically connected and having to use vlan on ISP side while trying to connect to isp for the first time.

Afterwards it took roughly 30 mins to pull all packets and install them and the box was unconfigured. ISP Data on WAN and LAN Interface basic settings chosen before in the net installer were gone again...

Did a basic configuration, loaded the config.xml and got back online.

All of that took me almost 2 days on national holiday in my country.
Having had a simple iso would have actively saved a lot of time so please take this story into consideration.

Thank you

slu

I'm not happy with the net installer and would prefer an offline installation.
If I make a typo in the PPPoE data, my ISP will block me for 24 hours in the worst case.

pppfsense

@slu
Yep. Time to move to opnsense.

KOM

@pppfsense While the enshitification of pfSense CE has been pretty clear for awhile now, moving to OPNsense has its own struggles. If you do move, prepare yourself for monthly breaking changes. I prefer stability over shiny new things so I stay (for now), warts & all.

netblues

@slu Time to change ISP.

netblues

@pppfsense Good Luck with that. What shines isn't always gold.

slu

@pppfsense said in pfSense 2.8.0 full iso/img:

Yep. Time to move to opnsense.

For sure not, I'm very happy with pfSense since over 14 years now.

@netblues said in pfSense 2.8.0 full iso/img:

Time to change ISP.

Well, ISP with fiber connection in my area one of one.

pppfsense

@KOM
It was pfsense the one that taught me to be cautious and ready to reinstall from scratch after most of the previous versions borked the upgrade and thus the system:

-Don't update automatically or right away.
-Check change logs of the updates.
-TEST the updates on a non-essential system with similar configuration.

But the best part is that opnsense did implement zfs boot environments!
(I implemented this myself in pfsense, but only command line.
Netgate can easily add this feature to CE, but they will not, on purpose).

So, simply use their zfs boot environments gui and revert to any previous boot snapshot!

But it will all be clear in the coming years with the CE release cycle and the decisions/direction that Netgate takes, right?

ryan87

@stephenw10 said in pfSense 2.8.0 full iso/img:

I mean there is an ISO image for the Net Installer. I assume you mean an offline install image?

It adds a bunch of testing for us to have multiple installers.

You can still just use the 2.7.2 legacy image and upgrade though.

That's not a great solution for us. We have a bunch of legacy APU2 devices that are going to need to be upgraded and the second 2.8.0 upgrade I tried obliterated the FW I was upgrading.

With 2.7.2 and earlier, our recovery plan would be someone going on-site, installing 2.7.2, and restoring a backup. That worked great because we have our own backup system where we can drop the config on a USB and have a system restored in ~5m.

Now, we're going to have to endure an upgrade that, after uninstalling and re-installing packages as recommended, is going to take 15-30m and may or may not work. Or the other option is to waste time with the online installer where we need to have the WAN settings documented and entered by hand.

So recovery from a failed update has gone from a simple process to a convoluted mess and changed from being something that we can deal with quickly to something that's an embarrassment for us while we sit on site with downtime that's far worse than it used to be.

All of our new installs are official Netgate devices now, but I still have ~125 APU2s to deal with. The online installer is a pain for all devices.

For our use, the online installer is an objectively worse experience. I personally hate it. I'm already getting pressured to switch to Ubiquiti FWs and now I'm going to have to explain how our current solution just got worse. How do I keep pitching pfSense? I'm so frustrated by this.

nazar-pc

I'm sure there are reasons behind such moves, but I can't think of any that are beneficial for the pfSense CE community.

For example, I can't download now because apparently Netgate store is banned (incorrectly mind you, had no idea that this was the case) in my region, even though I didn't mean to buy it, only to download an ISO of supposedly Open Source project, which apparently no longer exists.

So I can't really run a script to build it from source, I can't download a prebuilt ISO either. Does it improve my confidence in pfSense CE? Not really.

In fact I'd be happy to pay some amount for CE that use use for personal purposes, but not for Plus that can be pulled from under me at any time (I remember community was encouraged to upgrade for free not so long ago, but then apparently was left without clear downgrade path).

Please seriously reconsider your relationship with Open Source community, it could use some improvement.

UPD: I was just thinking about reinstalling my VM to switch from BIOS to UEFI. But since Internet comes from that VM, I can't really do that without offline installer (let alone I'm unable to download even online installer now). I could install 2.7.2 first, but then backup from 2.8.0 will likely cause problems. You cause so much frustration for me now

ryan87

I can't edit my post anymore, but I spent a few hours trying to reproduce my upgrade failure and couldn't. Based on what I tested, I had a hardware failure during the update since a reload / restore of 2.7.2 didn't help (WAN was flapping up and down every second). So, to be clear, the issue I had didn't have anything to do with the update to 2.8.0.

Patch

@nazar-pc said in pfSense 2.8.0 full iso/img:

I'm sure there are reasons behind such moves, but I can't think of any that are beneficial for the pfSense CE community.
…
I can't really do that without offline installer … so much frustration for me now

You are dreaming if you think Netgate are going to provide an offline installer for their free but not paid version. I agree an online installer is more convenient however it makes no business sense for Netgate to make using their free version a better experience than their paid version.

If there is any chance of improving the CE experience it will have to be at least as good with the plus version.

I suspect it comes down to Netgate having an enforceable mechanism of pfsense run time use. Imo probably best done by requiring regular run time license validation, with failure resulting in staged reversion to CE, with generous warning. Doing so would enable transfer of plus license to different hardware and offline plus installation.

Vetal

@stephenw10

Upgrade is not the same as clean install

uname -r
15.0-CURRENT

awk '/__FreeBSD_version/ {print $3}' /usr/include/sys/param.h
numbers
is
'/^\#define[[:space:]]*__FreeBSD_version/

1400094

Clean upgrade from 2.7.2

I am porting zerotier to pfSense and this marketing with online installer stinks bad.

stephenw10

Hmm, not sure what you're showing here?

The upgrade from 2.7.2 uses the same pkg repos the Net Installer does.

quantum007

The move to a unified installer I can understand a bit, but the lack of offline install support is a bad move by Netgate. With this single decision Netgate has chosen to almost completely eliminate themselves as a option for every non-internet connected, high security, or classified system around the globe. I highly suggest Netgate reconsider releasing offline install packages.

dark.baritone

Just noticed this after posting here

@dark-baritone said in Internet Connection Required On New Installations:

Re: Mandatory internet connection on new pfSense installer

@stephenw10 advantages for whom?

It's completely nonsensical for router firmware to require an internet connection. What if I want to setup VPNs before I make any outbound network connections? What if my internet hasn't been installed yet and I want to setup my internal network while I'm waiting? What if my ISP requires some advanced configuration in order for me to connect? What if I need to assign a specific MAC address in order to connect?

There are myriad different reasons why we wouldn't want to install with internet access.

If you want to give someone the OPTION of checking for the latest update before installing, that's absolutely fine.

Literally every Linux distribution works like this. There is no reason that pfSense can't do it.

The old (correct) images are available here but the new 2.8 version is not there. When are those going to be added to the list?