25.03-BETA won't install in SG-2100 (SG-1100 ok)
-
Hi,
I got 25.03-BETA to work in SG-1100 (from 24.11) a couples of days ago with no issues.
Today I got 25.03.b.20250507.1611 and no issues.
Using openvpn-client-export, Service_Watchdog and WireGuard.
All good. Dashboard really really better, thank you for that!
Only curious why I can't see the Stable branch listed anymore.
I assume it is because Stable is not an upgrade anymore but rather a downgrade.
[EDIT: In fact I found OPT at 100Mbps Half Duplex and I can't explain it. I changed it to 1Gbps today.]Tried to do the same in SG-2100 MAX (no hardware modifications) from 24.11 and never works.
It completes the upgrade with success but then never boots with the new version until it falls back to a working boot environment after almost 30min of waiting.
Space is not the problem as it reports 21% throughout the whole process.
I cannot find a single log explaining the event.
As the GUI has been getting slower and slower overtime, there are even steps I can't investigate without a dashboard crash at times. Reason why I really want to upgrade to beta the SG-2100 MAX as well.
I tried by removing all packages in advance: openvpn-client-export, pfBlockerNG, Service_Watchdog.
No joy.
After some attempts it reports Messages ld-elf.so.1: Shared object "libmd.so.7" not found, required by "pfSense-repoc" which I was unable to sanitize with pkg-static upgrade -f -y pfSense-repoc.
Also with pkg-static check -s -a I get a huge list of missing ones.
I assume these are leftovers from the failed attempts as everything is running smoothly nonetheless.My next option would be to look at the console but I would need to find the cable and whatnot...
I can just seat and wait for something new to come out, but I would like to be helpful.
Please let me know if there is anything I could explore to support in case this is of any interest.Thank you all!
-
@robotox 21% free space? That seems low for any install. Try deleting old boot environments.
Though, first see if you can revert to a working 24.11 BE. An upgrade should create one, unless you’re saying it reverts to that.
No, you can’t downgrade without reinstalling.
-
@SteveITS thanks.
I meant 21% Used. Hence, not a problem from what I've experienced with the SG-1100 where I had to clean up quite a bit.Yes, once it fails to boot, after almost 30min, it always falls back to 24.11-RELEASE and goes back on with no issues apart from the normal slowness of pfBlockerNG coming up or Unbound needing a restart some times.
Thank you for your reaction.
-
I would be trying to upgrade at the console. Whatever is causing the boot verification check to fail should show there when it boot's into the new BE.
Do you see am alert when it fails/ Anything beyond just showing that it failed and booted the last good BE?
-
@stephenw10 I just see the bell alert mentioning the environments involved in the fall back process yes.
I guess I will try to find the cable.
Whatever might be breaking might still break in Stable one day...Thanks again.
-
Indeed, I'm not aware of anything in beta that should present like that so it might well apply to any upgrade on that specific device. Somehow.
-
Hi @stephenw10
After many attempts on the SG-2100 MAX I found this in the logs:
WARNING: DTB version is 6.4 while kernel expects 6.8, please update the DTB in the ESPIn the forum I found these:
https://forum.netgate.com/topic/195988/2100-max-upgrade-24-03-to-24-11-failed
https://redmine.pfsense.org/issues/15993
https://forum.netgate.com/topic/197530/sg-2100-max-warning-dtb-version-is-6-4-while-kernel-expects/6But camcontrol devlist shows:
<ATP SATA III M.2 2242 SBFMB1.1> at scbus0 target 0 lun 0 (pass0,ada0)So,
I don't think I have the unsupported NVMe but the normal SATA as I purchased from an official Netgate partner and made no modifications.Can this warning be the reason why boot verification keeps failing and falling back?
Thank you once more.
(SG-1100 is now on 25.07-RC and no issues to report.) -
No unlikely to be related. The dtb error would probably prevent boot entirely or have no effect. And since there are reports of it in 24.11 it's probably the latter.
I would just reinstall clean to 24.11 or 25.07-RC at this point to be honest.
-
@stephenw10 said in 25.03-BETA won't install in SG-2100 (SG-1100 ok):
ean to 24.11 or 25.07-RC at this point to be
Got to the console to check the upgrade at least once before going to the install option for which I got the image ready as well.
As seen in the first pictures it hangs a few minutes in Updating configuration......2025-07-20T17:53:26 but then immediately says Shutdown NOW!
I can't even tell where it fails and goes back to version 24.
Should I just move on and install on top?
Or do you want me to check anything of interest?Thanks again.
-
Hmm well that looks like it successfully upgrades but then fails the boot environmen check at the first boot after that. Hence it reverts to the old 24.11 BE.
It should show an alert in 24.11 confirming that it reverted to a previous BE.
If you check the list of BEs you should see some created for the upgrades that are marked as failed.
It's odd it doesn't show that in the console output though. It could be simply timing out at the first boot if something there is taking a very long time? How large is the config? Or does it have anything unusual that is ripping up the config update script perhaps?
-
I am in the same line of thoughts.
/conf/config.xml in SG-2100 is 377kB with 9360 lines.
/conf/config.xml in SG-1100 is 187kB with 4453 lines.The weirdest thing I have in the SG-2100 is maybe pfBlockerNG and some big Aliases entries (in Firewall Aliases IP, not related with pfBlockerNG). Also a couple of OpenVPN clients.
The thing is that I tried removing all packages and rebooting before an upgrade but didn't do the trick.
Would the config file be instantly shorter once pfBlockerNG is removed and after a reboot?I can check and try by removing the big Aliases.
I can always restore them after from a backup.Thanks again.
-
Disabling pfBlocker leaves most of the config present so you can re-enable it later.
It shouldn't fail on that config. It's big but not that big. So I would look for something unexpected there. It might have some left over cruft in there that is tripping up the new config backend.
Are you able to upload that to us for testing?
-
@stephenw10
Thanks again.
Well it is full of passwords and pre-shared keys and very detailed stuff but I guess we should find the culprit of it somehow.I did find leftovers of lcdproc before, which I cleaned at some point.
That means that part of the config I am using was migrated from a modified WatchGuard I have used in the past.Let me have a look tomorrow.
It's kind of late now in my timezone.
Thanks!
