Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    24.11 upgrade to 25.07 - LAN connectivity issues

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    12 Posts 2 Posters 178 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      RandomVMTeam
      last edited by

      PFsense gateway running 24.11 on a lab license install.

      After upgrading to 25.07 I am experiencing issues connecting to devices on my LAN network..
      WAN network remains intact and working handling VPN connections.

      the LAN network clients receive a "Request timeout for icmp_seq 0" when trying to ping the pfsense gateway.. When trying to ping the same client from the pfsense gateway shell, results in a ping response of "ping: sendto: Invalid argument".
      further debugging on the pfsense gateway via tcpdump filtering on "arp and icmp", shows the gateway receiving pings and arp's. The arp messages have a strange response, with something like "ARP request "who-has" with a reply is-at (oui Unknown)."

      I eventually had to rollback to the previous boot image of 24.11 to get the system to start.
      I tried upgrading all packages , and then upgrading again, but encounter the same issue. no LAN connectivity only.

      Anyone else seeing anything similar?

      1 Reply Last reply Reply Quote 0
      • R Offline
        RandomVMTeam
        last edited by

        PFsense gateway running 24.11 on a lab license install.

        I have upgraded this setup for many years without issue. After upgrading to 25.07 I am experiencing issues connecting to devices on my LAN network..

        WAN network remains intact and working without issue handling VPN connections.

        LAN network clients receive a "Request timeout for icmp_seq 0" when trying to ping the pfsense gateway.. When trying to ping the same client from the pfsense gateway shell, results in a ping response of "ping: sendto: Invalid argument".

        further debugging on the pfsense gateway via tcpdump filtering on "arp and icmp", shows the gateway receiving pings and arp's. The arp messages have a strange response, with something like "ARP request "who-has" with a reply is-at (oui Unknown)."

        I eventually had to rollback to the previous boot image of 24.11 to get the system to start.
        I tried upgrading all packages , and then upgrading again, but encounter the same issue. no LAN connectivity only.

        Anyone else seeing anything similar?

        Upgrade log

        >>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 5 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries:
Processing entries............. done
pfSense repository update completed. 733 packages processed.
All repositories are up to date.
>>> Renaming current boot environment from auto-default-20231209093016_20250805121504_20250805123608 to auto-default-20231209093016_20250805121504_20250805123608_20250805180338...done.
>>> Cloning current boot environment auto-default-20231209093016_20250805121504_20250805123608_20250805180338...done.
>>> Removing vital flag from php83...done.
>>> Downloading Netgate Nexus...
The following packages will be fetched:

New packages to be FETCHED:
	pfSense-pkg-Nexus: 25.07 (43 MiB: 100.00% of the 43 MiB to download)

Number of packages to be fetched: 1

The process will require 43 MiB more space.
43 MiB to be downloaded.
Fetching pfSense-pkg-Nexus-25.07.pkg: .......... done
>>> Upgrading packages in cloned boot environment auto-default-20231209093016_20250805121504_20250805123608...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (75 candidates): .......... done
Processing candidates (75 candidates): .......... done
The following 76 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	if_pppoe-kmod: 25.07.1500029 [pfSense]

Installed packages to be UPGRADED:
	bind-tools: 9.20.2 -> 9.20.6 [pfSense]
	boost-libs: 1.85.0 -> 1.86.0 [pfSense]
	bwi-firmware-kmod: 3.130.20 -> 3.130.20.1500029 [pfSense]
	ca_root_nss: 3.104 -> 3.104_1 [pfSense]
	cpu-microcode-amd: 20240810 -> 20241121 [pfSense]
	cpu-microcode-intel: 20240910 -> 20250211 [pfSense]
	dhcpcd: 10.1.0 -> 10.2.0 [pfSense]
	dnsmasq: 2.90_2,1 -> 2.90_4,1 [pfSense]
	glib: 2.80.5,2 -> 2.80.5_1,2 [pfSense]
	groff: 1.23.0_3 -> 1.23.0_4 [pfSense]
	harfbuzz: 10.0.1 -> 10.1.0 [pfSense]
	kea: 2.6.1_1 -> 2.6.2 [pfSense]
	libfido2: 1.15.0 -> 1.15.0_1 [pfSense]
	libnghttp2: 1.63.0 -> 1.64.0 [pfSense]
	libpfctl: 0.13 -> 0.15 [pfSense]
	libssh2: 1.11.0_1,3 -> 1.11.1,3 [pfSense]
	libuv: 1.49.1 -> 1.49.2 [pfSense]
	lsof: 4.99.3_2,8 -> 4.99.4,8 [pfSense]
	luajit-openresty: 2.1.20240815 -> 2.1.20241104 [pfSense]
	miniupnpd: 2.3.7,1 -> 2.3.7_1,1 [pfSense]
	nginx: 1.26.2_6,3 -> 1.26.3,3 [pfSense]
	ntp: 4.2.8p18_1 -> 4.2.8p18_5 [pfSense]
	openldap26-client: 2.6.8 -> 2.6.9 [pfSense]
	opensc: 0.25.1 -> 0.26.0 [pfSense]
	openvpn: 2.6.12 -> 2.6.14 [pfSense]
	pciids: 20240920 -> 20241024 [pfSense]
	pfSense: 24.11 -> 25.07 [pfSense]
	pfSense-base: 24.11 -> 25.07 [pfSense-core]
	pfSense-boot: 24.11 -> 25.07 [pfSense-core]
	pfSense-composer-deps: 0.1 -> 0.3 [pfSense]
	pfSense-default-config: 24.11 -> 25.07 [pfSense]
	pfSense-kernel-pfSense: 24.11 -> 25.07 [pfSense-core]
	pfSense-repo: 24.11 -> 25.07 [pfSense]
	pftop: 0.10_1 -> 0.13 [pfSense]
	php83-bcmath: 8.3.12 -> 8.3.19 [pfSense]
	php83-bz2: 8.3.12 -> 8.3.19 [pfSense]
	php83-ctype: 8.3.12 -> 8.3.19 [pfSense]
	php83-curl: 8.3.12 -> 8.3.19 [pfSense]
	php83-dom: 8.3.12 -> 8.3.19 [pfSense]
	php83-filter: 8.3.12 -> 8.3.19 [pfSense]
	php83-ftp: 8.3.12 -> 8.3.19 [pfSense]
	php83-gettext: 8.3.12 -> 8.3.19 [pfSense]
	php83-gmp: 8.3.12 -> 8.3.19 [pfSense]
	php83-ldap: 8.3.12 -> 8.3.19 [pfSense]
	php83-mbstring: 8.3.12 -> 8.3.19 [pfSense]
	php83-opcache: 8.3.12 -> 8.3.19 [pfSense]
	php83-pcntl: 8.3.12 -> 8.3.19 [pfSense]
	php83-pdo: 8.3.12 -> 8.3.19 [pfSense]
	php83-pdo_sqlite: 8.3.12 -> 8.3.19 [pfSense]
	php83-pfSense-module: 0.99 -> 0.105 [pfSense]
	php83-posix: 8.3.12 -> 8.3.19 [pfSense]
	php83-readline: 8.3.12 -> 8.3.19 [pfSense]
	php83-session: 8.3.12 -> 8.3.19 [pfSense]
	php83-shmop: 8.3.12 -> 8.3.19 [pfSense]
	php83-simplexml: 8.3.12 -> 8.3.19 [pfSense]
	php83-sockets: 8.3.12 -> 8.3.19 [pfSense]
	php83-sqlite3: 8.3.12 -> 8.3.19 [pfSense]
	php83-sysvmsg: 8.3.12 -> 8.3.19 [pfSense]
	php83-sysvsem: 8.3.12 -> 8.3.19 [pfSense]
	php83-sysvshm: 8.3.12 -> 8.3.19 [pfSense]
	php83-tokenizer: 8.3.12 -> 8.3.19 [pfSense]
	php83-xml: 8.3.12 -> 8.3.19 [pfSense]
	php83-xmlreader: 8.3.12 -> 8.3.19 [pfSense]
	php83-xmlwriter: 8.3.12 -> 8.3.19 [pfSense]
	php83-zlib: 8.3.12 -> 8.3.19 [pfSense]
	protobuf: 28.2,1 -> 28.3,1 [pfSense]
	protobuf-c: 1.4.1_6 -> 1.4.1_7 [pfSense]
	py311-libzfs: 1.1.2023020700_2 -> 1.1.2023020700_3 [pfSense]
	py311-packaging: 24.1 -> 24.2 [pfSense]
	radvd: 2.19_4 -> 2.20 [pfSense]
	socat: 1.8.0.1 -> 1.8.0.2 [pfSense]
	telegraf: 1.32.1 -> 1.33.0 [pfSense]
	unbound: 1.22.0 -> 1.23.0 [pfSense]
	vim: 9.1.0764 -> 9.1.0915 [pfSense]
	xxd: 9.1.0764 -> 9.1.0915 [pfSense]

Number of packages to be installed: 1
Number of packages to be upgraded: 75

The operation will free 13 MiB.
339 MiB to be downloaded.
[1/76] Fetching unbound-1.23.0.pkg: .......... done
[2/76] Fetching nginx-1.26.3,3.pkg: .......... done
[3/76] Fetching php83-filter-8.3.19.pkg: .. done
[4/76] Fetching php83-pdo_sqlite-8.3.19.pkg: .. done
[5/76] Fetching pciids-20241024.pkg: .......... done
[6/76] Fetching groff-1.23.0_4.pkg: .......... done
[7/76] Fetching libuv-1.49.2.pkg: .......... done
[8/76] Fetching cpu-microcode-amd-20241121.pkg: .......... done
[9/76] Fetching php83-ldap-8.3.19.pkg: ... done
[10/76] Fetching libnghttp2-1.64.0.pkg: .......... done
[11/76] Fetching dnsmasq-2.90_4,1.pkg: .......... done
[12/76] Fetching php83-simplexml-8.3.19.pkg: .. done
[13/76] Fetching php83-bz2-8.3.19.pkg: . done
[14/76] Fetching php83-sockets-8.3.19.pkg: .... done
[15/76] Fetching if_pppoe-kmod-25.07.1500029.pkg: ... done
[16/76] Fetching php83-pfSense-module-0.105.pkg: ... done
[17/76] Fetching opensc-0.26.0.pkg: .......... done
[18/76] Fetching protobuf-c-1.4.1_7.pkg: ....... done
[19/76] Fetching php83-pcntl-8.3.19.pkg: .. done
[20/76] Fetching php83-xmlreader-8.3.19.pkg: .. done
[21/76] Fetching php83-sqlite3-8.3.19.pkg: .. done
[22/76] Fetching pfSense-repo-25.07.pkg: . done
[23/76] Fetching php83-session-8.3.19.pkg: ... done
[24/76] Fetching pfSense-composer-deps-0.3.pkg: .......... done
[25/76] Fetching php83-zlib-8.3.19.pkg: .. done
[26/76] Fetching pfSense-kernel-pfSense-25.07.pkg: .......... done
[27/76] Fetching libpfctl-0.15.pkg: ... done
[28/76] Fetching lsof-4.99.4,8.pkg: ........ done
[29/76] Fetching php83-dom-8.3.19.pkg: ...... done
[30/76] Fetching php83-sysvmsg-8.3.19.pkg: . done
[31/76] Fetching protobuf-28.3,1.pkg: .......... done
[32/76] Fetching glib-2.80.5_1,2.pkg: .......... done
[33/76] Fetching php83-shmop-8.3.19.pkg: . done
[34/76] Fetching cpu-microcode-intel-20250211.pkg: .......... done
[35/76] Fetching libssh2-1.11.1,3.pkg: .......... done
[36/76] Fetching php83-bcmath-8.3.19.pkg: .. done
[37/76] Fetching pfSense-base-25.07.pkg: .......... done
[38/76] Fetching php83-curl-8.3.19.pkg: .... done
[39/76] Fetching boost-libs-1.86.0.pkg: .......... done
[40/76] Fetching php83-gmp-8.3.19.pkg: .. done
[41/76] Fetching vim-9.1.0915.pkg: .......... done
[42/76] Fetching openvpn-2.6.14.pkg: .......... done
[43/76] Fetching php83-xmlwriter-8.3.19.pkg: . done
[44/76] Fetching pfSense-default-config-25.07.pkg: . done
[45/76] Fetching bind-tools-9.20.6.pkg: .......... done
[46/76] Fetching py311-packaging-24.2.pkg: .......... done
[47/76] Fetching php83-pdo-8.3.19.pkg: .... done
[48/76] Fetching php83-ftp-8.3.19.pkg: ... done
[49/76] Fetching pfSense-25.07.pkg: .......... done
[50/76] Fetching radvd-2.20.pkg: ..... done
[51/76] Fetching ntp-4.2.8p18_5.pkg: .......... done
[52/76] Fetching php83-opcache-8.3.19.pkg: .......... done
[53/76] Fetching php83-sysvshm-8.3.19.pkg: . done
[54/76] Fetching php83-posix-8.3.19.pkg: .. done
[55/76] Fetching libfido2-1.15.0_1.pkg: .......... done
[56/76] Fetching pfSense-boot-25.07.pkg: .......... done
[57/76] Fetching php83-readline-8.3.19.pkg: . done
[58/76] Fetching harfbuzz-10.1.0.pkg: .......... done
[59/76] Fetching miniupnpd-2.3.7_1,1.pkg: ...... done
[60/76] Fetching ca_root_nss-3.104_1.pkg: .......... done
[61/76] Fetching kea-2.6.2.pkg: .......... done
[62/76] Fetching dhcpcd-10.2.0.pkg: .......... done
[63/76] Fetching php83-mbstring-8.3.19.pkg: .......... done
[64/76] Fetching php83-gettext-8.3.19.pkg: . done
[65/76] Fetching telegraf-1.33.0.pkg: .......... done
[66/76] Fetching socat-1.8.0.2.pkg: .......... done
[67/76] Fetching php83-ctype-8.3.19.pkg: . done
[68/76] Fetching php83-tokenizer-8.3.19.pkg: . done
[69/76] Fetching bwi-firmware-kmod-3.130.20.1500029.pkg: ... done
[70/76] Fetching xxd-9.1.0915.pkg: .. done
[71/76] Fetching php83-xml-8.3.19.pkg: .. done
[72/76] Fetching openldap26-client-2.6.9.pkg: .......... done
[73/76] Fetching luajit-openresty-2.1.20241104.pkg: .......... done
[74/76] Fetching pftop-0.13.pkg: ..... done
[75/76] Fetching php83-sysvsem-8.3.19.pkg: . done
[76/76] Fetching py311-libzfs-1.1.2023020700_3.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/76] Upgrading php83-zlib from 8.3.12 to 8.3.19...
[1/76] Extracting php83-zlib-8.3.19: ........ done
[2/76] Upgrading py311-packaging from 24.1 to 24.2...
[2/76] Extracting py311-packaging-24.2: .......... done
[3/76] Upgrading php83-xml from 8.3.12 to 8.3.19...
[3/76] Extracting php83-xml-8.3.19: ......... done
[4/76] Upgrading libnghttp2 from 1.63.0 to 1.64.0...
[4/76] Extracting libnghttp2-1.64.0: .......... done
[5/76] Upgrading glib from 2.80.5,2 to 2.80.5_1,2...
[5/76] Extracting glib-2.80.5_1,2: .......... done
[6/76] Upgrading libssh2 from 1.11.0_1,3 to 1.11.1,3...
[6/76] Extracting libssh2-1.11.1,3: .......... done
[7/76] Upgrading luajit-openresty from 2.1.20240815 to 2.1.20241104...
[7/76] Extracting luajit-openresty-2.1.20241104: .......... done
[8/76] Upgrading unbound from 1.22.0 to 1.23.0...
===> Creating groups
Using existing group 'unbound'
===> Creating users
Using existing user 'unbound'
[8/76] Extracting unbound-1.23.0: .......... done
[9/76] Upgrading protobuf from 28.2,1 to 28.3,1...
[9/76] Extracting protobuf-28.3,1: .......... done
[10/76] Upgrading libuv from 1.49.1 to 1.49.2...
[10/76] Extracting libuv-1.49.2: .......... done
[11/76] Upgrading cpu-microcode-amd from 20240810 to 20241121...
[11/76] Extracting cpu-microcode-amd-20241121: ......... done
[12/76] Upgrading protobuf-c from 1.4.1_6 to 1.4.1_7...
[12/76] Extracting protobuf-c-1.4.1_7: .......... done
[13/76] Upgrading libpfctl from 0.13 to 0.15...
[13/76] Extracting libpfctl-0.15: ...... done
[14/76] Upgrading php83-dom from 8.3.12 to 8.3.19...
[14/76] Extracting php83-dom-8.3.19: .......... done
[15/76] Upgrading cpu-microcode-intel from 20240910 to 20250211...
[15/76] Extracting cpu-microcode-intel-20250211: .......... done
[16/76] Upgrading php83-bcmath from 8.3.12 to 8.3.19...
[16/76] Extracting php83-bcmath-8.3.19: .......... done
[17/76] Upgrading php83-curl from 8.3.12 to 8.3.19...
[17/76] Extracting php83-curl-8.3.19: .......... done
[18/76] Upgrading boost-libs from 1.85.0 to 1.86.0...
[18/76] Extracting boost-libs-1.86.0: .......... done
[19/76] Upgrading php83-pdo from 8.3.12 to 8.3.19...
[19/76] Extracting php83-pdo-8.3.19: .......... done
[20/76] Upgrading openldap26-client from 2.6.8 to 2.6.9...
[20/76] Extracting openldap26-client-2.6.9: .......... done
[21/76] Upgrading nginx from 1.26.2_6,3 to 1.26.3,3...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[21/76] Extracting nginx-1.26.3,3: .......... done
[22/76] Upgrading php83-filter from 8.3.12 to 8.3.19...
[22/76] Extracting php83-filter-8.3.19: ......... done
[23/76] Upgrading php83-pdo_sqlite from 8.3.12 to 8.3.19...
[23/76] Extracting php83-pdo_sqlite-8.3.19: ......... done
[24/76] Upgrading php83-ldap from 8.3.12 to 8.3.19...
[24/76] Extracting php83-ldap-8.3.19: ........ done
[25/76] Upgrading dnsmasq from 2.90_2,1 to 2.90_4,1...
[25/76] Extracting dnsmasq-2.90_4,1: .......... done
[26/76] Upgrading php83-simplexml from 8.3.12 to 8.3.19...
[26/76] Extracting php83-simplexml-8.3.19: ......... done
[27/76] Upgrading php83-bz2 from 8.3.12 to 8.3.19...
[27/76] Extracting php83-bz2-8.3.19: ........ done
[28/76] Upgrading php83-sockets from 8.3.12 to 8.3.19...
[28/76] Extracting php83-sockets-8.3.19: .......... done
[29/76] Installing if_pppoe-kmod-25.07.1500029...
[29/76] Extracting if_pppoe-kmod-25.07.1500029: .. done
[30/76] Upgrading php83-pfSense-module from 0.99 to 0.105...
[30/76] Extracting php83-pfSense-module-0.105: ....... done
[31/76] Upgrading opensc from 0.25.1 to 0.26.0...
[31/76] Extracting opensc-0.26.0: .......... done
[32/76] Upgrading php83-pcntl from 8.3.12 to 8.3.19...
[32/76] Extracting php83-pcntl-8.3.19: ......... done
[33/76] Upgrading php83-xmlreader from 8.3.12 to 8.3.19...
[33/76] Extracting php83-xmlreader-8.3.19: ........ done
[34/76] Upgrading php83-sqlite3 from 8.3.12 to 8.3.19...
[34/76] Extracting php83-sqlite3-8.3.19: ......... done
[35/76] Upgrading pfSense-repo from 24.11 to 25.07...
[35/76] Extracting pfSense-repo-25.07: .......... done
[36/76] Upgrading php83-session from 8.3.12 to 8.3.19...
[36/76] Extracting php83-session-8.3.19: .......... done
[37/76] Upgrading pfSense-composer-deps from 0.1 to 0.3...
[37/76] Extracting pfSense-composer-deps-0.3: .......... done
[38/76] Upgrading php83-sysvmsg from 8.3.12 to 8.3.19...
[38/76] Extracting php83-sysvmsg-8.3.19: ........ done
[39/76] Upgrading php83-shmop from 8.3.12 to 8.3.19...
[39/76] Extracting php83-shmop-8.3.19: ........ done
[40/76] Upgrading php83-gmp from 8.3.12 to 8.3.19...
[40/76] Extracting php83-gmp-8.3.19: ......... done
[41/76] Upgrading openvpn from 2.6.12 to 2.6.14...
===> Creating groups
Using existing group 'openvpn'
===> Creating users
Using existing user 'openvpn'
[41/76] Extracting openvpn-2.6.14: .......... done
[42/76] Upgrading php83-xmlwriter from 8.3.12 to 8.3.19...
[42/76] Extracting php83-xmlwriter-8.3.19: ........ done
[43/76] Upgrading bind-tools from 9.20.2 to 9.20.6...
[43/76] Extracting bind-tools-9.20.6: .......... done
[44/76] Upgrading radvd from 2.19_4 to 2.20...
[44/76] Extracting radvd-2.20: .......... done
[45/76] Upgrading ntp from 4.2.8p18_1 to 4.2.8p18_5...
[45/76] Extracting ntp-4.2.8p18_5: .......... done
[46/76] Upgrading php83-opcache from 8.3.12 to 8.3.19...
[46/76] Extracting php83-opcache-8.3.19: .......... done
[47/76] Upgrading php83-sysvshm from 8.3.12 to 8.3.19...
[47/76] Extracting php83-sysvshm-8.3.19: ........ done
[48/76] Upgrading php83-posix from 8.3.12 to 8.3.19...
[48/76] Extracting php83-posix-8.3.19: ........ done
[49/76] Upgrading pfSense-boot from 24.11 to 25.07...
[49/76] Extracting pfSense-boot-25.07: .......... done
[50/76] Upgrading php83-readline from 8.3.12 to 8.3.19...
[50/76] Extracting php83-readline-8.3.19: ......... done
[51/76] Upgrading miniupnpd from 2.3.7,1 to 2.3.7_1,1...
[51/76] Extracting miniupnpd-2.3.7_1,1: ....... done
[52/76] Upgrading ca_root_nss from 3.104 to 3.104_1...
[52/76] Extracting ca_root_nss-3.104_1: ....... done
[53/76] Upgrading kea from 2.6.1_1 to 2.6.2...
[53/76] Extracting kea-2.6.2: .......... done
[54/76] Upgrading dhcpcd from 10.1.0 to 10.2.0...
[54/76] Extracting dhcpcd-10.2.0: .......... done
[55/76] Upgrading php83-mbstring from 8.3.12 to 8.3.19...
[55/76] Extracting php83-mbstring-8.3.19: .......... done
[56/76] Upgrading php83-gettext from 8.3.12 to 8.3.19...
[56/76] Extracting php83-gettext-8.3.19: ........ done
[57/76] Upgrading php83-ctype from 8.3.12 to 8.3.19...
[57/76] Extracting php83-ctype-8.3.19: ........ done
[58/76] Upgrading php83-tokenizer from 8.3.12 to 8.3.19...
[58/76] Extracting php83-tokenizer-8.3.19: ......... done
[59/76] Upgrading bwi-firmware-kmod from 3.130.20 to 3.130.20.1500029...
[59/76] Extracting bwi-firmware-kmod-3.130.20.1500029: . done
[60/76] Upgrading xxd from 9.1.0764 to 9.1.0915...
[60/76] Extracting xxd-9.1.0915: ..... done
[61/76] Upgrading pftop from 0.10_1 to 0.13...
[61/76] Extracting pftop-0.13: ..... done
[62/76] Upgrading php83-sysvsem from 8.3.12 to 8.3.19...
[62/76] Extracting php83-sysvsem-8.3.19: ........ done
[63/76] Upgrading py311-libzfs from 1.1.2023020700_2 to 1.1.2023020700_3...
[63/76] Extracting py311-libzfs-1.1.2023020700_3: ........ done
[64/76] Upgrading pciids from 20240920 to 20241024...
[64/76] Extracting pciids-20241024: ..... done
[65/76] Upgrading groff from 1.23.0_3 to 1.23.0_4...
[65/76] Extracting groff-1.23.0_4: .......... done
[66/76] Upgrading pfSense-kernel-pfSense from 24.11 to 25.07...
[66/76] Extracting pfSense-kernel-pfSense-25.07: .......... done
[67/76] Upgrading lsof from 4.99.3_2,8 to 4.99.4,8...
[67/76] Extracting lsof-4.99.4,8: .......... done
[68/76] Upgrading pfSense-base from 24.11 to 25.07...
[68/76] Extracting pfSense-base-25.07: ... done
===> Keeping a copy of current version mtree
===> Removing schg flag from base files
===> Extracting new base tarball
===> Removing static obsoleted files
[69/76] Upgrading vim from 9.1.0764 to 9.1.0915...
[69/76] Extracting vim-9.1.0915: .......... done
[70/76] Upgrading pfSense-default-config from 24.11 to 25.07...
[70/76] Extracting pfSense-default-config-25.07: .... done
[71/76] Upgrading php83-ftp from 8.3.12 to 8.3.19...
[71/76] Extracting php83-ftp-8.3.19: ......... done
[72/76] Upgrading pfSense from 24.11 to 25.07...
[72/76] Extracting pfSense-25.07: .......... done
[73/76] Upgrading libfido2 from 1.15.0 to 1.15.0_1...
[73/76] Extracting libfido2-1.15.0_1: .......... done
[74/76] Upgrading harfbuzz from 10.0.1 to 10.1.0...
[74/76] Extracting harfbuzz-10.1.0: .......... done
[75/76] Upgrading telegraf from 1.32.1 to 1.33.0...
===> Creating groups
Using existing group 'telegraf'
===> Creating users
Using existing user 'telegraf'
[75/76] Extracting telegraf-1.33.0: ...... done
[76/76] Upgrading socat from 1.8.0.1 to 1.8.0.2...
[76/76] Extracting socat-1.8.0.2: ......... done
==> Running trigger: glib-schemas.ucl
Compiling glib schemas
No schema files found: doing nothing.
==> Running trigger: gio-modules.ucl
Generating GIO modules cache
=====
Message from dnsmasq-2.90_4,1:

--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]

Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq

SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
=====
Message from openvpn-2.6.14:

--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
You may need to manually remove /usr/local/etc/kea/kea-dhcp4.conf if it is no longer needed.
=====
Message from py311-libzfs-1.1.2023020700_3:

--
===>   NOTICE:

The py311-libzfs port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://docs.freebsd.org/en/articles/contributing/#ports-contributing
=====
Message from groff-1.23.0_4:

--
===>   NOTICE:

The groff port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://docs.freebsd.org/en/articles/contributing/#ports-contributing
>>> Installing Netgate Nexus...
Checking integrity... done (1 conflicting)
  - pfSense-pkg-Nexus-25.07 [pfSense] conflicts with pfSense-mim-24.11_1 [installed] on /usr/local/bin/controller-ctl
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
	pfSense-mim: 24.11_1

New packages to be INSTALLED:
	pfSense-pkg-Nexus: 25.07 [pfSense]

Number of packages to be removed: 1
Number of packages to be installed: 1

The process will require 10 MiB more space.
[1/2] Deinstalling pfSense-mim-24.11_1...
[1/2] Deleting files for pfSense-mim-24.11_1: .......... done
[2/2] Installing pfSense-pkg-Nexus-25.07...
[2/2] Extracting pfSense-pkg-Nexus-25.07: .......... done
>>> Removing unnecessary packages...done.
>>> Cleanup pkg cache...done.
>>> Deferring package installation scripts...done.
>>> Upgrading boot code...
System Configuration

Architecture: amd64
Boot Devices: /dev/nda0
 Boot Method: uefi
  Filesystem: zfs
    Platform: unknown hardware


Updating boot code...

/usr/local/sbin/../libexec/install-boot.sh -b auto -d /tmp/be_mount.JwyF -f zfs -s gpt -u nda0
gpart bootcode -b /tmp/be_mount.JwyF/boot/pmbr -p /tmp/be_mount.JwyF/boot/gptzfsboot -i 2 nda0
partcode written to nda0p2
bootcode written to nda0
ESP /dev/nda0p1 mounted on /tmp/stand-test.9QCSMG
202056KB space remaining on ESP: renaming old bootx64.efi file /efi/boot/bootx64.efi /efi/boot/bootx64-old.efi
202056KB space remaining on ESP: renaming old loader.efi file /etc/freebsd/loader.efi /etc/freebsd/loader-old.efi
Copying loader.efi to /EFI/freebsd on ESP
Existing UEFI FreeBSD boot entry found: not creating a new one
Copying bootx64.efi to /efi/boot on ESP
Unmounting and cleaning up temporary mount point
Finished updating ESP

Done.
>>> Copying upgrade log...done.
>>> Unmounting upgraded boot environment...done.
>>> Activating auto-default-20231209093016_20250805121504_20250805123608 for the next boot only...done.
        stephenw10S 1 Reply Last reply Reply Quote 0
        • R Offline
          RandomVMTeam
          last edited by

          temporarily disabling the firewall via pfctl -d does not result in successful ping .
          so I suspect route related however routes look correct and identical to working setup I have next to it.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator @RandomVMTeam
            last edited by

            @RandomVMTeam said in 24.11 upgrade to 25.07 - LAN connectivity issues:

            further debugging on the pfsense gateway via tcpdump filtering on "arp and icmp", shows the gateway receiving pings and arp's.

            By gateway there you mean the pfSense LAN interface address that clients are using as their gateway?

            So clients are losing the ARP entries for the pfSense LAN. The pcap shows them ARPing for it but no replies?

            R 1 Reply Last reply Reply Quote 0
            • R Offline
              RandomVMTeam @stephenw10
              last edited by

              @stephenw10 yes, as the client continuously gets a timeout..
              PFsense Gateway has a WAN interface
              and its also the Gateway for the LAN interface..
              so all clients on the network talk to PFsense for DHCP, DNS, etc..

              I have DHCP static mapping with static ARP configured in the KEA DHCP server, i dont know if thats playing a part.
              I can try another upgrade disabling them if thats recommended.

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Ah OK.

                Normally you should not have a gateway on the pfSense LAN. You would only need a gateway there if you're routing to some downstream router in the LAN subnet.
                Additionally if you have added that on the LAN directly you'll get auto outbound NAT rules applied to it which you usually wouldn't want.

                Using Static ARP entries is almost always a bad idea. It's probably not the cause of the issue here but it's preventing you see the problem. Likely something has changed address or there is a conflict but instead of ARPing it;'s just sending to the static entry.

                R 2 Replies Last reply Reply Quote 0
                • R Offline
                  RandomVMTeam @stephenw10
                  last edited by

                  @stephenw10 sorry I mispoke, its not the Gateway for the LAN..
                  I will do some tests with static ARPs disabled and see if the result is any better and report back.
                  Thanks..

                  1 Reply Last reply Reply Quote 1
                  • R Offline
                    RandomVMTeam @stephenw10
                    last edited by RandomVMTeam

                    @stephenw10
                    upon upgrading the first boot was not successful, the system hung and never completed a reboot..I ended up having to power cycle. this initially is what happen the first time recall (before starting this thread).

                    with or without static ARP entries the reboot after the upgrade failed on first attempt. so it wasn't the static arp entries..

                    I was able to fix it by cycling through the few boot environments listed with bectl list.. whats strange is the boot environment i picked of a recent date still had 25.07 but it was not the boot environment it used after the power cycle hang.

                    if its doing what I think it is, its failing to upgrade and reboot, and rolling back to another boot environment for 25.07 that doesnt fully function.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Where did it fail at the first boot?

                      R 1 Reply Last reply Reply Quote 0
                      • R Offline
                        RandomVMTeam @stephenw10
                        last edited by RandomVMTeam

                        @stephenw10 I wasnt able to capture unfortunately as I kicked off the upgrade from a remote client.. It seem to never get past normal bootup as when I connected a monitor cable while it was in this stuck state, the screen was still blank, no terminal output.

                        I did little more testing and noticed one of my devices had no internet..
                        I assigned a static ARP entry and its connectivity started to work. seems like multiple problems going on. one as of now is related to the usage of static ARP in KEA DHCP server. DHCP seems to be broken for none-static ARP clients.

                        I'll try turning off static ARP entry and see if connectivity resumes for all other clients.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Are you able to retest the upgrade to get the console log up to the failure point?

                          R 1 Reply Last reply Reply Quote 0
                          • R Offline
                            RandomVMTeam @stephenw10
                            last edited by

                            @stephenw10 I can.
                            i'll switch back to 24.01 and kick off another upgrade at the terminal.

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.