Now Available: pfSense® Plus 25.07-RELEASE

stephenw10

Hmm, nothing obviously wrong there. Do you see an alert after it reboots into 24.11?

Check System > Boot Environments. Do you see the new 25.07.1 BE marked as failed?

SteveITS

@johan333 Based on other posts…

see if /cf/conf/backup is full. If so delete files or visit Diagnostics >Backup> Configuration history until it doesn’t time out. There was a bug where they weren’t automatically deleted.

Delete old/unnecessary boot environments. (Ignore the “size” shown)

stephenw10

Yup, very good point. Since it appears to be failing at 'updating configuration' check for far too many backups.

johan333

Thank you for the help.

@stephenw10 - I would've expected to see some type of kernel panic notice based on this behavior, but no alerts whatsoever. I have the SG2100 console port connected via USB to a RaspberryPi device and logging the console output via screen. Yes, as per the screenshots, it states the BE failed to verify.

@SteveITS - Interesting...I'll give the GUI diagnostic screen a try. Here's what /cf/conf/backup has:

[24.11-RELEASE][root@pfSense.home.lan]/: du -sh /cf/conf/backup
2.0G    /cf/conf/backup
[24.11-RELEASE][root@pfSense.home.lan]/: ls -l /cf/conf/backup | wc -l
   12318

SteveITS

@johan333 said in Now Available: pfSense Plus 25.07-RELEASE:

12318

That's it, then. Should be ~30 files by default.

There were a couple bugs at play, pfBlocker updates a timestamp in the file every cron run, and the backups were not being pruned automatically. So every hour for a year or more... I've seen a few posts here and on Reddit with similar update failure.

mcury

@SteveITS said in Now Available: pfSense Plus 25.07-RELEASE:

There were a couple bugs at play, pfBlocker updates a timestamp in the file every cron run,

25.07.1 has this issue with pfBlockerNG.

But Maximum Backups option is working.

johan333

@SteveITS Wow, very interesting and great insight. Based on the evidence, I would've never come to this discovery/conclusion. The diag page does time out BTW, so I'll just manually prune it and try the update again. Know if the bug was fixed in 25.07 and if not what is the work-around people are using (e.g. CRON job)?

SteveITS

@mcury said in Now Available: pfSense Plus 25.07-RELEASE:

25.07.1 has this issue with pfBlockerNG

I don't have a link handy but I'm pretty sure Netgate posted that's been fixed in a later version? Or there was a patch in that forum somewhere. It's worse if using pfB in HA because the secondary was getting multiple config files because of its cron plus the sync at cron time.

I have a note to check config history before starting an update.

diag page does time out

It will but if you keep reloading after that, and be patient it should eventually load. I think mine timed out after 10 minutes and had deleted most of the files.

25.7 fixed the history retention.

mcury

@SteveITS said in Now Available: pfSense Plus 25.07-RELEASE:

I don't have a link handy but I'm pretty sure Netgate posted that's been fixed in a later version?

Redmine #14409
DNSBL is also disabled here, so it seems that 25.07.1 didn't bring that fix?

mcury

I'm opening a new thread about the pfBlockerNG and configuration history.

stephenw10

Yeah the backup config trimming is fixed now.

Yes if you visit the backups page it will prune them. Eventually. And if you ever visited that page previously it would have done so many users never saw it.