To do 25.07 or not?! That is the question!
-
After I did a fresh 24.03 + 25.07.1 the system was acting better.
But still 25.07.1 was very odd.
The best I can describe - it would restart by itself, no obvious entries in the logs. But the frequency changed from every 17 min to "sometimes", I noticed one time during one day.Anyhow, I am running now 24.03 for 2 days and it's as it used to be - no issues.
I am buying a new h/w Glovary mini PC for pfS (my current is 8 years old) and will give it new try
-
No panic shown or crash report?
Is it booting UEFI or legacy?
-
@stephenw10 said in To do 25.07 or not?! That is the question!:
No panic shown or crash report?
Is it booting UEFI or legacy?
No panic and it’s legacy
@stephenw10 any ideas about BIOS?
-
Like BIOS settings? Not really. It could be an ACPI bug that's exposed by the larger kernel in 25.07 taking up more space. But I'd expect a panic if that was the case.
-
said in To do 25.07 or not?! That is the question!:
24.03
My pfSense saga…
Before 25.07 on 24.03 I had no issues at all, but every newer update started causing spontaneous reboots. I was ready to blame the hardware and even considered buying a new box.
Then I noticed something: my smart power switch (ezOutlet5 - Internet Enabled IP & Wi-Fi Remote Power Switch) was set up for automatic operations, pinging both WiFi and wired networks. The green light on it was blinking, which basically meant it thought something was wrong.
Turns out it was the switch cutting power and rebooting the box — this is my hypothesis.
I disabled the automatic mode and—voila—no more issues.
Posting this for group posterity in case it saves someone else the same headache.
-
Wow, that's painful! Nice to find a cause though.
-
Today I upgraded my 4200 from 24.11 to 25.07.1 via the web interface.
Upgrade went well. I rebooted before starting, the removed all the packages, upgraded, deleted the Nexus package (which I don't think I need since I'm not doing multi-instance management) and installed the new versions of the rest of the packages.
I tested multi-wan failover/fail-back, VLANs, etc and all those aspects seem to work normally. I have Starlink and T-Mobile Home Internet as my primary and backup services, respectively. I don't have VPNs.
Packages are apcupsd, cron, mailreport, pfBlocker_NG, Status_traffic_totals, System_patches.
The only problem I can see is it appears all my history for Status_traffic_totals is gone.
I thought all packages left their data intact upon removal/reinstallation unless explicitly directed otherwise. What happened in this case?
-
Are you using RAM disks?
Also can we assume you mean a 4200 upgraded from 24.11 to 25.07.1?
-
@stephenw10 no, I don't use RAM disks.
Yes, 4200, not 4300. I've edited that.
-
@Mission-Ghost said in To do 25.07 or not?! That is the question!:
from 24.07 to 25.11
And I assume that is also a typo?
-
@stephenw10 yes, 24.11 to 25.07.1...jeez I'm losing my marble.
I had months of usage measurements and now they're gone:
Before the upgrade, I removed the status_traffic_totals package in accordance with the best practices, and after I added it back. I did not see nor choose any other options. Other packages, like cron, email reports and pfBlocker retained all their configurations and data.
-
Hmm, I'm not sure Traffic Totals does back it up. That would be a lot of data in the config. The RRD data is not saved by default.
Do you have a BE you can roll back to to get the data?
-
@stephenw10, I'm not sure either. I didn't use or restore a backup. I did a normal in-place ZFS upgrade.
If I had not removed the package, the data should have stayed in the BE and not been a factor in terms of being 'a lot of data in the config'?
But, logically then, It seems removing the package deleted the data with it, unlike other packages normal expected behaior. (It does occur to me that the config may have been saved; right away in v25 it retained the selection of the two WANs for display. I did not have to restore that after the upgrade. So maybe it did delete just the data and not the config?)
It may not be worth the effort to migrate the data back from v24 to v25, but it is useful for me and the record to know that the package manager/the package/pfSense apparently does not save this particular package's data like the other packages or as implied in the upgrade instructions. Unless this is actually a bug and should not have happened. I'd be interested in knowing which is true.
So, is it reasonable to leave the status_traffic_totals package in place during the next upgrade and only remove the other packages, given I want to retain the data?
Should this discrepancy in the behavior of this package compared with the others and the upgrade instructions be documented somewhere or, if it's a bug, fix it?
-
Yes, I would leave Traffic Totals installed across an upgrade. It's not a 'heavy' package that might consume enough resources to cause a problem at upgrade. I run it here and never remove it.
In fact in general it should not be necessary to remove any packages. I upgrade with Snort and pfBlocker installed and don't see problems. I would advise removing high resource packages (snort, suricata, pfblocker, squid) if you see or have seen problems upgrading.
If you're running ZFS in Plus then it will have created a new BE at upgrade. You can try rolling back to it and checking /var/db/vnstat
-
I noticed that pfSense upgrades randomly messed Traffic Totals data, though it was way back in 2.4.x time.
I started using the Backup (Backup File/Dir) package to backup RRD/vnstat databases before upgrades. -
@stephenw10 thank you for your thoughtful responses.
It should not be necessary yet, if I recall correctly, Netgate recommends it in the documentation. Perhaps more nuance is needed in the instructions or more checks by the upgrade modules to handle resource constraints better during the process.
For instance, maybe I still need to remove the packages when upgrading my 1100s because they barely have enough memory or storage to get through an upgrade without trouble. But my 4200 with a 128gb ssd is a wide open space for upgrades by comparison. How would I know that though?
Or maybe I need to remove some packages but not others. But system managers would benefit from official guidance on how to decide which.
For me, production requirements don’t give me a reasonable opening to go back and get the old database from a BE such that the benefits exceed the cost of doing so, unless I can restore just the Totals package and data from a recent backup, which I do have. I’ll have to go look. I’ve only ever restored an entire backup.
-
Yes it's still the safest way. If I were upgrading something something very remote with no recovery option I would remove all the packages first.
But it's almost always a memory exhaustion issue and the 1100 is most likely to hit it with 1GB. I've seen the 3100 hit it with 2GB when it's running lots of packages but I upgrade mine here with Snort and pfBlocker still installed. I have limited lists and signatures loaded though.
On a 4GB box it's unlikely to be a problem unless you really tried hard to exhaust the RAM with all the Snort signatures and every pfBlocker list!
In any case I would always have a backup of the config and a recovery media available just in case. It's often quicker to reinstall anyway so it's huge deal for me.
