Now Available: pfSense® Plus 25.07-RELEASE
-
Yup, very good point. Since it appears to be failing at 'updating configuration' check for far too many backups.
-
Thank you for the help.
@stephenw10 - I would've expected to see some type of kernel panic notice based on this behavior, but no alerts whatsoever. I have the SG2100 console port connected via USB to a RaspberryPi device and logging the console output via
screen. Yes, as per the screenshots, it states the BE failed to verify.
@SteveITS - Interesting...I'll give the GUI diagnostic screen a try. Here's what /cf/conf/backup has:
[24.11-RELEASE][root@pfSense.home.lan]/: du -sh /cf/conf/backup 2.0G /cf/conf/backup [24.11-RELEASE][root@pfSense.home.lan]/: ls -l /cf/conf/backup | wc -l 12318 -
@johan333 said in Now Available: pfSense
Plus 25.07-RELEASE:12318
That's it, then. Should be ~30 files by default.
There were a couple bugs at play, pfBlocker updates a timestamp in the file every cron run, and the backups were not being pruned automatically. So every hour for a year or more... I've seen a few posts here and on Reddit with similar update failure.
-
@SteveITS said in Now Available: pfSense
Plus 25.07-RELEASE:There were a couple bugs at play, pfBlocker updates a timestamp in the file every cron run,
25.07.1 has this issue with pfBlockerNG.
But Maximum Backups option is working.
-
@SteveITS Wow, very interesting and great insight. Based on the evidence, I would've never come to this discovery/conclusion. The diag page does time out BTW, so I'll just manually prune it and try the update again. Know if the bug was fixed in 25.07 and if not what is the work-around people are using (e.g. CRON job)?
-
@mcury said in Now Available: pfSense
Plus 25.07-RELEASE:25.07.1 has this issue with pfBlockerNG
I don't have a link handy but I'm pretty sure Netgate posted that's been fixed in a later version? Or there was a patch in that forum somewhere. It's worse if using pfB in HA because the secondary was getting multiple config files because of its cron plus the sync at cron time.
I have a note to check config history before starting an update.
diag page does time out
It will but if you keep reloading after that, and be patient it should eventually load. I think mine timed out after 10 minutes and had deleted most of the files.
25.7 fixed the history retention.
-
@SteveITS said in Now Available: pfSense
Plus 25.07-RELEASE:I don't have a link handy but I'm pretty sure Netgate posted that's been fixed in a later version?
Redmine #14409
DNSBL is also disabled here, so it seems that 25.07.1 didn't bring that fix? -
I'm opening a new thread about the pfBlockerNG and configuration history.
-
Yeah the backup config trimming is fixed now.
Yes if you visit the backups page it will prune them. Eventually. And if you ever visited that page previously it would have done so many users never saw it.
-
btw does the link to the installer sent after the order (non-netgate device) always provide the latest version of the installer?
i.e. I can use the same link and not need to re-order to get the latest installer version? -
Hmm, good question. But I believe it's a link to a single fixed file. And it expires after some time anyway so you would need to 'order' again.
However the installer can install any number of pfSense versions so it's generally not necessary to update it for each pfSense release.
That said the new installer version should be available soon with a number or fixes and additional features.
-
@stephenw10 Yeah, I just like to have the latest version as you said, it fixes possible problems and might have additional features added :)
Just tested with a link provided a bit over 2 moths ago and it still worked (it was1.0-RC-amd64-20240919-1435.img).
Also if one has an active subscription, why not just provide the installer download under the My Account or something, would remove unnecessary $0 orders if needed to re-download for some reason. -
I believe there's a backend limitation because I know that has been discussed internally previously. Hopefully something we can work past at some point.
-
@stephenw10 I recall back in the day you use to be able to grab your image from your account - or am I misremembering? This is going back many years.
-
Mmm, there have been many changes over the years. As far as I know though there is no way to re-download images after the link expires currently.
-
I notice that XML backups begin with the following:
<?xml version="1.0"?> <pfsense> <version>24.0</version> <lastchange></lastchange> ... </pfsense>I expected the version to be
25.07.1or something similar.
Is this intended or is it a minor bug? -
@phreed That's not the pfSense version it's the file version:
https://docs.netgate.com/pfsense/en/latest/releases/versions.htmlside note: https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html
-
@SteveITS Thanks for the clarification, I would give you an up-vote but I do not have enough reputation.
