Upgrade to 2.1.3

stephenw10

@Starko:

So I guess I have to get in the car and make a two hour ride to that customer.

Ouch. Was it an old card? Running packages that may have been writing data?

Steve

Edit: typo

Starko

I would say about 4-5 years. No packages as far as I know.

jamesaepp

When the upgrade changelog refers to the openssl vulnerability, is this referring to the famed "heartbleed" bug?

If so, is there anything I need to worry about changing? I have self-signed certs for a couple openvpn servers, and am now wondering whether I should be reflecting the changes necessary to ensure my security.

val

No problem here on amd64 full install

doktornotor

@jamesaepp:

When the upgrade changelog refers to the openssl vulnerability, is this referring to the famed "heartbleed" bug?

No.

kpa

The Heartbleed vulnerability was already addresses in the 2.1.2 update.

https://blog.pfsense.org/?p=1253

Gertjan

The very first 'doing it remotely' upgrade.
Everything came up (back) nicely.

No need to take the car  ;)

swinn

Anyone having issues with UPnP Port Mapping working? NAT-PMP seems to work but since upgrading to 2.1.3, the XBOXs are not opening ports using UPnP. Reverting back to 2.1.2 fixes it.

stephenw10

There has been a change in the upnp behaviour:
@https://doc.pfsense.org/index.php/2.1.3_New_Features_and_Changes:

Make miniupnpd listen on interface instead of IP

Perhaps you simply need to configure it slightly differently.

Steve

janek

Mine did not come up after upgrade attempt (from 2.1.2 -> 2.1.3)
He is 64bit on esxi 5.1.
said "Unable to load kernel"
in /boot/loader.conf:
autoboot_delay="3"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
kern.ipc.nmbclusters="0"
kern.hz=100
vmblock_load="YES"
vmmemct_load="YES"
vmhgfs_load="YES"
vmxnet_load="YES"
legal.intel_ipw.license_ack="1"
hw.usb.no_pf="1"

file /boot.config is empty

directory /kernels has two files
kernel_wrap.gz - 8771122
kernel_SMP.gz - 10426403

Can someone point me to the right direction?

swinn

@stephenw10:

Perhaps you simply need to configure it slightly differently.

The configuration options haven't changed and the interfaces are set correctly.

swinn

If I edit the miniupnpd.conf manually and set listening_ip=10.1.16.1/20 (like it would be configured in previous versions) then it works correctly. If I change it back to listening_ip=em0_vlan2 then it is broken. Looking at ifconfig, everything for em0_vlan2 is correct. The devices are all on the same vlan and subnet.

Watching traffic over the network, I can see the SSDP request being broadcast by the device but pfSense never responds.

T-Monster

Just adding my voice in here…

I saw that the upgrade was available - and because 2.1.1 --> 2.1.2 was painless and problem free, I didn't think twice to just kick off the upgrade....

It completely fubar'd my firewall :(

(I'm using the 32-bit version)

I rebooted and the firewall couldn't find a kernel - looked in the relevant folders and no kernels were there. Nothing.

I looked at the upgrade logfile and there were a raft of errors in there - so my simplistic view is that the upgrade downloaded ok, passed any verifications, but then the upgrade / installation process just ploughed the system.

I don't have any specific details / logfiles to list here as I just needed to get the firewall back up & running, so I had a clean install of 2.1 lying around and that's what I'm running now, until I can get a clean install of 2.1.3 planned in later this week.

Anyway... just thought I'd put my story of pain in here, so that others are ready and know how to recover their systems (backup config!!)

stephenw10

Just for information, what hardware is that on? Which install type?

Steve

T-Monster

This was a 32-bit memstick install on a Neoware CA10 Thin Client, 1GB RAM, 3GB Flash storage

From memory, I think this was a clean 2.1(.0) install, then upgraded to each new release as it came out.

Once I've finished my Bank Holiday weekend, then I'll spend some more time looking at this - might even try another upgrade to see if it's reproducible so that we can make these upgrades less fearsome :)

Put it this way - my home firewall upgrade going wrong is one thing (OMG, no Facebook! ;)), but the 3x pfSense installs at work will NOT be done remotely (although they have significantly better hardware)

stephenw10

So a full install onto flash?
Any packages? Any swap usage?

Steve

foonus

@swinn:

Anyone having issues with UPnP Port Mapping working? NAT-PMP seems to work but since upgrading to 2.1.3, the XBOXs are not opening ports using UPnP. Reverting back to 2.1.2 fixes it.

Yep. Confirmed.

After update to .13 UPnP on multiple machines fails to operate correctly.

T-Monster

@stephenw10:

So a full install onto flash?
Any packages? Any swap usage?

Steve

I have these packages installed:

• Lightsquid

• routed

• Sarg

• squid

• squidGuard

As for swap usage… no idea.
The 2.1 that I'm currently running is 0%, but that's not to say that the 2.1.2 was the same... but something I'll have a look at if I do the upgrade again.

urop

Janek, the same happened to me…

My system didn't boot after the upgrade: The folder /boot/kernel was empty.

I found the reason: If you tick "make full backup" in the update dialog, the whole system will be tared into one file in /root. This file can easily eat up all space of your root-partition... As a result, the update goes terribly wrong, leaving a crippled system.
I then tried to recreate the system using the said backup file, but "funny" enough, while booting up, some self destruction took place (like rm -rf /) and the disk was more or less empty (those file with  schg-flag set still existed).
Finally I had to reinstall the system.

May I suggest that the full-backup feature checks for space?

Regards,
-Urs

Starko

@Starko:

I would say about 4-5 years. No packages as far as I know.

I swapped the card. Did a full restore and everything works fine again.