Upgrade to 2.1.3

stephenw10

There has been a change in the upnp behaviour:
@https://doc.pfsense.org/index.php/2.1.3_New_Features_and_Changes:

Make miniupnpd listen on interface instead of IP

Perhaps you simply need to configure it slightly differently.

Steve

janek

Mine did not come up after upgrade attempt (from 2.1.2 -> 2.1.3)
He is 64bit on esxi 5.1.
said "Unable to load kernel"
in /boot/loader.conf:
autoboot_delay="3"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
kern.ipc.nmbclusters="0"
kern.hz=100
vmblock_load="YES"
vmmemct_load="YES"
vmhgfs_load="YES"
vmxnet_load="YES"
legal.intel_ipw.license_ack="1"
hw.usb.no_pf="1"

file /boot.config is empty

directory /kernels has two files
kernel_wrap.gz - 8771122
kernel_SMP.gz - 10426403

Can someone point me to the right direction?

swinn

@stephenw10:

Perhaps you simply need to configure it slightly differently.

The configuration options haven't changed and the interfaces are set correctly.

swinn

If I edit the miniupnpd.conf manually and set listening_ip=10.1.16.1/20 (like it would be configured in previous versions) then it works correctly. If I change it back to listening_ip=em0_vlan2 then it is broken. Looking at ifconfig, everything for em0_vlan2 is correct. The devices are all on the same vlan and subnet.

Watching traffic over the network, I can see the SSDP request being broadcast by the device but pfSense never responds.

T-Monster

Just adding my voice in here…

I saw that the upgrade was available - and because 2.1.1 --> 2.1.2 was painless and problem free, I didn't think twice to just kick off the upgrade....

It completely fubar'd my firewall :(

(I'm using the 32-bit version)

I rebooted and the firewall couldn't find a kernel - looked in the relevant folders and no kernels were there. Nothing.

I looked at the upgrade logfile and there were a raft of errors in there - so my simplistic view is that the upgrade downloaded ok, passed any verifications, but then the upgrade / installation process just ploughed the system.

I don't have any specific details / logfiles to list here as I just needed to get the firewall back up & running, so I had a clean install of 2.1 lying around and that's what I'm running now, until I can get a clean install of 2.1.3 planned in later this week.

Anyway... just thought I'd put my story of pain in here, so that others are ready and know how to recover their systems (backup config!!)

stephenw10

Just for information, what hardware is that on? Which install type?

Steve

T-Monster

This was a 32-bit memstick install on a Neoware CA10 Thin Client, 1GB RAM, 3GB Flash storage

From memory, I think this was a clean 2.1(.0) install, then upgraded to each new release as it came out.

Once I've finished my Bank Holiday weekend, then I'll spend some more time looking at this - might even try another upgrade to see if it's reproducible so that we can make these upgrades less fearsome :)

Put it this way - my home firewall upgrade going wrong is one thing (OMG, no Facebook! ;)), but the 3x pfSense installs at work will NOT be done remotely (although they have significantly better hardware)

stephenw10

So a full install onto flash?
Any packages? Any swap usage?

Steve

foonus

@swinn:

Anyone having issues with UPnP Port Mapping working? NAT-PMP seems to work but since upgrading to 2.1.3, the XBOXs are not opening ports using UPnP. Reverting back to 2.1.2 fixes it.

Yep. Confirmed.

After update to .13 UPnP on multiple machines fails to operate correctly.

T-Monster

@stephenw10:

So a full install onto flash?
Any packages? Any swap usage?

Steve

I have these packages installed:

• Lightsquid

• routed

• Sarg

• squid

• squidGuard

As for swap usage… no idea.
The 2.1 that I'm currently running is 0%, but that's not to say that the 2.1.2 was the same... but something I'll have a look at if I do the upgrade again.

urop

Janek, the same happened to me…

My system didn't boot after the upgrade: The folder /boot/kernel was empty.

I found the reason: If you tick "make full backup" in the update dialog, the whole system will be tared into one file in /root. This file can easily eat up all space of your root-partition... As a result, the update goes terribly wrong, leaving a crippled system.
I then tried to recreate the system using the said backup file, but "funny" enough, while booting up, some self destruction took place (like rm -rf /) and the disk was more or less empty (those file with  schg-flag set still existed).
Finally I had to reinstall the system.

May I suggest that the full-backup feature checks for space?

Regards,
-Urs

Starko

@Starko:

I would say about 4-5 years. No packages as far as I know.

I swapped the card. Did a full restore and everything works fine again.

stephenw10

@TMonster:

I have these packages installed:

• squid

• squidGuard

As for swap usage… no idea.

Do you have caching disabled in Squid? If not the Squid will be writing to your flash boot device continuously. Worse Squid will probably use your 1GB of RAM and start  swapping to the flash unless you've taken steps to prevent it. That will burn through the write cycles on the flash in short order, especially if it's cheap flash. You may well have damage on the flash that has caused this.

Steve

ashes00

After upgrading from 2.1.2 to 2.1.3, I lost installed packages (SNORT & OpenVPN Client Export).  I am running 2.1.3 Nano-VGA-4GB (With RAM Disks).  I needed to update both of the packages anyway, but was NOT what I expected from upgrade.  :(

Ash,

blewis

I can't seem to download the 512mb upgrade… Is the 512mb nanobsd upgrade discontinued from 2.1.3 onward? :(

Guest

…I see the 512MB image for fresh install as well as upgrade in the pfsense.org mirror selection...

blewis

Yeah, when I try to download it, it's missing = 404 Not Found…

T-Monster

@stephenw10:

Do you have caching disabled in Squid?

No. Using ~1GB for cache

@stephenw10:

If not the Squid will be writing to your flash boot device continuously.

Hmmm… OK, using:

top -m io

I get:

  PID USERNAME   VCSW  IVCSW   READ  WRITE  FAULT  TOTAL PERCENT COMMAND
90995 proxy         4      0      0      0      0      0   0.00% squid

Which looks like squid's hardly doing much (this is a home office firewall)

@stephenw10:

Worse Squid will probably use your 1GB of RAM and start  swapping to the flash unless you've taken steps to prevent it.

OK, back to top, I get:

  PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
90995 proxy       1  44    0   154M   149M kqread   7:28  0.00% squid

So, it's not eating too much RAM.

@stephenw10:

That will burn through the write cycles on the flash in short order, especially if it's cheap flash. You may well have damage on the flash that has caused this.

Wouldn't the installation continue as normal though, with any bad sectors being caught by the underlying disk controller - just like a mechanical drive having bad sectors?

It's not like 1 or 2 files were corrupt and a quick fsck would fix it… I'm talking about /boot/kernel being completely empty here. From memory, only /boot/kernel/pfsense_kernel.txt existed... no .ko files, no kernel.gz, nothing.

I understand your caution over squid's cache on flash memory, but I can't see how that would cause the problem I'm describing.

stephenw10

Ok. I was perhaps being a bit alarmist there. You seem to have a good grip on what's actually happening. I was just concerned that you might have been running Squid without understanding the possible consequences.
I agree that a few bad sectors is unlikely to have caused your problem. I wouldn't personally rely on the flash controller to save me in that situation though.

Steve

genic

has anyone notice that this upgrade changes the 'Firewall Optimization Options' to 'conservative' ?? wtf?