PfSense 2.3.2 manual update missing?
-
@w0w:
Current online update system is not so bulletproof as offline upgrade can be, so we need it back or more reliable online update than current system that can be failed due server error or whatever it was. Argumentation that you can always install fresh and restore original config does not apply on remote appliance.
If an appliance has connectivity, you can do an online upgrade. If the device is not remote, you can reinstall.
There is no longer a "tarball" style single file that could possibly be used for an effective upgrade.
If you have a complicated network with no external connectivity and multiple units, then perhaps you could look into setting up a local pkg mirror.
There may yet be a way to make an offline upgrade by having a connected box fetch the updated pkg files and then copying them over to a new box and installing manually, but that is likely to result in problems until/unless we find a way to do that safely.
-
If you have a complicated network with no external connectivity and multiple units, then perhaps you could look into setting up a local pkg mirror.
Any chance to get some instructions on how to do that? I'm really interested, because I maintain lots of pfSense instances which have limited internet access during installs/upgrades, or don't have internet access at all.
-
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
-
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
pfSense can not be all things to all people. There is no formal list of requirements that the software has to meet. Instead it is open source, so you could fork it to make it suit your needs. (You just have to comply with the terms of the license.)
That all said, I don't see any reason why you couldn't figure out how to get the packages onto some media (USB key), move them into place, and update from there. Seems like a day or two of hacking to build a tool.
-
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.
-
Thank you for your replies, especially that one : " Instead it is open source, so you could fork it to make it suit your needs."Â
It makes me think you've been "offended" by the message, don't know why.
I've been here for a long time, and never thought making a fork would be useful for the project.Best is to share feedback and views…
By the way, to make things clear, I just find sad to remove something that has been working fine (at least for me, on hundreds of setups) for 11+ years, in an easy upgrade process of download/upload.
Have a great day. -
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.
is just a problems here to update how do you bypass certificate check
-
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.
is just a problems here to update how do you bypass certificate check
Using http instead of https
-
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.
is just a problems here to update how do you bypass certificate check
Using http instead of https
that's the problem whe it check ssl certificate from server it thow a warning because the server certificate is another thing diferent from pkg.pfsense.org is my server name. that make a conflict with ssl check so you can not install update.
here the log from updateUpgrading pfSense-repo… done.
Updating repositories metadata...
Updating pfSense-core repository catalogue...
Repository pfSense-core has a wrong packagesite, need to re-create database
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Repository pfSense has a wrong packagesite, need to re-create database
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
repository pfSense has no meta file, using default settings
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
Unable to update repository pfSense
Failed
the after that i got this in system update
The following input errors were detected:ERROR: Error trying to get packages list. Aborting...
  pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required
  ERROR: Error trying to get packages list. Aborting...
  pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' requiredUpdating repositories metadata...
Updating pfSense-core repository catalogue...
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
repository pfSense has no meta file, using default settings
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
here is the logs with certificate error -
This is a huge step back.
pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
The only mean of upgrade I see is full reinstall with backup import….This is sad.
Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.
is just a problems here to update how do you bypass certificate check
Using http instead of https
that's the problem whe it check ssl certificate from server it thow a warning because the server certificate is another thing diferent from pkg.pfsense.org is my server name. that make a conflict with ssl check so you can not install update.
here the log from updateUpgrading pfSense-repo… done.
Updating repositories metadata...
Updating pfSense-core repository catalogue...
Repository pfSense-core has a wrong packagesite, need to re-create database
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Repository pfSense has a wrong packagesite, need to re-create database
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
repository pfSense has no meta file, using default settings
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
Unable to update repository pfSense
Failed
the after that i got this in system update
The following input errors were detected:ERROR: Error trying to get packages list. Aborting...
  pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required
  ERROR: Error trying to get packages list. Aborting...
  pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' requiredUpdating repositories metadata...
Updating pfSense-core repository catalogue...
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
repository pfSense-core has no meta file, using default settings
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
repository pfSense has no meta file, using default settings
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Certificate verification failed for /CN=sdc.conjusol.cu
34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
here is the logs with certificate errorsolved all this editing pfsense.conf repo in /usr/local/etc/pkg/repos setting as http local repo and is done