[Solved] Can't Upgrade Beyond 2.4.3-RELEASE, Lose All Connectivity

DudeGuy

I am currently unable to update beyond 2.4.3-RELEASE. If I upgrade via the GUI update function, I lose ALL outbound connectivity--I can't even ping. Anything I try to resolve the issue (including deleting all added firewall rules and the VPN client) fails.

If I do a fresh installation of 2.4.4 (then update to 2.4.4_2), the fresh install works fine, but as soon as I reload my working XML configuration file, I once again lose all connectivity, and no amount of troubleshooting or tweaking resolves the issue. I have to reinstall 2.4.3-RELEASE and then reload my config file to get working again.

Clearly there is something within the XML config file from 2.4.3 that isn't playing well with the update, but I have no idea what it could be. My setup is pretty straightforward with a web server running on its own interface with several ports forwarded to it, and a VPN client that provides PIA VPN connectivity to the entire LAN. Again, note that disabling or deleting the VPN client has no effect on this issue.

I don't even have any packages currently installed.

Any thoughts? Thanks.

KOM

I've seen rare cases of corruption within the xml file, but that was many years ago. You might have to build the server back up from scratch if your config file isn't working for whatever reason.

The backup xml file is made up of several unique sections. If you want to really get to the bottom of your problem, you could create a new xml file and then start copying a section into the new file and then restore pfSense from that file. Test and repeat until it stops working.

DudeGuy

Thanks for the reply.

Since the XML file works fine to restore the configuration in 2.4.3, I assumed it was unlikely to be corrupted (although who knows). I also have several versions of the config file from different dates that are more or less the same, and they all behave the same way with 2.4.4.

I am currently leaning towards your other solution, making a backup of each section and then reloading one by one. Tedious, but I can't think if what else to try.

Thanks.

Grimson

https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html#upgrading-from-versions-older-than-pfsense-2-4-4 take note of the changed gateway handling.

Also learn to read the release notes and upgrade documentation when a new version comes out.

DudeGuy

@grimson

Thanks, I read the release notes.

jimp

You can't reload sections one by one between versions since the upgrade code can't make adjustments based on isolated sections.

There isn't enough information to speculate about causes with any accuracy, but the most likely explanation is that your default gateway isn't being set correctly after the upgrade.

Next time you try the upgrade, look at Diagnostics > Routes and see if you have a default gateway there. If not, go to System > Routing, make sure you have the correct gateway listed as default in the Default gateway IPv4 box, then even if you did not make any changes on that page, save and apply.

KOM

You can't reload sections one by one between versions since the upgrade code can't make adjustments based on isolated sections.

Is this the general case, or just because of the specific work done between 2.4.3 and 2.4.4?

jimp

@kom said in Can't Upgrade Beyond 2.4.3-RELEASE, Lose All Connectivity:

You can't reload sections one by one between versions since the upgrade code can't make adjustments based on isolated sections.

Is this the general case, or just because of the specific work done between 2.4.3 and 2.4.4?

It is always the case. If it works, it's by pure chance. Restoring sections between versions has never been supported.

If you are lucky and that specific section had no changes then it would be OK, but it's not a safe practice.

What you can do, however, is restore the entire config, then take a backup. Then factory reset (or reinstall) and restore sections of that entire upgraded config one at a time.

DudeGuy

@jimp

I did previously check the default gateway, and it looked fine. I tried the update one more time. Checked gateway again (still looks fine), cycled back-and-forth through the (two-entry) list, reapplied the default gateway, then clicked save. Everything working now. Pretty goofy behaviour.

Many thanks for your help.

time4fun

I ran into the same issue after upgrading to 2.4.4 and at least for my issue it was related to having multiple gateways setup. I edited /etc/inc/gwlb.inc as recommended and it fixed the issue for me "https://redmine.pfsense.org/issues/9004"