2.4.5 Update Caution
-
Followed the instructions; made backup, re-booted and then updated. Smooth as silk.
Uptime before re-boot was 155 days.
Very pleasant experience. Thanks.
-
seen update notice on dashboard yesterday. uninstalled packages and updated. It took 5 or 6 minutes and took a few attempts to auto reconnect. it keep saying not ready yet so I was getting worried but then it came up with no issues. re-installed packages and all is good. thank you Devs
-
uhm my 2.4.5 ended up with suricata 5.0.2
I didn't noticed this until i read this thread because it's working -
That is correct if it's amd64 or aarch64. Only armv6 should get 4.1.7_1 in 2.4.5.
Steve
-
ah ok, great
-
@stephenw10 said in 2.4.5 Update Caution:
Just to be clear though any package updates you do see may be intended for 2.4.5. Do not update any packages before updating to 2.4.5.
Steve
What if I do need to do a fresh Installation of 2.4.4_p3 and want to Install snort for example? Do I get a compatible version or the one which is indented for 2.4.5?
-
@Artes said in 2.4.5 Update Caution:
@stephenw10 said in 2.4.5 Update Caution:
Just to be clear though any package updates you do see may be intended for 2.4.5. Do not update any packages before updating to 2.4.5.
Steve
What if I do need to do a fresh Installation of 2.4.4_p3 and want to Install snort for example? Do I get a compatible version or the one which is indented for 2.4.5?
The one compiled for pfSense-2.4.5 won't load on pfSense-2.4.4_p3 due to FreeBSD shared library changes. And right now, short of building your own pfSense package builder and creating a custom Poudriere ports repo, you can't install the new Snort package on older pfSense versions. If you went the custom repo route, you could build and install the old Snort.
-
It's possible to do it by creating repo conf file and setting it to 2.4.4. The 2.4.4 pkgs are still accessible.
However I strongly recommend you don't unless you have no choice.Steve
-
Thank you for the Information. Am I right that the repo configuration file to setup is located in /usr/local/etc/pkg/repos/ ?
It's not that I'd like to stay on 2.4.4 - I have to make a rollback plan for upcoming upgrades of Bare Metal Firewalls - just in case if shit hits the fan.
-
Yes. Create a new file there. They are parsed in alphabetical order so I have used a file named
temp_repo.conf
.
Copy the values from the pfSense repo conf file and edit all the 2_4_5s to 2_4_4s.
Save the file, refresh the update check and you should be back pointing at 2.4.4 packages.
Just remove the temp_repo file when you're ready to upgrade.Steve
Edit: You no longer have to do this. You can now select the 2.4.4 repo from System > Update > Update Settings.
-
I did a little f*ck up. I updated Suricata before upgrading to 2.4.5 and now Suricata does not work. Is there any progress on fixing that?
-
@gerjanw said in 2.4.5 Update Caution:
I did a little f*ck up. I updated Suricata before upgrading to 2.4.5 and now Suricata does not work. Is there any progress on fixing that?
The fix for that is easy. Update your firewall to 2.4.5. That fixes it for the vast majority of users that have done this to themselves.
If it does not fix it for you, then go follow the steps in this documentation: https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#forced-pkg-reinstall. That has also fixed it for some folks.
In the future, follow the warnings in the Netgate/pfSense docs and NEVER update packages when a new version of pfSense is available UNTIL you have updated pfSense itself first.
-
@bmeeks Thanks. I will try the steps in the documentation and yes I have learned my lesson I will never ever again update packages before updating PfSense
-
Netgate should ask CNN for international coverage before they bring out 2.4.6.
Or high-jack social media to create a mega buz first.
Something smaller just won't do.@gerjanw : don't worry, we've all been there
-
I did the same and paid high price - had to reimage my router.
It was PFBlockerNG and after un-installing it all went to hell.Do not uninstall anything.
I'd suggest to upgrade to 2.4.5
-
We now have a 2.4.4 selection in System > Update > Update Settings that you can use to select 2.4.4 packages if you are not yet ready to upgrade.
Steve
-
@stephenw10 said in 2.4.5 Update Caution:
We now have a 2.4.4 selection in System > Update > Update Settings that you can use to select 2.4.4 packages if you are not yet ready to upgrade.
Steve
Can you pls elaborate?
I am on 2.4.5 so not sure what you are suggesting.
Looking like - specify deprecated 2.4.4 and then how will it help to avoid problems? -
It will only help if you were running 2.4.4p3 and accidentally installed a 2.4.5 package. Swicthing the repo and reinstalling should bring you back to the correct package for 2.4.4p3.
But even so if you had done that it would be better to reinstall IMO.Really it is useful to avoid doing that at all. If you are running 2.4.4p3 and cannot upgrade for whatever reason but need to install a package you can now do so by selecting the 2.4.4 repo.
Steve
-
@stephenw10 said in 2.4.5 Update Caution:
It will only help if you were running 2.4.4p3 and accidentally installed a 2.4.5 package. Swicthing the repo and reinstalling should bring you back to the correct package for 2.4.4p3.
But even so if you had done that it would be better to reinstall IMO.Really it is useful to avoid doing that at all. If you are running 2.4.4p3 and cannot upgrade for whatever reason but need to install a package you can now do so by selecting the 2.4.4 repo.
Steve
I am thinking over how to make it better for next snafu.
Still don't get why if the package is for say 2.4.6, Netgate can't flag it as such in Install Packages pane.Other option would be even not to show newer packages at all for newer release...
-
There will almost certainly be improvements for the next significant release. A number of options are being discussed internally.
Steve