pfSense 2.4.5-RELEASE-p1 Now Available

revengineer

@serbus said in pfSense 2.4.5-RELEASE-p1 Now Available:

Hello!

I guess it could seem like it is hung if it is taking more than 20 minutes. Thats a long time.

What is that they say, "The logs are the window to the soul.", or something like that...

John

I have been using "ps aux|grep pkg-static" to verify that it was hung on a single package for that long. I was not clear if there is a better place showing additional details of the install process. Pointer appreciated and I will take a look what happened.

Qinn

killall pkg-static

Gave me the possibility back to upgrade, yet after I tried to install the pfBlockerNG package it go stuck again

Had to do a

killall pkg-static

To get back out again

So no solution here...

tman222

Upgraded two machines this past week to 2.4.5p1 from 2.4.5 and everything went smoothly. Both are baremetal installs. On one of the boxes I have some sizable IP block lists and so was happy to see that the pfctl issue is now fixed. System seems snappier and no more latency spikes. Thanks everyone for the quick turnaround on this.

Visseroth

@tman222 That doesn't help the few of us that are experiencing problems, but we are glad that everything went smooth for you and things are better! That indeed is nice!

Qinn

When I hangs

78285  0  S+      0:00.00 grep pkg
[2.4.5-RELEASE][root@pfSense.localdomain]/root: ps ax | grep 'pkg'
53675  -  IN      0:00.00 /bin/sh /etc/rc.update_pkg_metadata
56258  -  IC      0:00.01 tee -a /cf/conf/pkg_log_pfSense-pkg-pfBlockerNG-devel
56497  -  I       0:00.00 pkg-static -o EVENT_PIPE=/tmp/pfSense-upgrade.sock up
56729  -  I       0:01.74 pkg-static -o EVENT_PIPE=/tmp/pfSense-upgrade.sock up
85699  0  S+      0:00.00 grep pkg

Rico

Which pkg version are you guys running?
I noticed someting strange in my logs...

Jun 10 23:16:37 	php 		[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Jun 10 23:15:00 	php 		[pfBlockerNG] Starting cron process.
Jun 10 22:20:56 	pkg-static 	pkg upgraded: 1.12.0_1 -> 1.13.2
Jun 10 22:16:40 	php 		[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Jun 10 22:15:00 	php 		[pfBlockerNG] Starting cron process. 

This happened automatically, I wasn't at home at this time and also not logged in to the pfSense WebGUI.

-Rico

Qinn

@Rico Sorry can't help you I have decided to reinstall pfS and now everything is fine.

Rico

Well I have no problem, just wondering what differs from my setup with others having issues.

-Rico

jimp

The issue with the packages getting "stuck" during (re)install appears to be due to how the install process launches services/daemons from within the install functions. If the daemons are killed (or stopped and started), then pkg will continue. So likely it was stuck, and then when a cron job came along and restarted the pfBlockerNG services, then pkg was able to continue.

revengineer

@jimp said in pfSense 2.4.5-RELEASE-p1 Now Available:

The issue with the packages getting "stuck" during (re)install appears to be due to how the install process launches services/daemons from within the install functions. If the daemons are killed (or stopped and started), then pkg will continue. So likely it was stuck, and then when a cron job came along and restarted the pfBlockerNG services, then pkg was able to continue.

Thanks for weighing in, Jim. Is there a solution or workaround for this issue other than killing each daemon upon install? Will this require a code change for each package affected?

jimp

Not yet, we are still looking into it

revengineer

@jimp said in pfSense 2.4.5-RELEASE-p1 Now Available:

Not yet, we are still looking into it

Perfect, thank you!!!

bimmerdriver

Does this issue with packages also affect snort? The system I updated didn't have any packages, but one of my systems has snort, so wondering if I should hold off before updating it.

revengineer

@bimmerdriver said in pfSense 2.4.5-RELEASE-p1 Now Available:

Does this issue with packages also affect snort? The system I updated didn't have any packages, but one of my systems has snort, so wondering if I should hold off before updating it.

In my case snort was not affected but many other packages were. But if it's a timing thing, I may have just been lucky. Having said that, the packages did actually install and were usable after installation despite need to kill the pkg-static process.

chudak

@bimmerdriver
I had snort and after upgrade it shown a new version available and all went thru without any problems

reza.mnp

after upgrade to P1 Everything OK . no problem, just wondering L2TP server is up but clients not able connect to server.
L2TP: waiting for connection on [wan ip] 1701
l2tps started, version 5.8 (root@pfSense_v2_4_5_amd64-pfSense_v2_4_5-job-01 23:02 6-Dec-2019)
l2tps Multi-link PPP daemon for FreeBSD

Visseroth

2.4.5 had issues, 2.4.5p1 has more problems, not just on my personal firewall but on another I support, system specs are exact.
I know the PfSense team does their best to ensure stability and reliability but I can't help but feel like the ball has been dropped somewhere.
In all my years of using PfSense I've never seen so many problems unless using a software NIC like realtek and when a user has a problem the answer should NEVER be "wipe and reload". For a commercial client this means down time, lots of hours trying to fix the problem or calling the PfSense technical support and having them fix the problem and now that I think about it, from a commercial standpoint is a great opportunity to make some extra cash whether intentional or not.

I was told with 2.4.5 that one should uninstall packages before updating.
Knowing user are running packages is pretty much a given so why should things break just because a update is being applied? Sure there's a lot of code to ensure everything goes smooth but this is a known variable in which updates are being applied.
2.4.5p1 the package installer breaks.... sometimes and I'm told the solutions is to reload from scratch, install the packages then load my config?

How is that an acceptable practice? I'm seriously afraid to upgrade any other systems I support because there is a likelihood that they will break and then what? I have to reinstall, preinstall the packages and then re-load the config?

I'm seriously thinking it may be time to leave PfSense and go to something like OPNSense or just forget a open based firewall and going to Ubiquiti.

Oh, and for all those haters that want to flame me, you're another reason I'm thinking of leaving.
I've basicaly said I have (and others) have a problem with the pkg installer and there has been no resolution.

al

@Visseroth I understand people can get frustrated when they head into problems, but the best way to deal with them is not shouting. I do not know what your investment in pfSense was, but many get pfSense CE for free so the positive and helpful kind of feedback is appreciated and not the "angry wet towel in the face" kind of feedback.
If you see a problem that other people have complained about and it seems no bug report have yet been reported then please make one at https://redmine.pfsense.org/projects/pfsense/roadmap (create an account or login) or reach out to customer support.

Like Maba79 writes in https://forum.netgate.com/topic/154040/packet-manager-broke-in-gui-after-2-4-5-upgrade/6 it seems there is a workaround (I haven't tested it myself):

Executed:
killall pkg-static
pkg-static upgrade -f

Saved the day.

Cheers :)

avr

@Visseroth
I agree with all your points... there is such a thing as Sofware Engineering, CMM, etc that most companies have thrown down the drain... now it's anti-engineering the daily bread.

I was fiddling with browsers x webrtc leaks and then I found out that all OpenVPN connections were leaking my WAN IP DNS... that only happened after the 2.4.5_1 upgrade. I found that very odd... then I went to General Setup, option DNS Server Override, clicked status=checked, saved, then clicked status=unchecked, saved again, then it stopped leaking. So all of you out there may be leaking vpn DNSs right now after upgrade... that's an upgrade bug, a serious one.

I saw people complaining in the past of leakages that happened due to upgrades before, backup and restore... so pfSense team: start to make software engineering great again! Test, Test, Test, Test

I like pfSense, but it's a software for security and privacy, a reason of being... you guys must pay attention.

al

@avr So please report your finding on https://redmine.pfsense.org/projects/pfsense/roadmap and see it get addressed that is the correct place to report stuff if you have steps to reproduce. (You might want to check if others have reported something similar, but if in doubt better report the problem, because it can always be closed as a duplicate.)