pfSense 2.4.5-RELEASE-p1 Now Available
-
@avr So please report your finding on https://redmine.pfsense.org/projects/pfsense/roadmap and see it get addressed that is the correct place to report stuff if you have steps to reproduce. (You might want to check if others have reported something similar, but if in doubt better report the problem, because it can always be closed as a duplicate.)
-
@al Believe me when I say I wasn't yelling, more of a rant than a yell and to (hopefully )get the attention of the PfSense staff to let them know that it's not OK.
I understand there can be programming bugs and I did already post here...
https://forum.netgate.com/topic/154389/2-4-5r1-update-no-package-re-install/17
and got some help and it helped for a couple packages but I still have things getting stuck and if they are going to treat the CE crowd with crickets, specially those of us that have been with PfSense for over 10 years, if they are going to try and go the direction of Red-Hat and go commercial while forgetting about the little guys that helped get them there then I think it may be time to jump ship.I did try your post and received "pkg-static: Cannot get an advisory lock on a database, it is locked by another process"
Also, in response to the issue I have been having I did make a post days ago and tried what was posted and was very thankful and it didn't work which is why I posted what i did above.
I have no intentions to be a "towel whipper" but commercial issue or not everyone should be taken care of as best as possible and sure I'd call and get technical support but not for $400/incident (which I see is down from $600) but as @avr said this is supposed to be hardened security software, it is the front-line of defense for many networks, it has to be strong, robust but flexible while doing it's job and it is seemingly getting weaker over time and after reading some posts off OPNSense I'm starting to understand why.... https://forum.opnsense.org/index.php?topic=3144.0In the past this forum has had issues responding to posted issue and some people have been flamed and treated harshly, I've been one of them, at least I think so or maybe I'm just being sensitive but I do know that when i respond to clients I do my best to treat them with respect and give them the benefit of the doubt and if they call themselves technically illiterate then GREAT! I then prop them up and let them know that it's ok, that's why I'm here but by no means ever think that I know everything because no one can. I know enough to get the job done and if I don't I'll find someone that does.
Being humble goes a long ways, something much of the world has forgotten. We all get angry and point the finger so quickly and it saddens me greatly!
Anyhow, sorry about the rant again.
I'll post the bug but as I've seen in the past I don't expect to get a resolution, I'll likely get "Not enough information, Ticket Closed" -
@al Bug posted
-
@al Tried logging in, reset my password 3 times as I haven't logged in for quite some time, successfully reset the password each time, login fails each time.
Can't say I didn't try. -
@avr Great :) If you like please post the link to the bug report here as to keep you post and bug report "linked" together. Makes it easier for other people to find your bug report that may experience the same issue as you.
(Also if you find it useful maybe post a link to your forum post in the redmine ticket you created.)
Thanks
@Visseroth I understand your frustration and feelings. My only advice is reach out, describe/report, be succinct/to the point etc. People at Netgate are also people. You, I and the people at Netgate have probably both been the ones giving and getting support and trying to do our best. If Netgate does not do the best then it is the management problem, but somehow to me it is misplaced to have the critique posted here in the forum where we all should help each other and e.g. write bug reports when it seems needed and getting things back on track. :) So maybe - if needed - have a special "write to management" kind of channel if some specific general quality problem arises over and over again.
I know I probably cannot interface your problem and frustration 100% with this answer, but I do understand you frustration - trust me! -
@al
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664 -
@avr said in pfSense 2.4.5-RELEASE-p1 Now Available:
@al
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664Isn't dns-leakage while using VPN-clients a general problem in pfSense? Can't see what your have done would help there in the first place.
Do you have DNS Query Forwarding in the forwarder enabled? -
@Bob-Dig Enable Forwarding Mode is disabled
-
@Visseroth Strange. Please try using a different browser or an anonymous tab when logging in - it could be some cache stuff or an old cookie or something else that gives a problem.
-
@avr Ok, same here. But I think tinkering under general setup is no solution in the first place. The only solution I am aware of is using only the vpn-client(s) as Outgoing Network Interfaces in the resolver. Works flawlessly.
-
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664Hi,
this is a misstatement:
"So all of you out there may be leaking vpn DNSs right now after upgrade... that's an upgrade bug, a serious one."this is not the case for everyone...
-
@al Tried that, some results
-
@DaddyGo it's not a misstatement: 'may' is not the same as affirming for sure... anyway I'm happy for you, but I'm not happy for me.
pfSense most likelly has 2 sets of configurations: one configured in the OS in the form of conf files and one for the front-end. I bet in my case they got out of sync, and setting off and on again made sync them... of course this is just and hypothesis but still a logical one. -
@avr said in pfSense 2.4.5-RELEASE-p1 Now Available:
@DaddyGo it's not a misstatement: 'may' is not the same as affirming for sure... anyway I'm happy for you, but I'm not happy for me.
pfSense most likelly has 2 sets of configurations: one configured in the OS in the form of conf files and one for the front-end. I bet in my case they got out of sync, and setting off and on again made sync them... of course this is just AN hypothesis but still a logical one. -
@al Restarted, tried again, stuck again...
[220/239] Reinstalling pkg-1.13.2... [220/239] Extracting pkg-1.13.2: 100% You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed. [221/239] Upgrading pfSense-pkg-squidGuard from 1.16.18_5 to 1.16.18_6... [221/239] Extracting pfSense-pkg-squidGuard-1.16.18_6: 100% Removing squidGuard components... Menu items... done. Services... done. Loading package instructions... Deinstall commands... done. -
@Visseroth Do you still get a:
I did try your post and received "pkg-static: Cannot get an advisory lock on a database, it is locked by another process"
if so does a:
killall pkg-static
make a difference? Is the process truly terminated if you look up / check with 'ps -aux' or 'top' ?
Afterwards please run (again) and see if package continue to become installed:
pkg-static upgrade -f
-
@Visseroth also consider running a:
pkg clean
, after killing the process - maybe it does the job re. the lock. A wild guess, but try.
-
Hi, Thanks for your reply.
something can be safely called a global problem, if the problem is the same everywhere
if it only happens in a few installations, it can be anything, I mean it's not good for you, but it can be something else in the background
if this were the situation in a completely general way and for everyone - then you are absolutely right
there are nearly 50 of pfSense (2.4.5-p1) running on our systems - and we really haven’t experienced that issue...
(on a variety of environments and hardware)it scared me too - but we checked several installations immediately - but no question so far
we use almost only OpenVPN connections between multiple countries and of course NordVPN + ExpVPN subscriptions
my opinion is that:
I modify - this is not a misstatement - but a problem to be investigated individually ,first (of course with community help if needed)
-
@al pkg clean and pkg-static clean gave me "Nothing to do"
Tried pkg-static upgrade -f again, same result -
@Visseroth Seems the problems are with specific packages re. https://forum.netgate.com/topic/154403/squidguard-update-fails-after-upgrading-pfsense-2-4-5-release-p1 where (deep below in the thread) it is listed how to workaround it. However the problem might be a bug in the pkg-static program.
dennis_s / Netgate employee mention using 'killall -9 pkg-static', whereas pr340 mention deleting squidGuard calling 'pkg delete squidGuard', unfortunately I think you need to read it through thoroughly to decide which path you want to take.
