pfSense 2.4.5-RELEASE-p1 Now Available
-
@al Believe me when I say I wasn't yelling, more of a rant than a yell and to (hopefully )get the attention of the PfSense staff to let them know that it's not OK.
I understand there can be programming bugs and I did already post here...
https://forum.netgate.com/topic/154389/2-4-5r1-update-no-package-re-install/17
and got some help and it helped for a couple packages but I still have things getting stuck and if they are going to treat the CE crowd with crickets, specially those of us that have been with PfSense for over 10 years, if they are going to try and go the direction of Red-Hat and go commercial while forgetting about the little guys that helped get them there then I think it may be time to jump ship.I did try your post and received "pkg-static: Cannot get an advisory lock on a database, it is locked by another process"
Also, in response to the issue I have been having I did make a post days ago and tried what was posted and was very thankful and it didn't work which is why I posted what i did above.
I have no intentions to be a "towel whipper" but commercial issue or not everyone should be taken care of as best as possible and sure I'd call and get technical support but not for $400/incident (which I see is down from $600) but as @avr said this is supposed to be hardened security software, it is the front-line of defense for many networks, it has to be strong, robust but flexible while doing it's job and it is seemingly getting weaker over time and after reading some posts off OPNSense I'm starting to understand why.... https://forum.opnsense.org/index.php?topic=3144.0In the past this forum has had issues responding to posted issue and some people have been flamed and treated harshly, I've been one of them, at least I think so or maybe I'm just being sensitive but I do know that when i respond to clients I do my best to treat them with respect and give them the benefit of the doubt and if they call themselves technically illiterate then GREAT! I then prop them up and let them know that it's ok, that's why I'm here but by no means ever think that I know everything because no one can. I know enough to get the job done and if I don't I'll find someone that does.
Being humble goes a long ways, something much of the world has forgotten. We all get angry and point the finger so quickly and it saddens me greatly!
Anyhow, sorry about the rant again.
I'll post the bug but as I've seen in the past I don't expect to get a resolution, I'll likely get "Not enough information, Ticket Closed" -
@al Bug posted
-
@al Tried logging in, reset my password 3 times as I haven't logged in for quite some time, successfully reset the password each time, login fails each time.
Can't say I didn't try. -
@avr Great :) If you like please post the link to the bug report here as to keep you post and bug report "linked" together. Makes it easier for other people to find your bug report that may experience the same issue as you.
(Also if you find it useful maybe post a link to your forum post in the redmine ticket you created.)
Thanks
@Visseroth I understand your frustration and feelings. My only advice is reach out, describe/report, be succinct/to the point etc. People at Netgate are also people. You, I and the people at Netgate have probably both been the ones giving and getting support and trying to do our best. If Netgate does not do the best then it is the management problem, but somehow to me it is misplaced to have the critique posted here in the forum where we all should help each other and e.g. write bug reports when it seems needed and getting things back on track. :) So maybe - if needed - have a special "write to management" kind of channel if some specific general quality problem arises over and over again.
I know I probably cannot interface your problem and frustration 100% with this answer, but I do understand you frustration - trust me! -
@al
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664 -
@avr said in pfSense 2.4.5-RELEASE-p1 Now Available:
@al
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664Isn't dns-leakage while using VPN-clients a general problem in pfSense? Can't see what your have done would help there in the first place.
Do you have DNS Query Forwarding in the forwarder enabled? -
@Bob-Dig Enable Forwarding Mode is disabled
-
@Visseroth Strange. Please try using a different browser or an anonymous tab when logging in - it could be some cache stuff or an old cookie or something else that gives a problem.
-
@avr Ok, same here. But I think tinkering under general setup is no solution in the first place. The only solution I am aware of is using only the vpn-client(s) as Outgoing Network Interfaces in the resolver. Works flawlessly.
-
Issue:
After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS
https://redmine.pfsense.org/issues/10664Hi,
this is a misstatement:
"So all of you out there may be leaking vpn DNSs right now after upgrade... that's an upgrade bug, a serious one."this is not the case for everyone...
-
@al Tried that, some results
-
@DaddyGo it's not a misstatement: 'may' is not the same as affirming for sure... anyway I'm happy for you, but I'm not happy for me.
pfSense most likelly has 2 sets of configurations: one configured in the OS in the form of conf files and one for the front-end. I bet in my case they got out of sync, and setting off and on again made sync them... of course this is just and hypothesis but still a logical one. -
@avr said in pfSense 2.4.5-RELEASE-p1 Now Available:
@DaddyGo it's not a misstatement: 'may' is not the same as affirming for sure... anyway I'm happy for you, but I'm not happy for me.
pfSense most likelly has 2 sets of configurations: one configured in the OS in the form of conf files and one for the front-end. I bet in my case they got out of sync, and setting off and on again made sync them... of course this is just AN hypothesis but still a logical one. -
@al Restarted, tried again, stuck again...
[220/239] Reinstalling pkg-1.13.2... [220/239] Extracting pkg-1.13.2: 100% You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed. [221/239] Upgrading pfSense-pkg-squidGuard from 1.16.18_5 to 1.16.18_6... [221/239] Extracting pfSense-pkg-squidGuard-1.16.18_6: 100% Removing squidGuard components... Menu items... done. Services... done. Loading package instructions... Deinstall commands... done.
-
@Visseroth Do you still get a:
I did try your post and received "pkg-static: Cannot get an advisory lock on a database, it is locked by another process"
if so does a:
killall pkg-static
make a difference? Is the process truly terminated if you look up / check with 'ps -aux' or 'top' ?
Afterwards please run (again) and see if package continue to become installed:
pkg-static upgrade -f
-
@Visseroth also consider running a:
pkg clean
, after killing the process - maybe it does the job re. the lock. A wild guess, but try.
-
Hi, Thanks for your reply.
something can be safely called a global problem, if the problem is the same everywhere
if it only happens in a few installations, it can be anything, I mean it's not good for you, but it can be something else in the background
if this were the situation in a completely general way and for everyone - then you are absolutely right
there are nearly 50 of pfSense (2.4.5-p1) running on our systems - and we really haven’t experienced that issue...
(on a variety of environments and hardware)it scared me too - but we checked several installations immediately - but no question so far
we use almost only OpenVPN connections between multiple countries and of course NordVPN + ExpVPN subscriptions
my opinion is that:
I modify - this is not a misstatement - but a problem to be investigated individually ,first (of course with community help if needed)
-
@al pkg clean and pkg-static clean gave me "Nothing to do"
Tried pkg-static upgrade -f again, same result -
@Visseroth Seems the problems are with specific packages re. https://forum.netgate.com/topic/154403/squidguard-update-fails-after-upgrading-pfsense-2-4-5-release-p1 where (deep below in the thread) it is listed how to workaround it. However the problem might be a bug in the pkg-static program.
dennis_s / Netgate employee mention using 'killall -9 pkg-static', whereas pr340 mention deleting squidGuard calling 'pkg delete squidGuard', unfortunately I think you need to read it through thoroughly to decide which path you want to take.
-
@Visseroth forgot to mention: Try to close down the squid service before doing the package update. Maybe that makes a difference.
-
@DaddyGo said in pfSense 2.4.5-RELEASE-p1 Now Available:
if it only happens in a few installations, it can be anything
I'd like to politelly disagree there... software engineering, the absent elephant in the room, should prevent 'random' problems like this to occur. Imagine if, instead of a security software product, it was a bridge, or a building... oh wait! anti-engineering is getting there too!
-
I have 3 gateways, one ipv6 (Comcast, SLAAC) and 2 ipv4 (Comcast static /29 and Verizon Wireless static /32). The status of the ipv6 gateway remains "Unknown" although ipv6 clients get an address and routing works. I added a report to a bug here: https://redmine.pfsense.org/issues/10565#change-46724
but there has been no notice of it. -
@al Good call, I don't know why I didn't think of that! I guess I ass-u-me-d (assumed) that it would stop the service and then update the application and then restart the service.
-
@Visseroth Great :)
It would be most logical if the service would stop when its package is updated.
What the reason is that it doesn't is a good question.
Whether the new package has the issue fixed is a good question, but lets hope the problem gets picked up by Netgate e.g. as a note in the release notes and/or tested/fixed in the upcoming packages for squid / squidGuard and maybe other packages that may have this problem of not shutting down their services when package updates happen.Cheers :)
-
Hi to all,
I've upgraded yesterday and solve my primary issue related to WAN speed. Now speedtest told me 810/200 (before 400/160).
Thanks, great job!!! -
@Roberto-Bianchi That begs the questions for everyone on the forum: How did you solve your WAN speed issue?
-
I solve with upgrade to 2.4.5 p1.
-
Never had a speed issue. I have a 200/10 speed on cable connection. Typically get about 230/12 before and after upgrade to 2.4.5-p1.
-
This post is deleted! -
Upgraded from 2.4.4 to 2.4.5-RELEASE-p1 (amd64)
HP NC550SFP prevents from booting, only Safe Mode works. -
@wouwie said in pfSense 2.4.5-RELEASE-p1 Now Available:
Upgraded from 2.4.4 to 2.4.5-RELEASE-p1 (amd64)
HP NC550SFP prevents from booting, only Safe Mode works.Hi,
Hmmm, hmmm here was an OP system change also to 11.3 -STABLE
Here you always have to follow the hardware components:
https://www.freebsd.org/releases/11.3R/hardware.htmlthis issue has already been encountered by others, such as (f.e. in the past):
https://forum.netgate.com/topic/84467/hp-sfp-pfsense-2-2-2-is-not-identifyingFreeBSD is not as quickly and well supported on hardware theme as Win or Linux distros.
This HP NIC card is a bit of a bait card...
(I have read about it several times) -
Hi,
Is there gonna be a new minor release coming up soon to patch the recent vulnerabilities on intel processors and/or upgrade to freebsd 11.4 ?