PfSense 2.3.2 manual update missing?



  • Noticed that the manual update function now is missing in pfSense 2.3.2? Is this intentional? We have have pfSense boxes running in a closed down hosting environment and a manual update is the only way to upgrade.



  • 2.3 was the last one you could update manually.



  • @heper:

    2.3 was the last one you could update manually.

    Sounds like a dealbreaker to me



  • What a pain!

    2.3.1 had a problem here in the UK with pppoe connections and apinger.
    Which does not seem to be the case with 2.3.2 as this is working fine ( the exact same config )

    One of our remote sites can only be updated manual which now means going out onsite and re-installing it from scratch and restoring from backup.
    Why on earth was the manual update method removed????



  • This is a problem indeed.



  • ….same problem here. Hope this function will be reimplemented.....



  • Current online update system is not so bulletproof as offline upgrade can be, so we need it back or more reliable online update than current system that can be failed due server error or whatever it was. Argumentation that you can always install fresh and restore original config does not apply on remote appliance.


  • Rebel Alliance Developer Netgate

    @w0w:

    Current online update system is not so bulletproof as offline upgrade can be, so we need it back or more reliable online update than current system that can be failed due server error or whatever it was. Argumentation that you can always install fresh and restore original config does not apply on remote appliance.

    If an appliance has connectivity, you can do an online upgrade. If the device is not remote, you can reinstall.

    There is no longer a "tarball" style single file that could possibly be used for an effective upgrade.

    If you have a complicated network with no external connectivity and multiple units, then perhaps you could look into setting up a local pkg mirror.

    There may yet be a way to make an offline upgrade by having a connected box fetch the updated pkg files and then copying them over to a new box and installing manually, but that is likely to result in problems until/unless we find a way to do that safely.



  • @jimp:

    If you have a complicated network with no external connectivity and multiple units, then perhaps you could look into setting up a local pkg mirror.

    Any chance to get some instructions on how to do that? I'm really interested, because I maintain lots of pfSense instances which have limited internet access during installs/upgrades, or don't have internet access at all.



  • This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.


  • Netgate

    @Juve:

    This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.

    pfSense can not be all things to all people.  There is no formal list of requirements that the software has to meet.  Instead it is open source, so you could fork it to make it suit your needs.  (You just have to comply with the terms of the license.)

    That all said, I don't see any reason why you couldn't figure out how to get the packages onto some media (USB key), move them into place, and update from there.  Seems like a day or two of hacking to build a tool.


  • Administrator

    @Juve:

    This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.

    Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:

    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/

    To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.



  • Thank you for your replies, especially that one : " Instead it is open source, so you could fork it to make it suit your needs." 
    It makes me think you've been "offended" by the message, don't know why.
    I've been here for a long time, and never thought making a fork would be useful for the project.Best is to share feedback and views…
    By the way, to make things clear, I just find sad to remove something that has been working fine (at least for me, on hundreds of setups) for 11+ years, in an easy upgrade process of download/upload.
    Have a great day.



  • @Renato:

    @Juve:

    This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.

    Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:

    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/

    To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.

    is just a problems here to update how do you bypass certificate check


  • Administrator

    @kjoe:

    @Renato:

    @Juve:

    This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.

    Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:

    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/

    To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.

    is just a problems here to update how do you bypass certificate check

    Using http instead of https



  • @Renato:

    @kjoe:

    @Renato:

    @Juve:

    This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.

    Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:

    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/

    To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.

    is just a problems here to update how do you bypass certificate check

    Using http instead of https

    that's the problem whe it check ssl certificate from server it thow a warning because the server certificate is another thing diferent from pkg.pfsense.org is my server name. that make a conflict with ssl check so you can not install update.
    here the log from update

    Upgrading pfSense-repo… done.
    Updating repositories metadata...
    Updating pfSense-core repository catalogue...
    Repository pfSense-core has a wrong packagesite, need to re-create database
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Repository pfSense has a wrong packagesite, need to re-create database
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
    Unable to update repository pfSense
    Failed
    the after that i got this in system update
    The following input errors were detected:

    ERROR: Error trying to get packages list. Aborting...
        pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required
        ERROR: Error trying to get packages list. Aborting...
        pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required

    Updating repositories metadata...
    Updating pfSense-core repository catalogue...
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
    here is the logs with certificate error



  • @kjoe:

    @Renato:

    @kjoe:

    @Renato:

    @Juve:

    This is a huge step back.
    pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :))
    The only mean of upgrade I see is full reinstall with backup import….

    This is sad.

    Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf:

    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/
    http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/

    To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address.

    is just a problems here to update how do you bypass certificate check

    Using http instead of https

    that's the problem whe it check ssl certificate from server it thow a warning because the server certificate is another thing diferent from pkg.pfsense.org is my server name. that make a conflict with ssl check so you can not install update.
    here the log from update

    Upgrading pfSense-repo… done.
    Updating repositories metadata...
    Updating pfSense-core repository catalogue...
    Repository pfSense-core has a wrong packagesite, need to re-create database
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Repository pfSense has a wrong packagesite, need to re-create database
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
    Unable to update repository pfSense
    Failed
    the after that i got this in system update
    The following input errors were detected:

    ERROR: Error trying to get packages list. Aborting...
        pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required
        ERROR: Error trying to get packages list. Aborting...
        pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required

    Updating repositories metadata...
    Updating pfSense-core repository catalogue...
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error
    repository pfSense has no meta file, using default settings
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    Certificate verification failed for /CN=sdc.conjusol.cu
    34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
    pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error
    here is the logs with certificate error

    solved all this editing pfsense.conf repo in /usr/local/etc/pkg/repos setting as http local repo and is done