Don't upgrade to x86 CE build 2.4.0.r.20171008.0625



  • Keep your hands away from x86 CE build 2.4.0.r.20171008.0625 IPv4 is broken in it you can't even assign an IPv4 address to an interface with it.



  • Hosed my setup as well. Please pull this update immediately.



  • Mine too.



  • I'm seeing it too. Testing in a VM at the moment, so upgrading from yesterday's build (which was a fresh install).




  • The latest 2.4.0-RC x64 release (as of 3 hours ago) bust my PPPOE connection. No IP was assigned…
    Rolled back to 2.4.0.r.20171003.1349 (when I had last made a memstick) and all was ok again.

    PS. I upgraded, in place, from the WebUI



  • I just did a fresh install with today's build, and everything seems to be working.
    So it looks like it might be an issue during an upgrade?



  • Same for AMD64. No LAN.


  • Netgate Administrator

    Hmm, like no static IP on the LAN interface?

    I just upgraded a box here and am not seeing that.

    Logging is working as the files were already present. There may be an issue on fresh installs from that snap.

    What exactly are you seeing? Anything logged?

    Steve



  • All I can see is the console. hn0 -> nothing.

    I can't access the webgui because the pc can't get an ip address.

    Tried resetting to factory defaults. That did not work, going to reinstall from scratch using the previous version.



  • Hi,

    DHCP is not working for me, I get the following error on boot

    Can't attach interface lagg0_vlan15 to bpf device /dev/bpf0: Invalid argument



  • Update a remote pFsense and no access.

    If someone have a fast fix please put here.

    Tomorrow i have to go onsite and fix or reinstall the firewall.

    Thanks



  • Reinstalled from the previous release (yesterday). It's back up.



  • For me, DHCPd and DNSmask service don't start.

    Go back



  • Ditto. Updated from yesterday’s build and the router is no longer accessible remotely and network is down.



  • Completely borked me as well, AMD-64 version



  • I see also, at pfsense boot : block on "db>  " a power off, and after, it's ok for me



  • @stephenw10:

    Hmm, like no static IP on the LAN interface?

    I just upgraded a box here and am not seeing that.

    Logging is working as the files were already present. There may be an issue on fresh installs from that snap.

    What exactly are you seeing? Anything logged?

    Steve

    For me, when it came back up, LAN and WAN both had the interfaces listed correct, but no IPs listed. Reboot did not help.
    I did update via the webgui. Mine is also AMD64.

    I blew it away (testing VM), and did a fresh install of today's build, and so far everything seems good.



  • I'll try to give as much information as possible:

    Box before the upgrade attempt:
    Mini-ITX System based on an ASUS N3150-C with an Intel 82571EB 4 port NIC (em driver) and 64GB SSD.
    Onboard Realtek Ethernet Controller disabled in BIOS.
    It was running the last 2.4RC build from yesterday (07.10.2017) using ZFS as filesystem.
    Note: I was originally running 2.4.1 and reverted back to 2.4.0, when it moved to FreeBSD 11.1, recovering the config during the install.

    Installed Packages iperf (server not active), bandwidthd and cron.

    em0 configured as LAN with a static IPv4 on 192.168.2.1/24 and the IPv6 from HE.net tunnel.
    em1 confgured as OPT with a static IPv4 on 192.168.1.1/24 to access the WebUI of the DSL modem.
    WAN configured as PPPoE on em1, get's a dynamic IPv4 address.

    I started the upgrade using the WebUI, like always, it downloaded the packages and rebootet. Booting took quite a bit longer than usual, after it was finished neither the box nor the WAN was reachable.

    I attached a Monitor to the box and normal output should be like this:

    
    WAN (wan) -> pppoe0 -> v4/PPPoE: x.x.x.x
    Lan (lan) -> em0 -> v4: 192.168.2.1/24
                                    v6: x:x:x:x::x/64
    MODEM_ACCESS (opt1) -> em1 -> v4: 192.168.1.2/24
    and the HE.NET Tunnel
    
    

    instead it was this:

    
    WAN (wan) -> pppoe0 -> 
    Lan (lan) -> em0 -> 
                                    v6: x:x:x:x::x/64
    MODEM_ACCESS (opt1) -> em1 -> 
    and the HE.NET Tunnel
    
    

    I attached a keyboard and used option 2 to give LAN a new IPv4 address, the process run without displaying any errors but LAN was still without an IPv4 address afterwards. I rebooted for good measure but that didn't change a thing.
    After that I used option 4 to reset pfSense to factory defaults, this run through without an error and after the reboot this was displayed for the interfaces:

    
    WAN (wan) -> em0 -> 
    Lan (lan) -> em1 -> 
    
    

    I tried to reassign the interfaces and manually add an IPv4 address to the LAN, but it still didn't work. So I reinstalled an older build and go the box working again.



  • Same here, BUT if helps to solve i had several IP alias in LAN and they were asigned to LAN and worked to connect.

    Then deleted them and unable to configure the IP.

    Also in WAN i have static IP and even i configure it, it is not used (in console, IP (WAN and LAN) are blank (in Web cfg (when accessed with one of those aliases) appeared as configured)

    Also when configuring in console appears an error about "renaming interfaces", i'll try to take a photo.

    Downloading 20171006-1536 to reinstall if no solution given.



  • @Sedorox:

    I blew it away (testing VM), and did a fresh install of today's build, and so far everything seems good.

    Did you restore you previous config or did you reconfigure by hand?

    Are you using the traffic shaper, and if yes do the queues show up in Status -> Queues?



  • Sorry, the error about renaming was when booting, not when configuring IP, attached 2 pictures, one with the renaming error when booting and other after configure LAN IP in console and IPs of interfaces are blank.






  • @Grimson:

    @Sedorox:

    I blew it away (testing VM), and did a fresh install of today's build, and so far everything seems good.

    Did you restore you previous config or did you reconfigure by hand?

    Are you using the traffic shaper, and if yes do the queues show up in Status -> Queues?

    No, I did everything from scratch again (only installed about 9:00pm EDT). I didn't have the shaper setup, I did have a few packages (ACME, FRR, Snort, PFBlockerNG), and I believe I went through the real basic setup of Snort and PFBlockerNG. But other than that it was pretty much stock/not configured.

    I still have the ISOs from yesterday and I can do some testing to see if I can reproduce it and grab some more screen shots.

    Edit: So far I reinstalled with yesterday's build, but it isn't finding anything yet for an update. I'll leave it be for a bit and see what happens.



  • I tried to configure the IPs from shell (console) and default GW and got some connectivity

    So:

    ifconfig re0 WANIP/Mask
    ifconfig rl0 LANIP/Mask
    route add default MI_ISP_GW_IP

    Gave me some connectivity, i can ping to the Internet (ie: 8.8.8.8 ) BUT no DNS (even configured in Web manager, i had to configure the GW for DNS again)

    Now restoring a config over this build (i did a backup yesterday night!  ::) ) and will report if solves something


  • Banned

    This is superborked and not being able to see the relevant commits on Redmine/GitHub once again does not help here.




  • Rebel Alliance Developer Netgate

    We're working on a fix right now. A change went in that appears to have broken older package binaries (even base system package binaries) with a newer kernel/world. Once we get a new full pkg set built and tested we'll get a fix out.

    In the meantime, installing a current snapshot fresh will work since it all matches. Reinstalling and using the "recover config.xml" option will have you back up with less effort than other solutions.

    We have taken the broken package sets down so people can't accidentally upgrade to a broken snapshot.



  • @jimp:

    We have taken the broken package sets down so people can't accidentally upgrade to a broken snapshot.

    for some reason I am unable to get to the repository after going to previous snapshot. Is there anyway I can quickly install freeradius package so I get wifi working atleast?


  • Banned

    The repos are down apparently ATM.



  • @doktornotor:

    The repos are down apparently ATM.

    Thanks. Hope packages are back up soon.



  • Yes, my pfSense box got hosed as well. I can't complete my restore since the pkg libraries are down.

    Can we restore the latest packages that worked for 2.4.0 while the devs fix the package set?



  • @Paint:

    Yes, my pfSense box got hosed as well. I can't complete my restore since the pkg libraries are down.

    Can we restore the latest packages that worked for 2.4.0 while the devs fix the package set?

    Yes please restore the packages

    edit:

    it seems they added .BAD to the end of the repos.

    https://firmware.netgate.com/pkg/pfSense_factory-v2_4_0_amd64-core.BAD
    https://firmware.netgate.com/pkg/pfSense_factory-v2_4_0_amd64-pfSense_factory-v2_4_0.BAD

    Can someone test this /usr/local/etc/pkg/repos/pfSense.conf file?

    
    FreeBSD: { enabled: no }
    
    pfSense-core: {
      url: "pkg+https://pkg.pfsense.org/pfSense_v2_4_0_amd64-core.BAD",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg",
      enabled: yes
    }
    
    pfSense: {
      url: "pkg+https://pkg.pfsense.org/pfSense_v2_4_0_amd64-pfSense_v2_4_0.BAD",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg",
      enabled: yes
    }
    
    

    edit 2: works!



  • I think they are marked BAD for a reason ::)



  • @marjohn56:

    I think they are marked BAD for a reason ::)

    I agree  ::)

    Could that situation also lead to failing package reinstallation after a fresh install?
    I did a fresh install of a RC-snapshot from Oct, 3rd or so (just chose a random one, updates later) and restored my backup xml to it.
    Currently it is not able to display available packages or install the packages listed in the XML.
    No big deal right now, just reporting and asking to learn things.



  • Most likely yes.

    Best to leave alone until the repo is back up. If you have killed your system then I would rebuild from one of the downloads that are still available. You may not have packages, but at least you'll get a basic working system, however each to their own.



  • @marjohn56:

    Most likely yes.

    Best to leave alone until the repo is back up. If you have killed your system then I would rebuild from one of the downloads that are still available. You may not have packages, but at least you'll get a basic working system, however each to their own.

    Box is up and running, no urgent need for the packages. Thanks.



  • i wish i had read this Friday night before i installed this on my sg2220…

    i learned quickly how to console into my box which i never had to do before.

    really my main complaint is this.  i had made a backup under diagnostics > backup and restore > backup and restore a few months ago to an XML file.  when i tried to restore it after i put 2.34 p1 back on i received this :

    a full configuration restore was selected but a pfsense tag could not be located.      what exactly does that mean?

    another sad note,  i am running the community version on what i believe is an older version of BSD version 10.    is that correct?



  • On 2.3.4 Yes. 11.0 is 2.4.0 ( or was/is/maybe ) 11.1 is 2.4.1  ( or was/is/maybe ). It's all a bit variable at the moment depending on how you are leaning.


  • Netgate Administrator

    The current release version of pfSense,2.3.4_1, is built on FreeBSD 10.3.

    2.4 snapshots were previously built on FreeBSD 11 but moved to 11.1 when we had to delay release to pull in patches for newly discovered issues.

    That applies to factory and CE versions.

    https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD

    If you upgraded to a bad snap and found the result unusable you have a few choices.

    You can wait until we get the repos back up after testing the fix we put in which should be very soon. If your firewall still has WAN connectivity you can upgrade from there.

    You can restore a 2.4 snap from Oct6th or earlier but because the repos are down you will not be able to install and packages.

    You can restore a 2.3.4 image, the repos for 2.3.4 are unaffected so packages will be installed but any config file you restore must be from 2.3.4 or earlier. If you restore a config from 2.4 you may see that sort of error where 2.3.4 does recognise tags in a 2.4 config file. Not everything has changed though.

    Steve



  • @marjohn56:

    I think they are marked BAD for a reason ::)

    I plan on fresh install and restore from old config.xml as soon as repos are up.



  • In this next sentence I say Something witty in Klingon about ZFS boot environments in pfSense 2.4+ as a mitigating factor for contingencies such as this:

    "ZFS nIvbogh be'vam SUPERBORK SeH 'oH alows SoH ghaH nom RECOVER."

    That was one really nice thing about Nano.