2.4.0 upgrade disaster, need advice

  • Dear all,

    I had the bad idea yesterday to try and upgrade my 2.3.5 perfectly working installation … I don't know what happened but basically I ended up with an non booting install and even worst with a totally corrupted hard drive (could recover any data from it not even the config.xml ...) I am the only one to blame since I was stupid enough to not have taken a backup of my config.xml (in fact I thought I had some time ago but could not fin the bloody file anywhere now :()

    The issue seems to be linked to my 350t4 intel card, since when trying to reinstall fresh It keeps crashing after a random but anyway short duration (less than 2min even with no network cables connected at all). If I remove the card all seems to work and I can install, if I add the card back to the machine, almost instant crash again ... It is not the card as such since it was working perfectly since about a year in the machine and btw, if I reinstall 2.3.4 it just works perfectly again and does not crash at all...

    I spent several hours yesterday to try and resolve this issue without any success ... 2.3.4 works perfect, 2.4.0 instant crash (cannot complete installation with the card in and cannot even use the recovery shell for more than 20s before it just reboots)

    Long story short :

    Does anyone faced such an issue ? What could I do ?

    Separately and since I need to anyway reenjoy a full installation / configuration , I was wondering if I was not better of NOT installing directly pfsense on the machine but instead instead ESX 6.5 and create a single VM on it for pfsense. Why? Because it would give me an easy way to recover such a failure in the future by simply using snapshots. I don't plan to have any other vm running on this machine.

    Hardware wise it is running on :
    Intel Pentium G4560
    Gigabyte GA-B250M-DS3H
    SSD SanDisk X400 256 Go M.2 SATA 6 Gbit/s
    8 GB DDR4 2133 CL15 Crucial
    Intel i350T4

    My connection is currently 500MB/50MB but I bought this hardware to be capable of handling Gb speed with suricata/ntopng

    Do you think this is a wise idea ? or just another stupid idea from my side :)

    Thanks !

  • So if 2.3 works as expected why not stay on that until the 2.4 issues settle down and you can try a 2.4.1 or .2 when it becomes available?

    This makes me wonder if there are plans for pfsense to institute a similar a/b partition scheme for the full install as the nano has/had.

    With nano, since config was on a separate device / USB key it is less likely to be corrupted as part of the system / upgrade should do a backup if it doesn't already.

    Even Android is now implementing the a/b partition feature for upgrade management and disaster recovery.


  • You re totally right. I was indeed very much thinking about using 2.3 back anyway (except if someone could point me to a yes of course this is a known issue with this hardware component, please using the latest daily :))

    That's actually why I was envisaging the esx option … would allow me to very easily try 2.4.1 and so on until it does work without hassle ...
    I was a bit pissed by the data corruption but even more pissed by my own stupidity to not even have extracted the config.xml somewhere out of the firewall BEFORE starting such an upgrade ... I spent really a LOT of time getting all my suricata, haproxy, firewall to my liking ... I mean probably 100+ hours all together ... but again, my own fault so I will have to re-enjoy this from scratch ...

  • You might find that 2.4.0 works for you now on top of ESXi as ESXi will be running your problematic NIC.  pfSense will be seeing virtual NICs which use different drivers and presumably have much more test time.

    Assuming of course that ESXi likes the NIC better than pfSense. :-\

  • Netgate Administrator

    What was the crash exactly? Do you have the report?

    It's very unusual to see that with an Intel NIC. They are generally the best supported. There will be many thousands of those out there running 2.4, I'd be surprised if it was a problem with the card itself. More likely the updated FreeBSD 11.1 base and newer drivers enabled some hardware on your box or maybe some feature that was previously unsupported and that is causing a conflict.

    If you cannot boot into it at all it can make troubleshooting difficult but I would try the usual measures of disabling everything on your motherboard you don't need and/or disabling MSI/MSI-X for the NIC.



  • Sorry for the very late feedback. Indeed the issue seems to be 100% linked to my network card … I tried everything I could imagine and as suggested by Jed actually even esxi 6.5 did not like my card at all ... I then tried to boot on ubuntu 16.04, no luck ... then on ubuntu 12.04 and ... still crashing during the boot sequence ... This is really impressive but indeed it looks like no unix based OS at all are liking the particular bios I look to have on this one !
    I then reinstalled pfsense 2.3 and ... everything is running perfectly smooth again ...

    I need to find a way to flash the bloody bios on this network card but since I could not find any free OS that would allow me to even boot to console it is a bit of a mess :(

    I loved the esxi idea but the fact is that the rest of the hardware on this rooter is not exactly server grade os I am not even sure that I would manage anyway :)

  • Netgate Administrator

    Hmm, odd. Is it a genuine Intel card or a cheap Chinese one?

    Sounds like there's a good chance it isn't genuine to me as I'd be amazed to see that sort of incompatibility from a real Intel card.


  • I wonder if installing vanilla freebsd 11.1 would shed any light? I would also add that having it in a VM is very convenient because it presents a consistent hardware layer and allows easy rollbacks.

Log in to reply