Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.4.0 upgrade disaster, need advice

    Installation and Upgrades
    5
    8
    1488
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Ashmodai6 last edited by

      Dear all,

      I had the bad idea yesterday to try and upgrade my 2.3.5 perfectly working installation … I don't know what happened but basically I ended up with an non booting install and even worst with a totally corrupted hard drive (could recover any data from it not even the config.xml ...) I am the only one to blame since I was stupid enough to not have taken a backup of my config.xml (in fact I thought I had some time ago but could not fin the bloody file anywhere now :()

      The issue seems to be linked to my 350t4 intel card, since when trying to reinstall fresh It keeps crashing after a random but anyway short duration (less than 2min even with no network cables connected at all). If I remove the card all seems to work and I can install, if I add the card back to the machine, almost instant crash again ... It is not the card as such since it was working perfectly since about a year in the machine and btw, if I reinstall 2.3.4 it just works perfectly again and does not crash at all...

      I spent several hours yesterday to try and resolve this issue without any success ... 2.3.4 works perfect, 2.4.0 instant crash (cannot complete installation with the card in and cannot even use the recovery shell for more than 20s before it just reboots)

      Long story short :

      Does anyone faced such an issue ? What could I do ?

      Separately and since I need to anyway reenjoy a full installation / configuration , I was wondering if I was not better of NOT installing directly pfsense on the machine but instead instead ESX 6.5 and create a single VM on it for pfsense. Why? Because it would give me an easy way to recover such a failure in the future by simply using snapshots. I don't plan to have any other vm running on this machine.

      Hardware wise it is running on :
      Intel Pentium G4560
      Gigabyte GA-B250M-DS3H
      SSD SanDisk X400 256 Go M.2 SATA 6 Gbit/s
      8 GB DDR4 2133 CL15 Crucial
      Intel i350T4

      My connection is currently 500MB/50MB but I bought this hardware to be capable of handling Gb speed with suricata/ntopng

      Do you think this is a wise idea ? or just another stupid idea from my side :)

      Thanks !

      1 Reply Last reply Reply Quote 0
      • D
        duren last edited by

        So if 2.3 works as expected why not stay on that until the 2.4 issues settle down and you can try a 2.4.1 or .2 when it becomes available?

        This makes me wonder if there are plans for pfsense to institute a similar a/b partition scheme for the full install as the nano has/had.

        With nano, since config was on a separate device / USB key it is less likely to be corrupted as part of the system / upgrade should do a backup if it doesn't already.

        Even Android is now implementing the a/b partition feature for upgrade management and disaster recovery.

        https://www.xda-developers.com/xiaomi-mi-a1-android-ab-partition/

        1 Reply Last reply Reply Quote 0
        • A
          Ashmodai6 last edited by

          You re totally right. I was indeed very much thinking about using 2.3 back anyway (except if someone could point me to a yes of course this is a known issue with this hardware component, please using the latest daily :))

          That's actually why I was envisaging the esx option … would allow me to very easily try 2.4.1 and so on until it does work without hassle ...
          I was a bit pissed by the data corruption but even more pissed by my own stupidity to not even have extracted the config.xml somewhere out of the firewall BEFORE starting such an upgrade ... I spent really a LOT of time getting all my suricata, haproxy, firewall to my liking ... I mean probably 100+ hours all together ... but again, my own fault so I will have to re-enjoy this from scratch ...

          1 Reply Last reply Reply Quote 0
          • J
            jclear last edited by

            You might find that 2.4.0 works for you now on top of ESXi as ESXi will be running your problematic NIC.  pfSense will be seeing virtual NICs which use different drivers and presumably have much more test time.

            Assuming of course that ESXi likes the NIC better than pfSense. :-\

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              What was the crash exactly? Do you have the report?

              It's very unusual to see that with an Intel NIC. They are generally the best supported. There will be many thousands of those out there running 2.4, I'd be surprised if it was a problem with the card itself. More likely the updated FreeBSD 11.1 base and newer drivers enabled some hardware on your box or maybe some feature that was previously unsupported and that is causing a conflict.

              If you cannot boot into it at all it can make troubleshooting difficult but I would try the usual measures of disabling everything on your motherboard you don't need and/or disabling MSI/MSI-X for the NIC.

              https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

              Steve

              1 Reply Last reply Reply Quote 0
              • A
                Ashmodai6 last edited by

                Sorry for the very late feedback. Indeed the issue seems to be 100% linked to my network card … I tried everything I could imagine and as suggested by Jed actually even esxi 6.5 did not like my card at all ... I then tried to boot on ubuntu 16.04, no luck ... then on ubuntu 12.04 and ... still crashing during the boot sequence ... This is really impressive but indeed it looks like no unix based OS at all are liking the particular bios I look to have on this one !
                I then reinstalled pfsense 2.3 and ... everything is running perfectly smooth again ...

                I need to find a way to flash the bloody bios on this network card but since I could not find any free OS that would allow me to even boot to console it is a bit of a mess :(

                I loved the esxi idea but the fact is that the rest of the hardware on this rooter is not exactly server grade os I am not even sure that I would manage anyway :)

                1 Reply Last reply Reply Quote 0
                • stephenw10
                  stephenw10 Netgate Administrator last edited by

                  Hmm, odd. Is it a genuine Intel card or a cheap Chinese one?

                  Sounds like there's a good chance it isn't genuine to me as I'd be amazed to see that sort of incompatibility from a real Intel card.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • B
                    bbrendon last edited by

                    I wonder if installing vanilla freebsd 11.1 would shed any light? I would also add that having it in a VM is very convenient because it presents a consistent hardware layer and allows easy rollbacks.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy