Issues after upgrading from 2.4.0 to 2.4.2



  • Hi,

    On my pfsense it looks like I ran into some issues during the last upgrade (done through the Web UI).

    First I wondered that my OpenVPN Server did not work. I found out that my "Encryption Algorithm" list was empty. After some research I found this Thread:
    https://forum.pfsense.org/index.php?topic=130345.0

    So I checked my Version of the OpenVPN Server, which is the following

    
    [2.4.0-RELEASE][admin@xxx]/root: openvpn --version
    OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct  8 2017
    library versions: OpenSSL 1.0.2m-freebsd  2 Nov 2017, LZO 2.10
    Originally developed by James Yonan
    Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no</sales@openvpn.net> 
    

    I also wondered that the CLI is telling me that I am still running 2.4.0-RELEASE

    WebUI is also telling me 2.4.0

    
    Version	2.4.0-RELEASE (amd64) 
    built on Tue Oct 10 06:43:01 CDT 2017 
    FreeBSD 11.1-RELEASE-p4
    
    

    but the update page is telling me 2.4.2

    
    Current Base System 2.4.2
    Latest Base System 2.4.2
    StatusUp to date.
    
    

    I tried to update on the Shell without any success.

    
    [2.4.0-RELEASE][admin@xxx]/root: pfSense-upgrade -d
    Usage: lockf [-Ah] [--credential=principal] [--cache=cache] [-c cache] [--all] [--no-unlog] [--no-delete-v4]
       [--version] [--help]
    --credential=principal  remove one credential
    -c cache, --cache=cache cache to destroy
    -A, --all               destroy all caches
    --no-unlog              do not destroy tokens
    --no-delete-v4          do not destroy v4 tickets
    
    

    Has someone an idea how to troubleshoot and hopefully fix this?

    Many Thanks!


  • LAYER 8 Global Moderator

    https://doc.pfsense.org/index.php/Firmware_Updates#Version_2.3_and_newer

    In 2.3 and newer versions, the update system is pkg-based, changing the available update methods. Upgrades are performed either under System > Update in the webGUI, or option 13 at the console. Manual updates are no longer available, and systems must be Internet-connected to update.




  • tanks johnpoz.

    as mentioned above, the System > Update in the webGUI shows me that I am already on 2.4.2 and cannot update.

    In Fact, using option 13 is the same as "pfSense-upgrade -d".so using opt 13 brings up exactly the same message and does not work:

    
     0) Logout (SSH only)                  9) pfTop
     1) Assign Interfaces                 10) Filter Logs
     2) Set interface(s) IP address       11) Restart webConfigurator
     3) Reset webConfigurator password    12) PHP shell + pfSense tools
     4) Reset to factory defaults         13) Update from console
     5) Reboot system                     14) Disable Secure Shell (sshd)
     6) Halt system                       15) Restore recent configuration
     7) Ping host                         16) Restart PHP-FPM
     8) Shell
    
    Enter an option: 13
    
    Usage: lockf [-Ah] [--credential=principal] [--cache=cache] [-c cache] [--all] [--no-unlog] [--no-delete-v4]
       [--version] [--help]
    --credential=principal  remove one credential
    -c cache, --cache=cache cache to destroy
    -A, --all               destroy all caches
    --no-unlog              do not destroy tokens
    --no-delete-v4          do not destroy v4 tickets
    *** Welcome to pfSense 2.4.0-RELEASE (amd64) on ldkpf01 ***
    
    

    My issue is not that I do not know how to update. My issue is, that the update did not work correctly (still reporting 2.4.0 on the dashboard and on the cli) and invoking the update process again does not work.


  • Rebel Alliance

    You could try

    pkg-static update
    pkg-static upgrade -f


  • LAYER 8 Global Moderator

    not sure where you got that 13 is the same as the command you were running?

    When I run it I get

    Enter an option: 13

    Updating repositories metadata…
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    Your packages are up to date

    Why are you showing

    Usage: lockf

    not sure what that has to do with the update process?

    Not sure what command is running but when I run lockf I get

    lockf
    usage: lockf [-kns] [-t seconds] file command [arguments]

    Looks like something is failing with the

    kdestroy [-Ah] [–credential=principal] [–cache=cache] [-c cache] [–all] [–no-unlog] [–no-delete-v4] [–version] [–help]
    –credential=principal  remove one credential
    -c cache, --cache=cache cache to destroy
    -A, --all              destroy all caches
    --no-unlog              do not destroy tokens
    --no-delete-v4          do not destroy v4 tickets

    Not sure why that would run in an upgrade process?

    Not sure what thread you where package-upgrade was ever a command you would run?  There is a package called pfSense-upgrade-0.35.txz that would get installed when you upgrade.. you can see all the different packages in the repository here.
    http://files01.netgate.com/pfSense_v2_4_0_amd64-pfSense_v2_4_0/All/



  • @johnpoz
    Option 13 :  https://github.com/pfsense/pfsense/blob/a1035bd86c368e37adabc069da9793ee9c5b3c77/src/etc/rc.initial#L139
    So that calls pfSense-upgrade

    Source file pfSense-upgrade.wrapper becomes pfSense-upgrade
    https://github.com/pfsense/FreeBSD-ports/blob/95f77ea6c2c6291d3af6543c1e9391451b672867/sysutils/pfSense-upgrade/Makefile#L30

    Which calls lockf: https://github.com/pfsense/FreeBSD-ports/blob/801d6095ac824f8d5677c9b6e07f317313048207/sysutils/pfSense-upgrade/files/pfSense-upgrade.wrapper#L43

    So manually running pfSense-upgrade isn't really that different from running option 13, and internally does call lockf..
    Now the bigger question is why does lockf complain about parameters.. Is the updatescript not updated and lockf is or the other way around.?. or something else the problem..

    @EarlBacid
    The output of pkg-static update / pkg-static upgrade -f as requested by Perforado might be interesting though..



  • Hi,

    First of all, Thank you very much for your help, I really appreciate this!

    The output of the pkg-static update / pkg-static upgrade -f commands are the following:

    
    [2.4.0-RELEASE][admin@xxx]/root: pkg-static update
    Updating pfSense-core repository catalogue...
    pkg-static: Repository pfSense-core has a wrong packagesite, need to re-create database
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    Fetching packagesite.txz: 100%    2 KiB   1.8kB/s    00:01
    Processing entries: 100%
    pfSense-core repository update completed. 7 packages processed.
    Updating pfSense repository catalogue...
    pkg-static: Repository pfSense has a wrong packagesite, need to re-create database
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    Fetching packagesite.txz: 100%  130 KiB 133.3kB/s    00:01
    Processing entries: 100%
    pfSense repository update completed. 492 packages processed.
    All repositories are up to date.
    
    [2.4.0-RELEASE][admin@xxx]/root: pkg-static update -f
    Updating pfSense-core repository catalogue...
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    Fetching packagesite.txz: 100%    2 KiB   1.8kB/s    00:01
    Processing entries: 100%
    pfSense-core repository update completed. 7 packages processed.
    Updating pfSense repository catalogue...
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    Fetching packagesite.txz: 100%  130 KiB 133.3kB/s    00:01
    Processing entries: 100%
    pfSense repository update completed. 492 packages processed.
    All repositories are up to date.
    
    

    executing these commands did not change any behavior of my system (just in case this would have been expected)


  • Banned

    @EarlBacid:

    The output of the pkg-static update / pkg-static upgrade -f commands are the following:

    
    [2.4.0-RELEASE][admin@xxx]/root: pkg-static update -f
    Updating pfSense-core repository catalogue...
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    Fetching packagesite.txz: 100%    2 KiB   1.8kB/s    00:01
    Processing entries: 100%
    pfSense-core repository update completed. 7 packages processed.
    Updating pfSense repository catalogue...
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    Fetching packagesite.txz: 100%  130 KiB 133.3kB/s    00:01
    Processing entries: 100%
    pfSense repository update completed. 492 packages processed.
    All repositories are up to date.
    
    

    Notice anything?

    Btw. a fresh install with config recovery takes only a few minutes.



  • @Grimson: you got a valid point!
    I reinstalled my pfsense and now my OpenVPN Tunnel is working again :)


Log in to reply