Where to download old versions



  • I'm trying to get hold of an older pfSense version.

    These directories give 403 Forbidden errors:

    https://nyifiles.pfsense.org/mirror/downloads/old/
    https://atxfiles.pfsense.org/mirror/downloads/old/

    Is there anywhere else I can try? Or was the /old/ directory made protected unintentionally?

    Thanks,

    Brian.

    P.S. In case you're interested in the reason: I'm trying to build a temporary firewall as part of a migration, and I have a couple of FitPC-2i boxes to hand. These have 32-bit Atom processors. The 2.3.5 (32-bit) installer completes successfully, but the kernel crashes on start-up; so does the nano image, when booting directly from USB.

    The error message is visible for only a second or so before the machine reboots, which I can't capture. There's a mini-COM port but I don't have the appropriate DB9 adapter.

    Ubuntu 16.04.5 server installs and runs just fine on this hardware.

    So as a next step, I'd like to try a 2.3.4 or earlier image to see if that will work. Like I say, it's not a permanent solution: it will be carrying traffic just while I reinstall the main firewall box (which has a 64-bit processor) with 2.4.3.



  • @candlerb
    I doubt any of the 2.3 builds will work as they are build against a similar base



  • The firewall I'm rebuilding is actually an old 2.2.4 (64-bit), and so having the temporary firewall as 2.2.4 (32-bit) would be fine. Also, being able to test the config upgrade from 2.2.4 to 2.4.3 in a VM would be very helpful.

    So the original question stands: is it possible to obtain old versions, and if so, from where?

    Aside: I have a Gold subscription because of a separate Netgate appliance I bought, but member login doesn't seem to offer me old versions either.


  • Rebel Alliance Developer Netgate

    We no longer publish the older downloads as they are known to be insecure, and we prefer people not to install versions of pfSense with security vulnerabilities.

    As @heper said, any 2.3.x release is unlikely to behave differently on that hardware.



  • Thanks for the confirmation.

    I guess I'll have to remember to keep my own archive going forward then, of any version I deploy, in order to be able to test upgrades / rollbacks.



  • @candlerb Check your private chats.



  • @jimp said in Where to download old versions:

    We no longer publish the older downloads as they are known to be insecure, and we prefer people not to install versions of pfSense with security vulnerabilities.

    As @heper said, any 2.3.x release is unlikely to behave differently on that hardware.

    I would like to ask a question about this. Are all previous versions considered insecure? Or are all previous versions insecure? I am asking this because I did notice that I am unable to install packages like the OpenVPN Client Export package on 2.4.3 and decided to upgrade just because of that.

    I did look for a list of known security vulnerabilities and found [ https://www.pfsense.org/security/advisories/ ] and I also quickly subscribed to the Security Advisories Announcements as I am trying to understand this situation.

    Thank you.


  • Rebel Alliance Developer Netgate

    Any time we put out a release that contains security fixes, all previous releases are known to be vulnerable to the issues fixed in the latest release. There are a few minor exceptions to that like maybe one issue only affected a specific version between A and B but even so, given that each release fixes quite a large number of problems -- especially in the base OS and packages -- yes, all past releases are insecure in some way.



  • @jimp said in Where to download old versions:

    We no longer publish the older downloads as they are known to be insecure, and we prefer people not to install versions of pfSense with security vulnerabilities.

    As @heper said, any 2.3.x release is unlikely to behave differently on that hardware.

    This is a stupid, irresponsible, move by whoever made this decision. Not even companies such as Apple and Microsoft that are know for doing dumb things removes the old version of their software on the day they release the newer version.
    The old versions should have remained available for at least a minimum of 30- 60 days after release of 2.4.4 incase there were issues that folks needed to work out. This just shows that Netgate and it's employees does not have the best interest of it's users and customers at heart. Moves like this will just drive Netgate's customers to other competitors software and hardware.
    Hopefully moves like this is not the future of pFsense/Netgate as pFsense is a pretty good product compared to some of it's competitor's but there are trade offs that one have to consider when companies do dumb things like this.



  • Hi @jimp ,
    this does not seem a wise choice to me.
    Let's say that I am preparing to upgrade a firewall as directed in the "pfSense Upgrade Guide".
    At "Prepare a fall back plan", "Reinstalling the previous release" paragraph we see "Download the appropriate image and have it ready before starting the upgrade procedure."
    From where should we download that image?
    I have a lot of firewalls for which I have not stored the installer image because I was confident that I could always retrieve it from the official repository.

    Please, reconsider your decision.
    Thank you



  • Could not agree more, 2.4.4 is not working at all for me. There are several problems. Used a full day of trying to get the firewall back online
    To my great surprise the 2.4.3 image was no longer available. Luckily I had the 2.4.3 image on a local computer.
    With 2.4.4 there are so many problems!
    At least Netgate should host the old images. It should be the user/customers choice if they want to take the risk running an old version.
    I don't have a choice of upgrading to 2.4.4 unless I want to manually configure everything from scratch, and try to figure out what (several issues) causing the 2.4.4 to crash with the existing config.

    Also I would like to see Netgate hosting a repo compatible with one version behind the current, as there could always be problems.
    2.4.3 can't install any packages, so I had to set up radius on another server to keep using 2.4.3...
    There is not even a way to get the 2.4.3 p1 patch if you are on 2.4.3 and do not want/can't install the 2.4.4
    Just plain stupid!



  • @jimp said in Where to download old versions:

    Any time we put out a release that contains security fixes, all previous releases are known to be vulnerable to the issues fixed in the latest release. There are a few minor exceptions to that like maybe one issue only affected a specific version between A and B but even so, given that each release fixes quite a large number of problems -- especially in the base OS and packages -- yes, all past releases are insecure in some way.

    Thank you jimp. I appreciate the hard work of the team and I also appreciate pfSense very much.

    I am pleased with keeping security standards as high as possible.

    I am not sure if security is the main reason/focus for not maintaining or publishing one or two previous versions of pfSense in light of version 2.4.4. What I did understand - whilst reading the release highlights - is the upgrade to PHP version 7.2. Looking at this, it makes sense (to me) that packages have to be updated too (and that this creates a break in backward compatibility).

    My guess is that the packages are being stored in en repository which is being used by the pfSense branch 2.4.x. In my opinion it is obvious that it would break backwards compatibility.

    Looking at this - please correct me if I am wrong - it might have been wiser (but not intrinsically better) to have had a different branch for what currently is 2.4.4 now.

    My conclusion is that we are dealing with a break in backwards compatibility and the critical remarks and posts do not surprise me at all.

    What I would like to know is if my viewpoint is correct (or at least understood). I guess this matter has your attention (and the team's attention). And I also guess this has been discussed internally. But what to think about the impact? I am hearing and reading critical comments and posts with regards to 2.4.4.

    I can praise you guys for all the effort put in pfSense. Thanks for your hard work again. But I am just trying to understand the whole situation and the decisions made.



  • Hi Jimp,

    I would like to join bouke in thanking you and all the team for your work. I am more than happy with the wonderful pfSense product and I have not had any problem with the 2.4.4 version in the couple of upgrades that I have already made.

    What I was suggesting is not to keep the full history of the project on-line. The packages are not fundamental. In an emergency during an upgrade the simple fact to be able to download and have ready an old installer image that can read and use my previous backed up configuration would be a great help to restore basic connectivity in a minimum lapse of time.

    Thank you again


  • Banned

    @jimp Not sure why you wouldn't keep an older version for roll back. I had tons of issues and now I can't roll back. I love pfSense and you guys are pretty awesome. This kind of thing makes me want to go to OPNSense though because I can't stay on a broken release, I have to do something, can't leave the network in the state it is in



  • @devmaybe said in Where to download old versions:

    What I was suggesting is not to keep the full history of the project on-line. The packages are not fundamental. In an emergency during an upgrade the simple fact to be able to download and have ready an old installer image that can read and use my previous backed up configuration would be a great help to restore basic connectivity in a minimum lapse of time.

    Thank you again

    I cannot fully agree on this. You can't get packages back when you are using an old installer image. This is the whole point. It just doesn't make sense. It would be much better to be able to use one or two previous versions including the required packages. In some scenario's the packages are fundamental.

    That 2.4.4 works fine for you doesn't mean it works for the rest of the world. I am sure the dev team would like to receive input and fix it... but in the meanwhile it's not acceptable to wait until such is fixed whilst it worked fine before with an older image.



  • @bdorr1105

    My guess is that this has to do with the change to PHP 7.2 and in the way the packages are organized (changing over to PHP 7.2 means changes in the code base of pfSense and the packages.


  • Banned

    No I am having issues probably more so related to freeBSD but the 10GB chelsio t520-so are not functioning correctly, they are not even seen as 10GB anymore, traffic shaping is broken because it's saying there's no altq driver but chelsio according to freeBSD is supported. Additionally, it brought down both firewalls in the LAN as auto negotiation for link speed and duplex broke, but only on the LAN interface. This interface is a router on a stick set up, so that may be a bug because the WAN stayed up and it's on the same pci card as the LAN. There is no option to force 10GB for the backbone as well so it's degraded. Not exactly sure what happened in this update but these are problems we didn't have until 2.4.4



  • You could have tested the development versions, or the release candidate, and reported those issue at a time where the devs could have fixed it. But if you just sit back without involving yourself, especially if you run hardware/configurations not officially supported by the devs, you simply have no right to demand anything. And don't forget, you didn't even have to pay for that update either.


  • Banned

    This post is deleted!


  • This post is deleted!

  • Banned

    This post is deleted!


  • This post is deleted!

  • Banned

    This post is deleted!


  • @bdorr1105
    Well if you use a raid setup, then use a decent filesystem like zfs and do snapshots. That's even easier.

    Btw. I too work as a volunteer, and at a hospice that's only funded by donations. When I started to manage their network I simply donated the needed hardware from my own funds. And I'm far from being wealthy, but if I do work (paid or not) I do it right, as I am a professional.

    Edit: Also I didn't address you personally in my initial post, but it seems I caught you there and hit a nerve. Think about it. 😁


  • Rebel Alliance Developer Netgate

    Locking the topic. It has outlived its usefulness and the question has been answered.


Locked