32-bit support



  • Hello,

    I'm currently running pfSense 2.3.4 (FreeBSD 10.3-RELEASE-p19 ) on LinITX ALIX 2D3 LX800 (3NIC+USB) pfSense Firewall Kit which is a 32-bit device.

    AFAIK 32-bit support has been dropped starting from version 2.4.

    The latest one offered to me is 2.3.4_1 when I'm on Stable (Default) branch and version 2.3.6.a.20180710.1456 when I switch to Development Snapshots (Experimental 2.3.x).

    It's not entirely clear to me if I can still safely / officially update to 2.3.5-p2 (10.3-RELEASE-p26) and later.

    Please advise.

    Thanks,
    Adam



  • Interestingly switching from Stable (Default) to Development Snapshots (Experimental 2.3.x) and back revealed brand new branches:

    Legacy stable version (Security/Errata only 2.3.x)
    Legacy development snapshots (Experimental 2.3.x DEVEL)

    which offer 2.3.5_2 and 2.3.6.a.20180710.1456 respectively.

    So I've accidentally managed to find the answer :)


  • LAYER 8 Global Moderator

    I would seriously look to move to new hardware.. I don't see them keeping 32bit alive much longer. Statement on the download site states updates for 32bit through Oct of 2018..

    I386 (32-bit)
    If you have a 32-bit capable CPU, use the i386 version. Support for 32-bit was deprecated in pfSense software version 2.4.0 and above, but the 2.3.x line will continue to be updated with security and stability fixes at least through October 2018.


  • Banned



  • @adamw said in 32-bit support:

    Interestingly switching from Stable (Default) to Development Snapshots (Experimental 2.3.x) and back revealed brand new branches:

    Legacy stable version (Security/Errata only 2.3.x)
    Legacy development snapshots (Experimental 2.3.x DEVEL)

    which offer 2.3.5_2 and 2.3.6.a.20180710.1456 respectively.

    So I've accidentally managed to find the answer :)

    Even this topic is old and probably deprecated, same thing happen to me who was still using 2.3.4_P1 and did not know that I could upgrade to 2.3.5_2 by now. My system was always saying "up-to-date".



  • That not unusable.
    One of my PC's is saying the same thing : Your Windows XP is up to date / no new updates available. So I'm happy and feel safe ( ;) )
    It's known that 'admins' break the DNS for pfSense itself, it can't check for updates any-more - while the LAN is doing well.
    This is one of the side effects.

    Knowing that a firewall is somewhat related to security, you should use some sources in parallel that insures you that all is ok. Like https://www.pfsense.org/download/ and/or this forum. Youtube or CNN can also be used.


  • LAYER 8 Global Moderator

    @Gertjan said in 32-bit support:

    One of my PC's is saying the same thing : Your Windows XP is up to date / no new updates available. So I'm happy and feel safe ( ;) )

    heheheheehe - good example! ;)


  • Netgate Administrator

    Just to be completely clear, the 2.3X branch is no longer updated at all. You will not receive any security updates fixes if you're running 2.3.5. It is not considered secure, you should upgrade.

    Steve



  • @stephenw10 said in 32-bit support:

    Just to be completely clear, the 2.3X branch is no longer updated at all. You will not receive any security updates fixes if you're running 2.3.5. It is not considered secure, you should upgrade.

    Steve

    Thats true but would someone mind rather using a 2.3.5_2 instead of a 2.3.4_1?
    The point was that the 2.3.4_1 release did not show any available updates before I turned the source branch as @adamw mentioned.

    In fact I would like to know what issues this known deprecated release can really cause.
    In my use case (I'm not providing any external services neither I'm using any VPN or else) I have so far not noticed any.

    I undestand security updates or new developments are not to be expected. However it is a shame to throw away a working equipment because of this. Unfortunately I can't support for its further development. In my case the Alix 2D13 board based system which I'm currently using is working fine. Even I could afford a new one I dont feel okay to put this in a trash bin just because of its age.

    BTW: Win XP and any other old OS when used and treated right is okay IMHO, I would not use it as my daily surfing machine but for some special cases and circumstances... Why not!?

    Cheers,
    Geronimo



  • @Gero said in 32-bit support:

    BTW: Win XP and any other old OS .... Why not!?

    If it works for you, why not.
    Just know that old OS's had issues. These known issues are the reason why new new versions came out.
    These known issues are known to the public now, and very detailed. So rather easy to exploit.

    @Gero said in 32-bit support:

    of its age.

    I'm using a decommissioned desktop PC from 2007 as my main pfSense device. Perfect for the job, just no AES-NI support.



  • Just for the record.
    In late 2018 I decided to replace my hardware with Netgate SG-3100.
    I have 3 of these which have all been running like a charm since.
    Currently on 2.4.4-RELEASE-p3.



  • @adamw said in 32-bit support:

    Currently on 2.4.4-RELEASE-p3

    2.4.5 is available.


  • LAYER 8 Global Moderator

    @JKnott said in 32-bit support:

    2.4.5 is available

    Yup sure is, but even per netgate it might not be great time to upgrade..

    https://www.netgate.com/blog/pfsense-2-4-5-release-now-available.html
    IMPORTANT: Proceed with caution when upgrading pfSense software while COVID-19 travel restrictions are in effect.

    During this time of travel limitations, remote upgrades of pfSense software should be carefully considered, and avoided where possible. Travel restrictions may complicate any repair of any issue, including hardware-related issues that render the system unreachable. Should these issues require onsite physical access to remedy, repair of the issue may not be possible while travel restrictions related to COVID-19 are in effect.



  • @johnpoz

    Hmmm... Better make sure the AV software is up to date. 😉

    That warning appears to apply to remote installations where, if it craps out, you might not be able to get to it.

    I doubt that would be a concern for anyone who can touch the system without traveling.


  • LAYER 8 Global Moderator

    Agreed.. Just pointing it out.. Do we know the Poster is local to the hardware? With 3 of them, I would "guess" that they are not all in the same location ;)


  • Netgate Administrator

    @Gero said in 32-bit support:

    In my case the Alix 2D13 board based system

    Then I would recommend at least checking: https://openwrt.org/toh/pcengines/alix
    OpenWRT will run far better on that limited hardware anyway.

    Steve



  • @stephenw10 said in 32-bit support:

    @Gero said in 32-bit support:

    In my case the Alix 2D13 board based system

    Then I would recommend at least checking: https://openwrt.org/toh/pcengines/alix
    OpenWRT will run far better on that limited hardware anyway.

    Steve

    Thanks a lot for your recommendation Steve, I'll give OpenWRT a try sometime. So far I only heard of this for Linksys devices. Beside of some big and noisy Watchguard X700e boxes (you actually helped me starting with pfSense on those many years ago) I own at least three Alix 2D13 devices and could change the OS on one of those with no real impact.

    It will probably take some time before I do so, I'm currently in the repair task of an vintage Tektronix oscilloscope ⛑

    Cheers to all, thanks for your comments and stay healthy!


  • Netgate Administrator

    @Gero said in 32-bit support:

    I'm currently in the repair task of an vintage Tektronix oscilloscope

    Nice! Have fun. 👍


Log in to reply