Updating to 2.4.4 version is safe now?



  • Hello,

    I am running pfSense 2.4.3p1 version. I see many people are complaining about php errors occurring in 2.4.4 release. Will the same errors occur if I update to 2.4.4?
    My installed packages are: Cron, freeradius3, nmap, Notes, ntopng, openvpn-client-export, pfBlockerNG (not devel version), Service_Watchdog, Status_Traffic_Totals, tftpd.



  • Coudl you please reply to my post?



  • I guess nobody will be able to confirm this. You will probably have to try it yourself.

    I myself had errors and can tell you that there is quite a safe backup plan

    • prepare a boot medium for your current version
    • create a backup for your configuration
    • remove all additional packages
    • run the update
    • if successful reinstall packages
    • if unsuccessful reinstall current version and restore backup.

    I can confirm that the fallback was working for me.



  • Better yet, replicate your setup in a VM and try it there. Some of the above packages will no longer install with 2.4.3p1 as they require PHP 7.2. Or make a ZFS snapshot first, if pfSense is installed with ZFS.



  • in my experience no
    for one reason
    after updating
    ICAP Inteface for Squid and ClamAV integration
    can not start
    and i have no idea what should i do
    my advice is to wait



  • @abdo22 said in Updating to 2.4.4 version is safe now?:

    and i have no idea what should i do

    How about checking redmine instead of sitting around:
    https://redmine.pfsense.org/issues/8832
    https://redmine.pfsense.org/issues/8975



  • @grimson
    Thanks a lot
    I am still beginner really
    Not experienced


  • Rebel Alliance Global Moderator

    The problem I have noticed is people updating packages that mess with php without updating pfsense first.

    You should update pfsense before you update packages after a new version is released - because more likely then not the packages have been updated to work with the new version of pfsense, and may not work with old version.



  • Thanks for your replies. There are updates for packages right now. I have to first update pfsense, after update has been finished, then I have to update packages, right?


  • Rebel Alliance Global Moderator

    Yes is what I would do ;) But make sure you read through the release notes on any upgrade info.. And as always good practice with any time you update something to new version - especially when base OS is changing and something as major as big change in the PHP base..

    But pfsense should update the packages after it updates on its own.

    Have a backup of your config, and have a backup of the install media. So if worse case happens only take minutes to get back up and running.


  • Rebel Alliance Developer Netgate

    It was always safe if you follow best practices.

    Read the Upgrade Guide completely and thoroughly.

    Read the Release Announcement and Release Notes as well.



  • @grimson said in Updating to 2.4.4 version is safe now?:

    https://redmine.pfsense.org/issues/8832

    i followed the instructions in the link
    it is working
    thanks a lot man
    but i do not understand what is ( chmod -w )
    something is missing for me
    i used this command instead
    chflags schg /usr/local/etc/c-icap/c-icap.conf



  • Is this way safe, backup current configuration, install fresh 2.4.4 and restore that configuration to new 2.4.4? I have backedup all. I want to know, after restoration has been done, everything including previously installed packages, openvpn users and etc. will be restored?


  • Rebel Alliance Developer Netgate

    @emammadov said in Updating to 2.4.4 version is safe now?:

    Is this way safe, backup current configuration, install fresh 2.4.4 and restore that configuration to new 2.4.4? I have backedup all. I want to know, after restoration has been done, everything including previously installed packages, openvpn users and etc. will be restored?

    Yes, that is safe and config.xml holds all of the settings, including users, so it will all be there after you restore.



  • This post is deleted!


  • @emammadov said in Updating to 2.4.4 version is safe now?:

    Is this way safe, backup current configuration, install fresh 2.4.4 and restore that configuration to new 2.4.4? I have backedup all. I want to know, after restoration has been done, everything including previously installed packages, openvpn users and etc. will be restored?

    Thats what I have done and everything is working well (as far as I can see) ... no OpenVPN here ...



  • I have backedup everything, installed fresh 2.4.4 and restore config xml, selected Package Manager to restore. Reinstall Package button appeared, clicked it, but it is stuck: saying "Please wait while the update system initializes"
    0_1538488265097_1.jpg
    0_1538488272839_2.jpg
    0_1538488278854_3.jpg


  • Rebel Alliance Developer Netgate

    You do not need to use that button. When you restore the config it will reinstall the packages for you.

    There is a known problem with that button, see https://redmine.pfsense.org/issues/8933



  • Ok, I try again, I choose Package Manager to restore, I don't click Reinstall packages button. It says: The configuration are has been restored. The firewall may need to be rebooted. But nothing happens next. Shall I have to wait something to happen or it will reboot itself?

    In Config History:

    10/2/18 14:01:03 18.8 151 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner) Current configuration
    10/2/18 14:47:54 18.8 12 KiB (system): wan IP configuration from console menu
    10/2/18 14:43:39 18.8 12 KiB (system): wan IP configuration from console menu
    10/2/18 14:40:31 18.8 11 KiB (system): Generated new self-signed HTTPS certificate (5bb3835f15f7b)
    10/2/18 14:40:12 18.8 7 KiB (system): Upgraded config version level from 18.0 to 18.8
    10/2/18 13:58:44 18.8 143 KiB (system): Removed tftpd package.
    10/2/18 13:48:33 18.8 151 KiB admin@192.168.4.10 (Local Database): Creating restore point before package installation.
    10/2/18 13:47:49 18.8 151 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 13:46:48 18.8 143 KiB admin@192.168.4.10 (Local Database): Restored openvpn of config file (maybe from CARP partner)
    10/2/18 13:44:54 18.8 137 KiB (system): Removed tftpd package.
    10/2/18 13:29:13 18.8 145 KiB admin@192.168.4.10 (Local Database): Creating restore point before package installation.
    10/2/18 13:27:43 18.8 145 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 13:26:28 18.8 137 KiB (system): Removed tftpd package.
    10/2/18 13:26:27 18.8 142 KiB (system): Removed ntopng package.
    10/2/18 13:24:24 18.8 145 KiB admin@192.168.4.10 (Local Database): /system_advanced_network.php made unknown change
    10/2/18 13:22:31 18.8 145 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:54:28 18.8 145 KiB admin@192.168.4.10 (Local Database): Creating restore point before package installation.
    10/2/18 12:54:15 18.8 145 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:40:01 18.8 137 KiB admin@192.168.4.10 (Local Database): Successfully edited user admin
    10/2/18 12:39:44 18.8 137 KiB admin@192.168.4.10 (Local Database): Restored aliases of config file (maybe from CARP partner)
    10/2/18 12:35:34 18.8 125 KiB (system): Removed tftpd package.
    10/2/18 12:35:33 18.8 133 KiB (system): Removed OpenVPN Client Export Utility package.
    10/2/18 12:33:16 18.8 133 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:31:19 18.8 125 KiB (system): password changed from console menu
    10/2/18 12:29:33 18.8 125 KiB (system): password changed from console menu
    10/2/18 12:28:01 18.8 125 KiB (system): Removed tftpd package.
    10/2/18 12:28:00 18.8 131 KiB (system): Removed ntopng package.
    10/2/18 12:25:55 18.8 133 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:25:26 18.8 103 KiB admin@192.168.4.10 (Local Database): Restored dhcpd of config file (maybe from CARP partner)
    10/2/18 12:24:03 18.8 11 KiB admin@192.168.4.10 (Local Database): Configuration saved on completion of the pfSense setup wizard.
    10/2/18 12:24:01 18.8 11 KiB admin@192.168.4.10 (Local Database): Configuration changed via the pfSense wizard subsystem.



  • No, is not safe !

    Think twice if you go update.



  • @luisrafael I don't click update. I try to test it in fresh installed 2.4.4 version and restore config.xml. You think this way is not safe too?


  • Rebel Alliance Developer Netgate

    @luisrafael said in Updating to 2.4.4 version is safe now?:

    No, is not safe !

    Think twice if you go update.

    If you follow best practices, it is safe. Do not spread FUD.


  • Rebel Alliance Developer Netgate

    @emammadov said in Updating to 2.4.4 version is safe now?:

    Ok, I try again, I choose Package Manager to restore, I don't click Reinstall packages button. It says: The configuration are has been restored. The firewall may need to be rebooted. But nothing happens next. Shall I have to wait something to happen or it will reboot itself?

    It should reboot on its own and then reinstall packages after the reboot. From the config history it looks like maybe it already did?

    Are all of your settings present? If so, it is probably fine, but you might reboot it manually anyhow. If not, then start a new thread and we can investigate it separately.



  • It didn't reboot. Installed packages appeared in menu, but when I click one of them, it says:

    0_1538489398941_4.jpg

    In Config History:

    10/2/18 14:01:03 18.8 151 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner) Current configuration
    10/2/18 14:47:54 18.8 12 KiB (system): wan IP configuration from console menu
    10/2/18 14:43:39 18.8 12 KiB (system): wan IP configuration from console menu
    10/2/18 14:40:31 18.8 11 KiB (system): Generated new self-signed HTTPS certificate (5bb3835f15f7b)
    10/2/18 14:40:12 18.8 7 KiB (system): Upgraded config version level from 18.0 to 18.8
    10/2/18 13:58:44 18.8 143 KiB (system): Removed tftpd package.
    10/2/18 13:48:33 18.8 151 KiB admin@192.168.4.10 (Local Database): Creating restore point before package installation.
    10/2/18 13:47:49 18.8 151 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 13:46:48 18.8 143 KiB admin@192.168.4.10 (Local Database): Restored openvpn of config file (maybe from CARP partner)
    10/2/18 13:44:54 18.8 137 KiB (system): Removed tftpd package.
    10/2/18 13:29:13 18.8 145 KiB admin@192.168.4.10 (Local Database): Creating restore point before package installation.
    10/2/18 13:27:43 18.8 145 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 13:26:28 18.8 137 KiB (system): Removed tftpd package.
    10/2/18 13:26:27 18.8 142 KiB (system): Removed ntopng package.
    10/2/18 13:24:24 18.8 145 KiB admin@192.168.4.10 (Local Database): /system_advanced_network.php made unknown change
    10/2/18 13:22:31 18.8 145 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:54:28 18.8 145 KiB admin@192.168.4.10 (Local Database): Creating restore point before package installation.
    10/2/18 12:54:15 18.8 145 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:40:01 18.8 137 KiB admin@192.168.4.10 (Local Database): Successfully edited user admin
    10/2/18 12:39:44 18.8 137 KiB admin@192.168.4.10 (Local Database): Restored aliases of config file (maybe from CARP partner)
    10/2/18 12:35:34 18.8 125 KiB (system): Removed tftpd package.
    10/2/18 12:35:33 18.8 133 KiB (system): Removed OpenVPN Client Export Utility package.
    10/2/18 12:33:16 18.8 133 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:31:19 18.8 125 KiB (system): password changed from console menu
    10/2/18 12:29:33 18.8 125 KiB (system): password changed from console menu
    10/2/18 12:28:01 18.8 125 KiB (system): Removed tftpd package.
    10/2/18 12:28:00 18.8 131 KiB (system): Removed ntopng package.
    10/2/18 12:25:55 18.8 133 KiB admin@192.168.4.10 (Local Database): Restored installedpackages of config file (maybe from CARP partner)
    10/2/18 12:25:26 18.8 103 KiB admin@192.168.4.10 (Local Database): Restored dhcpd of config file (maybe from CARP partner)
    10/2/18 12:24:03 18.8 11 KiB admin@192.168.4.10 (Local Database): Configuration saved on completion of the pfSense setup wizard.
    10/2/18 12:24:01 18.8 11 KiB admin@192.168.4.10 (Local Database): Configuration changed via the pfSense wizard subsystem.



  • @emammadov

    @emammadov said in Updating to 2.4.4 version is safe now?:

    @luisrafael I don't click update. I try to test it in fresh installed 2.4.4 version and restore config.xml. You think this way is not safe too?

    If you have a fresh installation 2.4.4 maybe you don't have problem with the packages.

    I update 2.4.3 to 2.4.4 ... and squid package didn't work. Now i update freeradius3 and i have the "some" package not work.

    Is it stable for me ?

    thanks