2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?

Mike86

Hi guys, I need some advice.

Tried upgrading 2.4.3 p1 to 2.4.4 ended up with a non functional system, that needed a fresh reinstall.

Tried reinstalling with a fresh 2.4.4 install loading config backup under install, not able to use backup config.
Tried 2.4.4 fresh install, loading backup config after system was up, not able to use backup config.

2.4.4 is broken. When reloading backup config It's taking all system CPU, php locking up, wan interface in endless up/down loop.
Webif not responding, need to reset php-fhm between each navigation to get the webif to respond.

Intel xenon E3 1240v5
16GB RAM
Intel quad nic (igb0-igb3)
Running on bare metal.

Luckely I had a 2.4.3 image (can't find it online anymore???), reinstalled, and reloading config, all working as normal/before.
The problem is, that I can't get hold of the 2.4.3 p1 patch, and I can't install any packages.

I guess I need to hold off upgrading to 2.4.4 as it seem to be very very immature!
I really like pfSense, but this upgrade should never have been released in my opinion.
I have heard of a bunch of people having problems with this release in some way.

How do I get the 2.4.3 p1 patch, and what is the best way to get packages for 2.4.3, now that the rep is upgraded to use php 7?

When trying to install freeradius3:

pfSense-pkg-freeradius3 installation failed!

WARNING: Current pkg repository has a new PHP major
version. pfSense should be upgraded before
installing any new package.
Failed

peterfranca

I am having heaps of errors too. I was using 2.4.3 version beautifully and now everything is broken. The server is rebooting without warning.

Could you share your image 2.4.3 with me somehow? google drive perhaps? I am disparately looking for this version and on the site this version is gone. :(

Gertjan

@mike86 said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

How do I get the 2.4.3 p1 patch, and what is the best way to get packages for 2.4.3, now that the rep is upgraded to use php 7?
When trying to install freeradius3:

You could fall back to 2.4.3 but keep in mind that you should stay away from most packages.

@mike86 said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

2.4.4 is broken

Euh ... from an end user point of view, maybe.
But you're not that person.
Start collecting information. tell us what doesn't work for you, or post images, and/or logs, whatever.
And, have a look at the forum.
If there were any show stoppers, you can find them easily. Good new : there are very view of these.

2.4.4 runs fine for me (as you, on a "bare metal" - a very old Dell PC - mono WAN, captive portal) with some packages like FreeRadius, acme, avahi, and openvpn.

jimp

@mike86 said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

Tried reinstalling with a fresh 2.4.4 install loading config backup under install, not able to use backup config.
Tried 2.4.4 fresh install, loading backup config after system was up, not able to use backup config.

What does "not able to use backup config" mean? You can absolutely restore an older configuration to a current version of pfSense. There are no known issues there, and if you can replicate a problem, I'd like to know the details so it can be fixed.

Mike86

@jimp Well that was maybe a bit inaccurate. Not being able to use the config. As in when I load the backup config in 2.4.4 (doesn't matter how or when it's loaded) the system locks up, using 100% cpu, wan interface on Intel quad i350 card goes up and down. webif locking up, need to use console and restart php-fhm to even be able to navigate in webif. each time being able to view one page/detail, before locking up again, need to reset php-fhm time after time, by console (ssh into box) .

Please tell me how I can contribute to you solving these errors. what kind of log output do you need?

ssh working, bot nothing else. pfSense on 2.4.4 is not working as a firewall and the computer are getting pretty hot of this multi thread 100% cpu load.

jimp

At a minimum, get /var/log/system.log and /var/log/dhcpd.log

And run top -aSH and see what is using up all the CPU time.

Gertjan

@jimp said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

/var/log/system.log

Extra detail :
Use
clog /var/log/system.log | tail -n 100

to show the last 100 lines of the system;log file.
Or more (>100) if needed.

jimp

Do you have a DHCP WAN with Advanced Configuration options active? Might be hitting this: https://redmine.pfsense.org/issues/8507#note-23

skane

I've experienced the majority of the same issues. My cpu hasn't spiked but the wan couldn't access the internet. Access was restored after resetting to factory defaults. I also could not restore my previous configs because the gui wouldn't respond so I manually reconfigured everything. This took place on Sept. 26 and today, Oct.2, I randomly lost internet access again. I did update the suricata package but wasn't on onsite to correlate it to the internet outage. I've since tested with suricata disabled but the wan still can't access the internet.

Snowaks

@jimp Just a qestuon I had, its a little off topic but would top -aSH -u -o cpu Would this work better?

jimp

@snowaks said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

@jimp Just a qestuon I had, its a little off topic but would top -aSH -u -o cpu Would this work better?

I think that would be slightly less useful. The -u wouldn't show usernames, which is less useful, and the default output is already sorted by CPU time so there is no need to use -o cpu.

Mike86

@jimp I'm going to try find some time for this later this weekend. How do you want the loggs. Should i send them by private message to you?

jimp

Just post them here. I may not be near a computer much over this weekend but others here may be able to assist you.

palpullero

I am also having slow GUI response but in another way: previous config files do not load (GUI gets stuck at ~%46 loading the configuration file) when I have already installed a previous config file (i.e. vanilla install works but after loading backup config file and rebooting it starts having this issue). This is happening on the stand-by server of a two-server HA setup; primary seems to be OK. I've spent two days trying different iterations of installs on that second stand-by server (different configuration files). 2.4.3 was working flawlessly, so it would be of great help if download of 2.4.3, its updates and packages become available again until we can further test with 2.4.4.; this would greatly help us. Thanks.

Snowaks

@skane I had to do pretty much the same thing. This release fixed a memory leak I was having. It took me 4 install to get the Gui up and ruining. still had no internet after using the backup config. Pretty much had to start from default and redo every thing. Not sure why also would not let me use my backup config keep crashing the gui and I could not restart it Via ssh or driect consel reset of the Web Gui. Seems like the only Fix I could find was to do default setting no config and redo all packages, firewall allis and rules. I was so mad about my memory problem I did not want to start a new Thread. I am getting Cpu spike in the 70-90% at times. witch I never had be for 2.4.3p1. If you need the Password for the config pm me please.

2.3.4p1 Config Back up config that will not work
Var/log/system.log of 2.4.4

dovad

2.4.4 broke my internet connection. Tried to ping from the CLI and got the could not find error for google.com etc. Checked the DNS servers all was good. Had to revert to 2.4.3 and restore from a backup to get connectivity again.

Hardware:
CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: No

If there is any other data that I can supply to help just let me know...

jimp

@dovad said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

2.4.4 broke my internet connection. Tried to ping from the CLI and got the could not find error for google.com etc. Checked the DNS servers all was good. Had to revert to 2.4.3 and restore from a backup to get connectivity again.

That is most likely a very simple fix such as needing to re-select the correct default gateway, which was mentioned in the upgrade guide.

skane

@snowaks prior to removing all of my packages, i saved suricata and pfblocker to be removed last. i did so 1 by 1 because i really wanted to keep my prior config but discovered that the fw has been operational with no packages. the previous fireware release was the most stable by far.

Mike86

@mike86 said in 2.4.4 upgrade broken. Had to revert to 2.4.3 - Where can i get the patch for 2.4.3 (2.4.3 p1)?:

Hi guys, I need some advice.

Tried upgrading 2.4.3 p1 to 2.4.4 ended up with a non functional system, that needed a fresh reinstall.

Tried reinstalling with a fresh 2.4.4 install loading config backup under install, not able to use backup config.
Tried 2.4.4 fresh install, loading backup config after system was up, not able to use backup config.

2.4.4 is broken. When reloading backup config It's taking all system CPU, php locking up, wan interface in endless up/down loop.
Webif not responding, need to reset php-fhm between each navigation to get the webif to respond.

Intel xenon E3 1240v5
16GB RAM
Intel quad nic (igb0-igb3)
Running on bare metal.

Luckely I had a 2.4.3 image (can't find it online anymore???), reinstalled, and reloading config, all working as normal/before.
The problem is, that I can't get hold of the 2.4.3 p1 patch, and I can't install any packages.

I guess I need to hold off upgrading to 2.4.4 as it seem to be very very immature!
I really like pfSense, but this upgrade should never have been released in my opinion.
I have heard of a bunch of people having problems with this release in some way.

How do I get the 2.4.3 p1 patch, and what is the best way to get packages for 2.4.3, now that the rep is upgraded to use php 7?

When trying to install freeradius3:

pfSense-pkg-freeradius3 installation failed!

WARNING: Current pkg repository has a new PHP major
version. pfSense should be upgraded before
installing any new package.
Failed

Well I've had some time to look at the pfSense install. And tried what @jimp suggested, even though I didn't have any advanced settings in my wan interface, it's using dhcp to get a fixed ip from the isp (thats how they assign fixed ip from my ISP).

It turns out that this reload function was causing the system to lock up and burning cpu, and constantly bringing the wan interface up and down .

I deleted some garbage in the config.xml (could have something to do with it?)
and inserted the supersede interface-mtu 0
to the 'Option modifiers box' in the 'WAN interface' as suggested by @jimp. This solved my problem!

So guys, even though you read the upgrade guide, and don't have any advanced setting, try to enable the option before upgrading to 2.4.4.
That solved all problems for us!

Webif didn't respond due to heavy load I guess? and nothing else got CPU time either I guess.

From the upgrade guide:

An ISP that supplies a bogus interface MTU via DHCP may cause interface problems with certain network interface types when Advanced Configuration options are present on DHCP interfaces, such as a DHCP WAN. The typical default case is handled automatically, but advanced options override the corrected default behavior. To fix the problem, apply the patch from #8507 or add supersede interface-mtu 0 to the Option modifiers box in the WAN interface advanced DHCP options. If a custom dhclient.conf is in use, add supersede interface-mtu 0 on a line inside the interface block. See #8507. The Advanced Configuration case has been corrected for the next release.

anh

For what it is worth. I had successfully upgraded to 2.4.3_1 on an Asrock D1800M. When 2.4.4-Release came things broke. I was reading things online about the OS having problems with the Apollo Lake architecture, people suggested booting in safe mode and adding hpet hints to config. I dug out an old desktop board and installed it so I could get back to the internet. 2.4.4 installed and worked but I kept getting a slew of ACPI parse errors. Then it dawned on me, I checked the bios level on the D1800M, on my board it was 1.50. The current version was 1.90. I downloaded and instant flashed the bios, turned off all the extra I/O (and I believe the CSM compatibility, can't check righe now) Now everything is just fine. 2.4.4 installed fine and is operating just fine. Maybe this could help someone

Snowaks

@anh I am on Amd platform. Not sure if this help or not