Update from 2.4.4_2 to 2.4.5 FAILED
-
I've avoided doing any update since Febraury last year when I had a previous update fail. I even had an XML settings backup which didn't help. After installing 2.4.4_2, re-configuring and saving a backup everything has been sweet until today. I needed to make some firewall changes and accepted the online update to 2.4.5. Everything looked o.k on the webgui until the reboot and the webgui could no longer be accessed on the original ip address.
Sensing impending doom I took the router out of service and hooked up a vga monitor, mouse and keyboard. After a power on reboot, loads of 'file not found' errors relating to Sqlite dlls appeared. This cookie was not going to crumble. Using an ISP router I downloaded the usb upgrade file for a fresh install. That went o.k with one file error and the router rebooted with factory defaults.
I assigned the WAN & LAN ports and confirmed the webgui address from the command screen, hooked up the PC to the LAN and tried to login with default password. This was met with a bold red warning screen CSRF FAILED error. Well that's new!
OK so my WAN settings aren't there yet and I don't yet have an internet connection, but isn't that normal to start a configuration? Despite the option on the warning screen to procede it wouldn't let me pass. After some web searching I tried my leaky Chrome browser and that worked without errors. So I go back to Firefox and remove 'Tracking Protection' and there are no login errors this time. After the internet connection was established I went back and enabled Firefox's Tracking Protection and there have been no further login error screens.
Fortunately this time, my previous settings backup xml file for 2.4.4_2 was accepted and my settings appear to have been restored. I don't know how the packages get in, but suspect once credentials for the WAN were established, these were downloaded?
I really don't want to go through this pain again. Can somebody advise if over air updates is a good idea or is it safer to do a clean install using a downloaded file offline like I had to do?
How compatible is a saved settings backup file with future updates? Perhaps I was lucky this time upgrading from .4 to .5. I'm wondering now if I should image the Pfsense drive to make absolutely sure I can restore a broken installation without going through the re-install process. Is anybody doing this and can a disc image be easily ported in and out from the box? - I'm thinking of a protected recovery partition on a Pfsense mini pc that can be selected in the BIOS boot menu. Otherwise it's remove the SSD drive and clone it on a PC. Any ideas please? Thanks
-
something went wrong during the update, imho I prefer to do a clean install when there is a big upgrade like this
CSRF error is usually a cookies problem on your browser
afaik backup between 2.4.4 and some older version, 2.4.5 and 2.5.0 are compatible without any problem.
I never felt the need to create recovery systems, the backup of the configuration was always enough
but if you are using zfs filesystem you can create snapshots -
Thanks. I did some searching and I wasn't the only one to get this problem. I use a cookie manager and can't see any cookies I could associate with Netgate, but I'll check my firewall logs for outgoing traffic. I don't exactly know what FF means by 'Private Browsing', but my Chrome has all its leaky vanilla defaults and that didn't provoke the same login error.
This thread didn't seem to get much discussion, but I'll give his Clone*illa method a try although I expect it will be slow writing to a USB flash drive, although my Pfsense isn't huge. IMHO the only safe backup/restore after a disc, OS, or mini pc crash is a sector copy image. When you have used Microsoft OS as long as I have you learn.
https://forum.netgate.com/topic/97141/dirty-how-to-cloning-pfsense-hard-disk/2
I'm reassured my previous xml settings backup worked for this update, but might no assume the same miracle for 2.5.* Using a data file as a recovery source won't work if the disc format or files it was written for are incompatible. Maybe one day an api to clone a Pfsense box to an external drive and restore from it could be built in? A small part of a recovery routine can sit on a hosts protected partition (which a fresh install won't reformat!) whilst the saved image and the rest on an external usb drive, flash or other?
Thanks again for your help.