pfSense 2.4.5-RELEASE-p1 Now Available
-
@jacotec Same issue here. Thought I messed up and restored a config. Package reinstallation is completely fubared. This is the second time I fell for the quick upgrade. Will never do that again.
-
Any command to restart the stuck PM process or a workaround would be great to avoid a full reboot (which brings a lot of stuff down)
-
Just tried complete reinstall. Upon restoring config from GUI, pkg-static is hanging during install of squid. I will let it sit, nothing I can do before someone more knowledgeable than I responds.
-
Not sure if this is the place to post this, but it might be related to the upgrade.
After upgrading to 2.4.5-p1 successfully, I found three packages needing updates.
haproxy-devel updated successfully; however, two didn't
Both Snort and pfBlockerNG-devel. I restarted the SG-1100 and tried again. Was eventually successful after retrying.
Again, not sure if this is related to the 2.4.5-p1 upgrade or the package upgrade. Thought I would post that info hear incase other's had similar issues.
-
I also upgraded pfBlockerNG-devel, cron and snort after 2.4.5 p1 without any problems and very quickly
-
@revengineer said in pfSense 2.4.5-RELEASE-p1 Now Available:
Just tried complete reinstall. Upon restoring config from GUI, pkg-static is hanging during install of squid. I will let it sit, nothing I can do before someone more knowledgeable than I responds.
I fixed this by issuing command "killall pkg-static" after giving each affected package ample time to install. It turns out the packages are installed, the pkg-static command just does not exit. Everything is working again but something is not right here.
-
@chudak Thanks! Are you using a SG-1100 by chance? SG-1100 is a great deice, but I am wondering if its limited memory play in to updates.
My issue got resolved after rebooting and retrying, so I am all set.
-
@costanzo said in pfSense 2.4.5-RELEASE-p1 Now Available:
@chudak Thanks! Are you using a SG-1100 by chance? SG-1100 is a great deice, but I am wondering if its limited memory play in to updates.
My issue got resolved after rebooting and retrying, so I am all set.
No as I mentioned above โ custom router (QOTOM-Q355G4)โ
-
Hello!
I upgraded several routers yesterday to 2.4.5.1 - a variety of sg-1100's, sg-3100's, and oddballs. All had extra packages installed (snort, pfb, cron, etc...) that the main upgrade screen said were being upgraded.
On the first router, after the upgrade completed, I went to the Package Manager and noticed that packages were still listed as needing upgrades. After clicking on one of the update package links I got the "Please wait while the update system initializes" message.
I discovered that, at least in my case, you do not need to manually install the package updates.
Once my router rebooted from the main upgrade, it started installing package upgrades in the background. There was no indication that it was doing this other than tailing the system log. It eventually completed the background package updates and all was fine.
I verified this on subsequent router upgrades. The lesson for me was to wait a good 10-15 minutes after the initial reboot to let the packages upgrade in the background while also checking the system log. After waiting, the Package Manager correctly showed no upgrades required.
In general, the upgrade process was rock solid. I did a few remote long distance upgrades last as wasnt even nervous....okay, maybe just a little... :)
John
-
@revengineer said in pfSense 2.4.5-RELEASE-p1 Now Available:
killall pkg-static
That indeed gets the stuck process out of jail and you can retry to update one by one without rebooting the whole box.
But the package manager definitely has a problem in 2.4.5p1!
-
Just did the upgrade 2.4.5 to 2.4.5-p1 for my home pfSense.
This also automatically triggered pfBlockerNG-devel upgrade 2.2.5_32 > 2.2.5_33
Smooth as silk, took about 5 Minutes total, thanks Netgate /pfSense team!-Rico
-
I had an Openvpn client from pfsense to PIA a few months ago, but I removed it yesterday.
Removed it completely, deleted the gateway, removed the interface, nat rules, certificate, everything related to that VPN connection.
I was checking my xml configuration file, and noticed that the dnsgw3 and dnsgw4 were still pointing to the PIA gateway.
Searched, and it seems that this is related to Bug #8922 (https://redmine.pfsense.org/issues/8922)
I've fixed by manually editing the XML file, and now it seems that everything is properly removed.
-
re: upgrading with packages installed:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html#packages -
@teamits said in pfSense 2.4.5-RELEASE-p1 Now Available:
re: upgrading with packages installed:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html#packagesThis is NOT a user error. I wiped the drive and did a fresh install and restore the latest config. Upon reboot the package installation hands. I waited up to 20 minutes for one package to complete. There is another post reporting to have waited hours. This is not right and did not used to be this way.
-
I meant "...package installation HANGS." (Cannot edit the post.)
-
Hello!
I guess it could seem like it is hung if it is taking more than 20 minutes. Thats a long time.
What is that they say, "The logs are the window to the soul.", or something like that...
John
-
@serbus said in pfSense 2.4.5-RELEASE-p1 Now Available:
Hello!
I guess it could seem like it is hung if it is taking more than 20 minutes. Thats a long time.
What is that they say, "The logs are the window to the soul.", or something like that...
John
I have been using "ps aux|grep pkg-static" to verify that it was hung on a single package for that long. I was not clear if there is a better place showing additional details of the install process. Pointer appreciated and I will take a look what happened.
-
killall pkg-static
Gave me the possibility back to upgrade, yet after I tried to install the pfBlockerNG package it go stuck again
Had to do a
killall pkg-static
To get back out again
So no solution here...
-
Upgraded two machines this past week to 2.4.5p1 from 2.4.5 and everything went smoothly. Both are baremetal installs. On one of the boxes I have some sizable IP block lists and so was happy to see that the pfctl issue is now fixed. System seems snappier and no more latency spikes. Thanks everyone for the quick turnaround on this.
-
@tman222 That doesn't help the few of us that are experiencing problems, but we are glad that everything went smooth for you and things are better! That indeed is nice!
-
When I hangs
78285 0 S+ 0:00.00 grep pkg [2.4.5-RELEASE][root@pfSense.localdomain]/root: ps ax | grep 'pkg' 53675 - IN 0:00.00 /bin/sh /etc/rc.update_pkg_metadata 56258 - IC 0:00.01 tee -a /cf/conf/pkg_log_pfSense-pkg-pfBlockerNG-devel 56497 - I 0:00.00 pkg-static -o EVENT_PIPE=/tmp/pfSense-upgrade.sock up 56729 - I 0:01.74 pkg-static -o EVENT_PIPE=/tmp/pfSense-upgrade.sock up 85699 0 S+ 0:00.00 grep pkg
-
Which pkg version are you guys running?
I noticed someting strange in my logs...Jun 10 23:16:37 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload Jun 10 23:15:00 php [pfBlockerNG] Starting cron process. Jun 10 22:20:56 pkg-static pkg upgraded: 1.12.0_1 -> 1.13.2 Jun 10 22:16:40 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload Jun 10 22:15:00 php [pfBlockerNG] Starting cron process.
This happened automatically, I wasn't at home at this time and also not logged in to the pfSense WebGUI.
-Rico
-
@Rico Sorry can't help you I have decided to reinstall pfS and now everything is fine.
-
Well I have no problem, just wondering what differs from my setup with others having issues.
-Rico
-
The issue with the packages getting "stuck" during (re)install appears to be due to how the install process launches services/daemons from within the install functions. If the daemons are killed (or stopped and started), then pkg will continue. So likely it was stuck, and then when a cron job came along and restarted the pfBlockerNG services, then pkg was able to continue.
-
@jimp said in pfSense 2.4.5-RELEASE-p1 Now Available:
The issue with the packages getting "stuck" during (re)install appears to be due to how the install process launches services/daemons from within the install functions. If the daemons are killed (or stopped and started), then pkg will continue. So likely it was stuck, and then when a cron job came along and restarted the pfBlockerNG services, then pkg was able to continue.
Thanks for weighing in, Jim. Is there a solution or workaround for this issue other than killing each daemon upon install? Will this require a code change for each package affected?
-
Not yet, we are still looking into it
-
@jimp said in pfSense 2.4.5-RELEASE-p1 Now Available:
Not yet, we are still looking into it
Perfect, thank you!!!
-
Does this issue with packages also affect snort? The system I updated didn't have any packages, but one of my systems has snort, so wondering if I should hold off before updating it.
-
@bimmerdriver said in pfSense 2.4.5-RELEASE-p1 Now Available:
Does this issue with packages also affect snort? The system I updated didn't have any packages, but one of my systems has snort, so wondering if I should hold off before updating it.
In my case snort was not affected but many other packages were. But if it's a timing thing, I may have just been lucky. Having said that, the packages did actually install and were usable after installation despite need to kill the pkg-static process.
-
@bimmerdriver
I had snort and after upgrade it shown a new version available and all went thru without any problems -
after upgrade to P1 Everything OK . no problem, just wondering L2TP server is up but clients not able connect to server.
L2TP: waiting for connection on [wan ip] 1701
l2tps started, version 5.8 (root@pfSense_v2_4_5_amd64-pfSense_v2_4_5-job-01 23:02 6-Dec-2019)
l2tps Multi-link PPP daemon for FreeBSD -
2.4.5 had issues, 2.4.5p1 has more problems, not just on my personal firewall but on another I support, system specs are exact.
I know the PfSense team does their best to ensure stability and reliability but I can't help but feel like the ball has been dropped somewhere.
In all my years of using PfSense I've never seen so many problems unless using a software NIC like realtek and when a user has a problem the answer should NEVER be "wipe and reload". For a commercial client this means down time, lots of hours trying to fix the problem or calling the PfSense technical support and having them fix the problem and now that I think about it, from a commercial standpoint is a great opportunity to make some extra cash whether intentional or not.I was told with 2.4.5 that one should uninstall packages before updating.
Knowing user are running packages is pretty much a given so why should things break just because a update is being applied? Sure there's a lot of code to ensure everything goes smooth but this is a known variable in which updates are being applied.
2.4.5p1 the package installer breaks.... sometimes and I'm told the solutions is to reload from scratch, install the packages then load my config?How is that an acceptable practice? I'm seriously afraid to upgrade any other systems I support because there is a likelihood that they will break and then what? I have to reinstall, preinstall the packages and then re-load the config?
I'm seriously thinking it may be time to leave PfSense and go to something like OPNSense or just forget a open based firewall and going to Ubiquiti.
Oh, and for all those haters that want to flame me, you're another reason I'm thinking of leaving.
I've basicaly said I have (and others) have a problem with the pkg installer and there has been no resolution. -
@Visseroth I understand people can get frustrated when they head into problems, but the best way to deal with them is not shouting. I do not know what your investment in pfSense was, but many get pfSense CE for free so the positive and helpful kind of feedback is appreciated and not the "angry wet towel in the face" kind of feedback.
If you see a problem that other people have complained about and it seems no bug report have yet been reported then please make one at https://redmine.pfsense.org/projects/pfsense/roadmap (create an account or login) or reach out to customer support.Like Maba79 writes in https://forum.netgate.com/topic/154040/packet-manager-broke-in-gui-after-2-4-5-upgrade/6 it seems there is a workaround (I haven't tested it myself):
Executed: killall pkg-static pkg-static upgrade -f Saved the day.
Cheers :)
-
@Visseroth
I agree with all your points... there is such a thing as Sofware Engineering, CMM, etc that most companies have thrown down the drain... now it's anti-engineering the daily bread.I was fiddling with browsers x webrtc leaks and then I found out that all OpenVPN connections were leaking my WAN IP DNS... that only happened after the 2.4.5_1 upgrade. I found that very odd... then I went to General Setup, option DNS Server Override, clicked status=checked, saved, then clicked status=unchecked, saved again, then it stopped leaking. So all of you out there may be leaking vpn DNSs right now after upgrade... that's an upgrade bug, a serious one.
I saw people complaining in the past of leakages that happened due to upgrades before, backup and restore... so pfSense team: start to make software engineering great again! Test, Test, Test, Test
I like pfSense, but it's a software for security and privacy, a reason of being... you guys must pay attention.
-
@avr So please report your finding on https://redmine.pfsense.org/projects/pfsense/roadmap and see it get addressed that is the correct place to report stuff if you have steps to reproduce. (You might want to check if others have reported something similar, but if in doubt better report the problem, because it can always be closed as a duplicate.)
-
@al Believe me when I say I wasn't yelling, more of a rant than a yell and to (hopefully )get the attention of the PfSense staff to let them know that it's not OK.
I understand there can be programming bugs and I did already post here...
https://forum.netgate.com/topic/154389/2-4-5r1-update-no-package-re-install/17
and got some help and it helped for a couple packages but I still have things getting stuck and if they are going to treat the CE crowd with crickets, specially those of us that have been with PfSense for over 10 years, if they are going to try and go the direction of Red-Hat and go commercial while forgetting about the little guys that helped get them there then I think it may be time to jump ship.I did try your post and received "pkg-static: Cannot get an advisory lock on a database, it is locked by another process"
Also, in response to the issue I have been having I did make a post days ago and tried what was posted and was very thankful and it didn't work which is why I posted what i did above.
I have no intentions to be a "towel whipper" but commercial issue or not everyone should be taken care of as best as possible and sure I'd call and get technical support but not for $400/incident (which I see is down from $600) but as @avr said this is supposed to be hardened security software, it is the front-line of defense for many networks, it has to be strong, robust but flexible while doing it's job and it is seemingly getting weaker over time and after reading some posts off OPNSense I'm starting to understand why.... https://forum.opnsense.org/index.php?topic=3144.0In the past this forum has had issues responding to posted issue and some people have been flamed and treated harshly, I've been one of them, at least I think so or maybe I'm just being sensitive but I do know that when i respond to clients I do my best to treat them with respect and give them the benefit of the doubt and if they call themselves technically illiterate then GREAT! I then prop them up and let them know that it's ok, that's why I'm here but by no means ever think that I know everything because no one can. I know enough to get the job done and if I don't I'll find someone that does.
Being humble goes a long ways, something much of the world has forgotten. We all get angry and point the finger so quickly and it saddens me greatly!
Anyhow, sorry about the rant again.
I'll post the bug but as I've seen in the past I don't expect to get a resolution, I'll likely get "Not enough information, Ticket Closed" -
@al Bug posted
-
@al Tried logging in, reset my password 3 times as I haven't logged in for quite some time, successfully reset the password each time, login fails each time.
Can't say I didn't try. -
@avr Great :) If you like please post the link to the bug report here as to keep you post and bug report "linked" together. Makes it easier for other people to find your bug report that may experience the same issue as you.
(Also if you find it useful maybe post a link to your forum post in the redmine ticket you created.)
Thanks
@Visseroth I understand your frustration and feelings. My only advice is reach out, describe/report, be succinct/to the point etc. People at Netgate are also people. You, I and the people at Netgate have probably both been the ones giving and getting support and trying to do our best. If Netgate does not do the best then it is the management problem, but somehow to me it is misplaced to have the critique posted here in the forum where we all should help each other and e.g. write bug reports when it seems needed and getting things back on track. :) So maybe - if needed - have a special "write to management" kind of channel if some specific general quality problem arises over and over again.
I know I probably cannot interface your problem and frustration 100% with this answer, but I do understand you frustration - trust me!