pfSense 2.4.5-RELEASE-p1 Now Available
-
@teamits said in pfSense 2.4.5-RELEASE-p1 Now Available:
re: upgrading with packages installed:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html#packagesThis is NOT a user error. I wiped the drive and did a fresh install and restore the latest config. Upon reboot the package installation hands. I waited up to 20 minutes for one package to complete. There is another post reporting to have waited hours. This is not right and did not used to be this way.
-
I meant "...package installation HANGS." (Cannot edit the post.)
-
Hello!
I guess it could seem like it is hung if it is taking more than 20 minutes. Thats a long time.
What is that they say, "The logs are the window to the soul.", or something like that...
John
-
@serbus said in pfSense 2.4.5-RELEASE-p1 Now Available:
Hello!
I guess it could seem like it is hung if it is taking more than 20 minutes. Thats a long time.
What is that they say, "The logs are the window to the soul.", or something like that...
John
I have been using "ps aux|grep pkg-static" to verify that it was hung on a single package for that long. I was not clear if there is a better place showing additional details of the install process. Pointer appreciated and I will take a look what happened.
-
killall pkg-static
Gave me the possibility back to upgrade, yet after I tried to install the pfBlockerNG package it go stuck again
Had to do a
killall pkg-static
To get back out again
So no solution here...
-
Upgraded two machines this past week to 2.4.5p1 from 2.4.5 and everything went smoothly. Both are baremetal installs. On one of the boxes I have some sizable IP block lists and so was happy to see that the pfctl issue is now fixed. System seems snappier and no more latency spikes. Thanks everyone for the quick turnaround on this.
-
@tman222 That doesn't help the few of us that are experiencing problems, but we are glad that everything went smooth for you and things are better! That indeed is nice!
-
When I hangs
78285 0 S+ 0:00.00 grep pkg [2.4.5-RELEASE][root@pfSense.localdomain]/root: ps ax | grep 'pkg' 53675 - IN 0:00.00 /bin/sh /etc/rc.update_pkg_metadata 56258 - IC 0:00.01 tee -a /cf/conf/pkg_log_pfSense-pkg-pfBlockerNG-devel 56497 - I 0:00.00 pkg-static -o EVENT_PIPE=/tmp/pfSense-upgrade.sock up 56729 - I 0:01.74 pkg-static -o EVENT_PIPE=/tmp/pfSense-upgrade.sock up 85699 0 S+ 0:00.00 grep pkg
-
Which pkg version are you guys running?
I noticed someting strange in my logs...Jun 10 23:16:37 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload Jun 10 23:15:00 php [pfBlockerNG] Starting cron process. Jun 10 22:20:56 pkg-static pkg upgraded: 1.12.0_1 -> 1.13.2 Jun 10 22:16:40 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload Jun 10 22:15:00 php [pfBlockerNG] Starting cron process.
This happened automatically, I wasn't at home at this time and also not logged in to the pfSense WebGUI.
-Rico
-
@Rico Sorry can't help you I have decided to reinstall pfS and now everything is fine.
-
Well I have no problem, just wondering what differs from my setup with others having issues.
-Rico
-
The issue with the packages getting "stuck" during (re)install appears to be due to how the install process launches services/daemons from within the install functions. If the daemons are killed (or stopped and started), then pkg will continue. So likely it was stuck, and then when a cron job came along and restarted the pfBlockerNG services, then pkg was able to continue.
-
@jimp said in pfSense 2.4.5-RELEASE-p1 Now Available:
The issue with the packages getting "stuck" during (re)install appears to be due to how the install process launches services/daemons from within the install functions. If the daemons are killed (or stopped and started), then pkg will continue. So likely it was stuck, and then when a cron job came along and restarted the pfBlockerNG services, then pkg was able to continue.
Thanks for weighing in, Jim. Is there a solution or workaround for this issue other than killing each daemon upon install? Will this require a code change for each package affected?
-
Not yet, we are still looking into it
-
@jimp said in pfSense 2.4.5-RELEASE-p1 Now Available:
Not yet, we are still looking into it
Perfect, thank you!!!
-
Does this issue with packages also affect snort? The system I updated didn't have any packages, but one of my systems has snort, so wondering if I should hold off before updating it.
-
@bimmerdriver said in pfSense 2.4.5-RELEASE-p1 Now Available:
Does this issue with packages also affect snort? The system I updated didn't have any packages, but one of my systems has snort, so wondering if I should hold off before updating it.
In my case snort was not affected but many other packages were. But if it's a timing thing, I may have just been lucky. Having said that, the packages did actually install and were usable after installation despite need to kill the pkg-static process.
-
@bimmerdriver
I had snort and after upgrade it shown a new version available and all went thru without any problems -
after upgrade to P1 Everything OK . no problem, just wondering L2TP server is up but clients not able connect to server.
L2TP: waiting for connection on [wan ip] 1701
l2tps started, version 5.8 (root@pfSense_v2_4_5_amd64-pfSense_v2_4_5-job-01 23:02 6-Dec-2019)
l2tps Multi-link PPP daemon for FreeBSD -
2.4.5 had issues, 2.4.5p1 has more problems, not just on my personal firewall but on another I support, system specs are exact.
I know the PfSense team does their best to ensure stability and reliability but I can't help but feel like the ball has been dropped somewhere.
In all my years of using PfSense I've never seen so many problems unless using a software NIC like realtek and when a user has a problem the answer should NEVER be "wipe and reload". For a commercial client this means down time, lots of hours trying to fix the problem or calling the PfSense technical support and having them fix the problem and now that I think about it, from a commercial standpoint is a great opportunity to make some extra cash whether intentional or not.I was told with 2.4.5 that one should uninstall packages before updating.
Knowing user are running packages is pretty much a given so why should things break just because a update is being applied? Sure there's a lot of code to ensure everything goes smooth but this is a known variable in which updates are being applied.
2.4.5p1 the package installer breaks.... sometimes and I'm told the solutions is to reload from scratch, install the packages then load my config?How is that an acceptable practice? I'm seriously afraid to upgrade any other systems I support because there is a likelihood that they will break and then what? I have to reinstall, preinstall the packages and then re-load the config?
I'm seriously thinking it may be time to leave PfSense and go to something like OPNSense or just forget a open based firewall and going to Ubiquiti.
Oh, and for all those haters that want to flame me, you're another reason I'm thinking of leaving.
I've basicaly said I have (and others) have a problem with the pkg installer and there has been no resolution.