Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update openvpn-client-export leads to total network outtage

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    9 Posts 3 Posters 648 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi,

      I decided an hour ago to upgrade the openvpn-client-export Addon - what should go wrong?!

      Well that was the last thing I got from the pfSense:

      316c02f4-b2d7-4bbc-8df0-17e7a76db5dd-image.png

      At this point I was on the clock to get the network back up before my head end up on a stick in the lobby.

      Sorry but WHAT THE FUCK was that? Why does a simple package upgrade of an totally unimportant add-on uninstalls another package which provides core functionality of a network?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What version are you on?

        Somehow it removed FRR which isn't something that would normally happen when updating a package.

        Usually that kind of thing only happens when you have not upgraded to the latest release before updating packages. For example if you are still on 2.4.4-p3 or 2.4.5 and not 2.4.5-p1.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • ?
          A Former User
          last edited by A Former User

          The Firewall is running on 2.4.5-p1 for month now. I've updated from 2.4.4-p3 couple of days after the Release Day of 2.4.5-p1.

          46a7aec6-1ccb-4602-80b0-ebe50410838e-image.png

          Update Branch is set to Latest stable version 2.4.x.

          c9b1d97a-07d2-4762-952e-0cf673b5af7d-image.png

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            What's curious to me is that it didn't attempt to remove the GUI packages (e.g. pfSense-pkg-frr) just the binary parts.

            Did you install those manually at the CLI without the GUI components? Or anything else non-standard? Any third party package repositories enabled?

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by

              No, this Firewall (and all other productive Firewalls) using only official packages and repositories. Every package was installed or updated through the GUI. There is no experimental stuff happening on this device.

              cat /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf
              FreeBSD: { enabled: no }

              pfSense-core: {
              url: "pkg+https://pkg.pfsense.org/pfSense_v2_4_5_amd64-core",
              mirror_type: "srv",
              signature_type: "fingerprints",
              fingerprints: "/usr/local/share/pfSense/keys/pkg",
              enabled: yes
              }

              pfSense: {
              url: "pkg+https://pkg.pfsense.org/pfSense_v2_4_5_amd64-pfSense_v2_4_5",
              mirror_type: "srv",
              signature_type: "fingerprints",
              fingerprints: "/usr/local/share/pfSense/keys/pkg",
              enabled: yes
              }

              1 Reply Last reply Reply Quote 0
              • ?
                A Former User
                last edited by

                @jimp I took a look at the log of the openvpn-client-export package update.

                cat pkg_log_pfSense-pkg-openvpn-client-export.txt

                Upgrading pkg... done.
                Updating repositories metadata...
                pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
                Updating pfSense-core repository catalogue...
                Fetching meta.conf: . done
                Fetching packagesite.txz: . done
                Processing entries: . done
                pfSense-core repository update completed. 7 packages processed.
                Updating pfSense repository catalogue...
                Fetching meta.conf: . done
                Fetching packagesite.txz: .......... done
                Processing entries: .......... done
                pfSense repository update completed. 525 packages processed.
                All repositories are up to date.
                Upgrading pfSense-pkg-openvpn-client-export...
                pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
                Updating pfSense-core repository catalogue...
                pfSense-core repository is up to date.
                Updating pfSense repository catalogue...
                pfSense repository is up to date.
                All repositories are up to date.
                The following 5 package(s) will be affected (of 0 checked):

                Installed packages to be REMOVED:
                frr7: 7.3.1
                net-snmp: 5.7.3_20,1
                pfSense-pkg-frr: 0.6.7_6

                Installed packages to be UPGRADED:
                openvpn-client-export: 2.4.9 -> 2.5.0 [pfSense]
                pfSense-pkg-openvpn-client-export: 1.4.23_2 -> 1.5_1 [pfSense]

                Number of packages to be removed: 3
                Number of packages to be upgraded: 2

                The operation will free 21 MiB.
                14 MiB to be downloaded.
                [1/2] Fetching pfSense-pkg-openvpn-client-export-1.5_1.txz: ... done
                [2/2] Fetching openvpn-client-export-2.5.0.txz: .......... done
                Checking integrity... done (0 conflicting)
                [1/5] Deinstalling pfSense-pkg-frr-0.6.7_6...
                Removing frr components...
                Menu items... done.
                Services... done.
                Loading package instructions...
                [1/5] Deleting files for pfSense-pkg-frr-0.6.7_6: .......... done
                Removing frr components...
                Configuration... done.
                [2/5] Deinstalling frr7-7.3.1...
                [2/5] Deleting files for frr7-7.3.1: .......... done
                ==> You should manually remove the "frr" user.
                ==> You should manually remove the "frr" group
                ==> You should manually remove the "frrvty" group
                [3/5] Deinstalling net-snmp-5.7.3_20,1...
                [3/5] Deleting files for net-snmp-5.7.3_20,1: .......... done
                [4/5] Upgrading openvpn-client-export from 2.4.9 to 2.5.0...
                [4/5] Extracting openvpn-client-export-2.5.0: .......... done
                [5/5] Upgrading pfSense-pkg-openvpn-client-export from 1.4.23_2 to 1.5_1...
                [5/5] Extracting pfSense-pkg-openvpn-client-export-1.5_1: .......... done
                Removing openvpn-client-export components...
                Loading package instructions...
                Saving updated package information...
                overwrite!
                Loading package configuration... done.
                Configuring package components...
                Loading package instructions...
                Custom commands...
                Writing configuration... done.

                Cleaning up cache... done.
                __RC=0

                What's the meaning of this ?

                Major OS version upgrade detected
                
                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Usually that only gets printed if you are pointed at a repository for a different version of pfSense. For example if you are running pfSense 2.4.5-p1 but the update branch is set to 2.5 snapshots.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User
                    last edited by

                    May this also happen if you change branch to 2.5 snapshot and change it back without updating any packages? I switched on this firewall couple of weeks ago the branch just to see whats the latest snapshot version is. But I switched it back to stable immediately - may this cause some sort of mixup which leads to unintended package removal?
                    At the time of the package update the firewall was definitely on stable branch.

                    1 Reply Last reply Reply Quote 0
                    • RicoR
                      Rico LAYER 8 Rebel Alliance
                      last edited by

                      You can check for Snapshots here: https://snapshots.pfsense.org/amd64/pfSense_master/installer/

                      -Rico

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.