pfSense 2.6.0 installed but FreeBSD still on 12.2 and RELENG_2_5_0..?

bartlaarhoven

I have two (bare metal) pfSense servers running in a high-available setup. Let's call them fw-1 and fw-2.

A while ago, I upgraded fw-2 and fw-1 from 2.5.2 to 2.6.0. Because of some trouble later, I reinstalled fw-1 completely at some point later in time.

Now I regularly get the following error from fw-2:

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Operation not supported by device - The line in question reads [0]

Some Googling and browsing this form led me to the conclusion that a FreeBSD 12.2 should never call the DIOCADDRULENV, but FreeBSD 12.3 does. That led me to the following:

on fw-1:

[2.6.0-RELEASE][bart@fw-1.example.com]/home/bart: uname -a
FreeBSD fw-1.example.com 12.3-STABLE FreeBSD 12.3-STABLE RELENG_2_6_0-n226742-1285d6d205f pfSense  amd64
[2.6.0-RELEASE][bart@fw-1.example.com]/home/bart: freebsd-version
12.3-STABLE

and on fw-2:

[2.6.0-RELEASE][bart@fw-2.example.com]/home/bart: uname -a
FreeBSD fw-2.example.com 12.2-STABLE FreeBSD 12.2-STABLE 1b709158e581(RELENG_2_5_0) pfSense  amd64
[2.6.0-RELEASE][bart@fw-2.example.com]/home/bart: freebsd-version
12.3-STABLE

And I think this may be the cause of my problems. But I have no idea how to fix it. I've already tried the "forced pkg reinstall" from https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#forced-pkg-reinstall but that didn't resolve it. Is there any way (apart from complete reinstallation) to fix this?

Thanks!

stephenw10

Did it actually reboot after the upgrade? What does the uptime show?

What does this command show:

pkg info -x pfSense

Steve

bartlaarhoven

@stephenw10 I don't remember if it rebooted after the upgrade, but I have rebooted it in the meantime.

[2.6.0-RELEASE][bart@fw-2.example.com]/home/bart: pkg info -x pfSense
pfSense-2.6.0
pfSense-Status_Monitoring-1.7.11_4
pfSense-base-2.6.0
pfSense-default-config-2.6.0
pfSense-kernel-pfSense-2.6.0
pfSense-pkg-RRD_Summary-2.0_2
pfSense-pkg-acme-0.7.1_1
pfSense-pkg-bandwidthd-0.7.4_5
pfSense-pkg-bind-9.16_17
pfSense-pkg-haproxy-devel-0.62_10
pfSense-pkg-node_exporter-0.18.1_3
pfSense-pkg-openvpn-client-export-1.6_4
pfSense-pkg-sudo-0.3_6
pfSense-pkg-tftpd-0.1.3_3
pfSense-rc-2.6.0
pfSense-repo-2.6.0
pfSense-upgrade-1.0_12
php74-pfSense-module-0.76

stephenw10

Hmm, weird. What date/size do you see on the actual kermel in /boot/kernel?

32897 -r-xr-xr-x  1 root  wheel  63012384 Jan 31 20:07 kernel

Steve

bartlaarhoven

@stephenw10

-r-xr-xr-x  1 root  wheel  63012384 Jan 31 21:07 /boot/kernel/kernel

stephenw10

Huh. Presumably then it still has the 2.5.2 kernel in /boot/kernel.old and is somehow still booting it?

You have any custom loader lines that might do that?

Steve

bartlaarhoven

@stephenw10 I wouldn't know why or where to set that How can I see my custom loader lines?

stephenw10

Check /boot/loader.conf and /boot/loader.conf.local (if it exists).

bartlaarhoven

Btw I don't know if my kernel.old is 2.5.2:

[2.6.0-RELEASE][bart@prd-fw-2.internal.grexx.io]/boot: ls -al /boot/kernel*/kernel
-r-xr-xr-x  1 root  wheel  63012384 Jan 31 21:07 /boot/kernel.old/kernel
-r-xr-xr-x  1 root  wheel  63012384 Jan 31 21:07 /boot/kernel/kernel

bartlaarhoven

@stephenw10

[2.6.0-RELEASE][bart@fw-2.example.com]/boot: cat /boot/loader.conf*
autoboot_delay="3"
hw.hn.vf_transparent="0"
hw.hn.use_if_start="1"
net.link.ifqmaxlen="128"
cat: /boot/loader.conf.d: Is a directory

Thanks for your help btw so far!!

stephenw10

Hmm, that is very odd. I don't think I've ever seen that before and I'm not sure how it could happen.
The fastest way fast it is almost certainly to reinstall and restore though unfortunately. Unless that's not something you can do.

Steve

stephenw10

What do you see from?

[2.6.0-RELEASE][admin@t70.stevew.lan]/root: freebsd-version -kur
12.3-STABLE
12.3-STABLE
12.3-STABLE

bartlaarhoven

@stephenw10

[2.6.0-RELEASE][bart@fw-2.example.com]/boot: freebsd-version -kur
12.3-STABLE
12.2-STABLE
12.3-STABLE

stephenw10

This post is deleted!

bartlaarhoven

@stephenw10 Hi! I don't want to bother you too much but do you maybe have another idea what to do here? Or is the reinstall really the only option?

stephenw10

Reinstall is what I would do unless there's some reason you can't, like it's remote with no out of band access.
The only other thing you might try is the forced full reinstall of all packages:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#forced-pkg-reinstall

Steve

bartlaarhoven

@stephenw10 Okay, I can't say I'm happy with that answer but I understand it haha. Thanks!

stephenw10

Manually forcing reinstall of pfSense-kernel-pfSense-2.6.0.pkg should get you onto the correct kernel after a reboot. But the kernel file you have already looks correct.
Once you do that can you ever be 100% confident of the install?
If reinstalling is very inconvenient then it's probably worth trying first but reinstalling and restoring a config is usually quick and easy.
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html

Steve