Netgate 1100 dns stops
-
Any reason you're not running something newer?
-
-
@freek_box Nope, that's last year.
https://docs.netgate.com/pfsense/en/latest/releases/index.html#pfsense-plus-software
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors -
@freek_box said in Netgate 1100 dns stops:
I asume I'm on the latest version?
Add the RSS widget on your dashboard :
https://www.netgate.com/blog/pfsense-plus-software-version-22.05-now-available
so you'll have a double check on what happening and available.This :
is strange.
The check for available updates succeeded, but the info coming back said "21.05.2-Release", so, you're fine.
As already said above, use the Troubleshooting Upgrades suggestions. You will find 22.05 avaible. -
I did the:
Navigate to System > Updates
Set Branch to Previous stable version
Wait a few moments for the upgrade check to completeBut now it shows:
-
At the command line run:
pkg-static -d updateWhat error does it return?
-
DBG(1)[40213]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[40213]> PkgRepo: verifying update for pfSense-core
DBG(1)[40213]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[40213]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v21_05_2_aarch64-core/meta.conf
DBG(1)[40213]> opening libfetch fetcher
DBG(1)[40213]> Fetch > libfetch: connecting
DBG(1)[40213]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v21_05_2_aarch64-core/meta.conf with opts "i"
1082900480:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283:
DBG(1)[40213]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v21_05_2_aarch64-core/meta.conf with opts "i"
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.atx.netgate.com
1082900480:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Segmentation fault (core dumped) -
When I do:
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgradeI get:
pkg-static: Repository pfSense missing. 'pkg update' required
pkg-static: No package database installed. Nothing to do!
Updating pfSense-core repository catalogue...
1082900480:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.atx.netgate.com
1082900480:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Child process pid=4480 terminated abnormally: Segmentation fault -
The segfault like that indicates the crypto chip is in an unreachable state. You need to completely power cycle the device to reset it. So halt the device then remove the power for 10s or so. It should update correctly when rebooted.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#segmentation-fault-in-pkgSteve
-
I have no possibility to unplug it is that a problem? The device is hours away from me.
-
@freek_box If you click that doc page URL it's a known issue. It shouldn't affect normal operations but does affect packages and therefore upgrades. I believe it's just a one time fix though. I haven't had it recur on my 2100.
-
Unfortunately I know of no other way to reset that once it has entered that state. It will not be able to connect to the update repo until the crypto chip is reachable again.
-
@stephenw10 only rebooting is not enough?
-
@freek_box
Noop.
The 'crypto chip' van't be reset using a command.
A 10 seconds power down can bring it back online.edit : that is : a clean, commanded power down by the GUI or console(SSH),. Some ripping out the power and put it back in again could create other issues like a dirty file system.
So : console or SSH option 6.
Or GUI : Diagnostics > Halt System
Let the system shut down.
Then, remove the power for 10 seconds.
Power back in.
Done. -
@freek_box said in Netgate 1100 dns stops:
only rebooting is not enough?
It is not. The crypto chip remains powered as long as the PSU is connected to the device.
Steve
-
So how do I know if I'm on the correct version? I also have a VPS running with version:
-
@freek_box
You didn't notice it, way back in 2021, that this info
is refreshed every couple of hours or so.And then yours stopped refreshing for 18 months => not showing that you missed several major updates.
Like being on Windows 7, and don't know that 8, 8,1 and then 10 - and now 11 saw the light.Or look here : https://www.pfsense.org/download/
Or look here : https://www.netgate.com/blog/tag/releases
Or on the dashboard of pfSense itself :
No joke : never - ever - trust automated system
: you have to check (a couple of clicks actually) to see if a newer "version" is available.2.4.4 is .... ancient.
Check out Troubleshooting Upgrades.
-
@gertjan LOL I did not see that 2021 damm alright thnx!
-
I also have a old machine with pfsense on it see screenshot by switching it from branch it now sees it can be updated. Is this device safely to update to 2.5 I though there was something with this hardware that it could not run a newer version or something?
-
@freek_box That's not an 1100 I take it? It might be clearer to start a new thread for a different topic...
You might be thinking of AES-NI which Netgate originally planned to make required, but backed away from that 2-3 years ago.
