23.01 -> 23.05 upgrade failed
-
@pdavis said in 23.01 -> 23.05 upgrade failed:
After toggling the "Current Stable Version" and "Previous Stable Version" in System/Update/System Update, the GUI now showed 23.05 upgrade option.
So I had the same problem. First attempt at update failed with certificate issues, then my device got "stuck" thinking that 23.01 was the latest. Your steps quoted here fixed it for me too. Very strange!!
-
@demux said in 23.01 -> 23.05 upgrade failed:
Why? What can happen?
If you upgrade it can be in some cases that
the cert. lease will be gone, and so you only
have to wait a while until it is renewed and then
the entire upgrade process will work again for you without any problems. -
@SteveITS said in 23.01 -> 23.05 upgrade failed:
Actually, that is not correct. It will show packages for the selected branch, which may not be the installed version ....
Exact.
That's why I was talking about Netgate being a fortune 500 company : the pfSense package list should correspond the system you are using, which isn't necessarily the list with packages available.
The latest versions of a package become available when you use the latest pfSense version.
Something like that.This implies that there should be a unique repository for every supported pfSense version. This means a lot of labor to main all this.
-
Backed up my PFSense 23.01 version fine. Updated and it failed. Rebooted box and it wouldn't boot in to PFSense.
Installed new PFSense CE on the box. Got a new token for PFSense + and see this
Thank you for choosing Netgate pfSense. Your device does not require registration, we recognize it already. You may have already registered, or it may be a pre-registered Netgate appliance.
when I try registration
I should have read the forum before upgrading.
I am using PFSense now with CE release 2.6.0-RELEASE (amd64) and restored backup from PFSense 23.01. (which is wrong and seeing this on boot up)
So this morning installing PFSense CE on backup router and hopefully updating it with PFSense + and then restoring configuration.
Never had an issue like this.
-
@pete I don’t have a solution but I’ve seen other posts like that. I believe that means Netgate recognizes the calculated NDI and therefore you don’t need a new token. Maybe you can find a thread with the solution…
-
Thank you @SteveITS.
Plugged Backup PFSense CE to currently working LAN (on kitchen table - very low on the WAF).
Updated it to PFSense +. It is updating now to 23.01 and leaving it there and restoring backup from other machine.
On reboot it gets all sorts of PHP errors and stays at the login prompt. Rebooted a couple of times and it is the same on reboot. I am screwed right now.
It seemed to stall at the squid prompts. Removed squid package and it booted. Reset the box via command prompt. Restored old build. On reboot dbended on kernel load.
Will start again from scratch on back up box.
Once I get this one going then taking primary off line and redoing it hopefully to work fine.
I am retired and this is a hobby and while I have backup boxes here many folks do not.
Need to step away now and readdress issues this afternoon.
-
You could try out installing 2.6 (zfs) and then upgrading to 23.01 and once more to 23.05
and if you will be install also back the config
then it would be the best option in my eyes.
You will need perhaps 30 minutes and all is
fine again. For the spare box I would try out
the 2.7 Development, if it is only a spare box
and for home usage and on top a hobby you
will be fine with it. -
Thank-you @dobby.
I did that and it worked and I did not update but when I restored my PFSense + old configuration it debended.
The second time I did it it said it was registered and wouldn't update to PFSense +.
So now booting in Ubuntu and reformatting drive and trying installation again.
This is on a Qotom. I also have two Jetways which I like much better than Qotom which I may try on.
In my retirement now hoarding firewalls ;).
I am still running on the redone Qotom PFSense + box to PFSense CE with the PFSense + backup restored to it. My VPN servers are running fine.
Just that I am occupying the kitchen table with a monitor and another server which is very low on the WAF.
-
@Dobby_ I just finished that exact procedure. All the way back to fresh 2.6 and then the 2 steps to upgrade.
I had to do it because "Available packages" was showing as empty and I was getting an error is syslog relating to the package manager.
And then I also had to update the RTL Ethernet driver to get my 2.5 Gbit card working.
But...
php-fpm[396]: /pkg_mgr_installed.php: The command '/usr/local/sbin/pfSense-repo-setup' returned exit code '1', the output was 'pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!!'
Has returned as of a few minutes ago.
Hmmm.
-
@mark_lab_user Oh, silly me, I forget to Register using my existing Token.
Now things are looking up.
Guess that explains the 'invalid signature'?
-
@pete said in 23.01 -> 23.05 upgrade failed:
In my retirement now hoarding firewalls ;).
1 pfSense+
1 pfSense Devel
1 OpenWRT (comes later)
1 RouterOS (On the way) -
@mark_lab_user said in 23.01 -> 23.05 upgrade failed:
@mark_lab_user Oh, silly me, I forget to Register using my existing Token.
Now things are looking up.
Guess that explains the 'invalid signature'?
@mark_lab_user - I have been seeing the same error but was already registered for pfSense Plus when I saw it.
https://forum.netgate.com/topic/180382/unable-to-install-or-upgrade-packages
Are you saying that the invalid signature error went away as soon as you registered your pfSense Plus activation token?
-
@tman222 YES.
-
-
Formatting the drive did not fix the registration error.
I see this on the registration page where I put the token in for PFSense+
Thank you for choosing Netgate pfSense
Your device does not require registration, we recognize it already. You may have already registered, or it may be a pre-registered Netgate appliance.
Well then I read this:
*@jarhead ***There was a discussion a month or two ago that touched on it... I seem to recall pfSense generates a hardware ID and if the hardware changes it is seen as different/new. So without changing something, you probably would need to contact Netgate as mentioned.
Yeah, there's no automated process to do that currently. So open a ticket if for any reason you need to.****
That is why I could not re-install PFSense + on original machine and now second test machine. So now trying new Jetway computer. So will open up a TAC request for machines that were registered with PFSense.
Yes here have been using a micro travel router (2" X 1"" running OpenWRT and a MQTT broker inside my alarm panel (OmniPro 2). Another one is running MeteoHub with a MeteoStick for my Davis Weather station. Well and another one is a wireless TOR box.
Well also running Kodi in my automobiles and using Openwrt to LTE modems. Really like KODI CoreElec which talks to the bus on the car. It shows up as a menu item.So installed PFSense then PFSense + on the new Jetway (6 Gb ports / com port / vga). Next steps are to recover my backup. This is where when I tried last time to do this the computer failed to boot.
Netgate pfSense Plus - Netgate Device ID: 3
*** Welcome to Netgate pfSense Plus 23.01-RELEASE (amd64) on pfSense *** WAN (wan) -> igb0 -> v4/DHCP4: 192.168.244.251/25 v6/DHCP6: xxx/64 LAN (lan) -> igb1 -> v4: 192.168.1.1/24 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + Netgate pfSense Plus tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Enter an option:
-
-
I went through the process of promoting my secondary firewall to the master, then formatted the physical server (Dell R210 II), reinstalled pfSense 2.6 CE -> upgraded to pfSense+ (23.01), attempted the 23.05 upgraded again, and have the exact same issue. No packages installed or configuration beyond WAN and LAN IPs done on fresh install
It would seem that either my license/token has an issue (since it auto-discovered it after install, I wasn't able to use a new token) or there's just something wrong with the upgrade packages that get downloaded.
[23.01-RELEASE][admin@pfsense-a.home.arpa]/conf: pfSense-upgrade -d >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: .. done pfSense-core repository update completed. 15 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: .......... done Processing entries: Processing entries............. done pfSense repository update completed. 549 packages processed. All repositories are up to date. >>> Upgrading pfSense-upgrade... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-upgrade: 1.0_61 -> 1.0_66 [pfSense] Number of packages to be upgraded: 1 20 KiB to be downloaded. [1/1] Fetching pfSense-upgrade-1.0_66.pkg: ... done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-upgrade from 1.0_61 to 1.0_66... [1/1] Extracting pfSense-upgrade-1.0_66: ...... done pkg-static: No package(s) matching pfSense-pkg-* pfSense-repoc-static: si_get_packages: failed to run the pkg info command: /usr/local/sbin/pkg-static info -R --raw-format json-compact pfSense-pkg-\* pfSense-repoc-static: no pfSense packages installed pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!! failed to update the repository settings!!!
-
List of packages:
[23.01-RELEASE][admin@pfsense-a.home.arpa]/root: /usr/local/sbin/pkg-static info -a
[23.01-RELEASE][admin@pfsense-a.home.arpa]/root: /usr/local/sbin/pkg-static info -a beep-1.0_1 Beeps a certain duration and pitch out of the PC Speaker bind-tools-9.18.8 Command line tools from BIND: delv, dig, host, nslookup... bsnmp-regex-0.6_2 bsnmpd module allowing creation of counters from log files bsnmp-ucd-0.4.5 bsnmpd module that implements parts of UCD-SNMP-MIB bwi-firmware-kmod-3.130.20 Broadcom AirForce IEEE 802.11 Firmware Kernel Module ca_root_nss-3.83 Root certificate bundle from the Mozilla Project ccid-1.5.0 Generic driver for USB CCID and ICCD check_reload_status-0.0.14 run various pfSense scripts on event. choparp-20150613 Simple proxy arp daemon cpdup-1.22 Comprehensive filesystem mirroring and backup program cpustats-0.1_1 cpustats curl-7.85.0 Command line tool and library for transferring data with URLs cyrus-sasl-2.1.28 RFC 2222 SASL (Simple Authentication and Security Layer) dbus-1.14.4,1 Message bus system for inter-application communication devcpu-data-20221002 AMD and Intel CPUs microcode updates devcpu-data-amd-20221002 AMD CPUs microcode updates devcpu-data-intel-20220809 Intel CPU microcode updates dhcp6-20080615.2_4 KAME DHCP6 client, server, and relay dhcpleases-0.5_1 read dhpcd.lease file and add it to hosts file dhcpleases6-0.1_3 read dhpcd6.leases file and trigger command on modification dmidecode-3.4_2 Tool for dumping DMI (SMBIOS) contents in human-readable format dnsmasq-2.87,1 Lightweight DNS forwarder, DHCP, and TFTP server dpinger-3.2 IP device monitoring tool expat-2.4.9 XML 1.0 parser written in C expiretable-0.6_2 Utility to remove entries from the pf(4) table based on their age filterdns-2.2 filterdns filterlog-0.1_9 filterlog gettext-runtime-0.21 GNU gettext runtime libraries and programs glib-2.74.0,2 Some useful routines of C programming (current stable version) hostapd-2.10_5 IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator icu-72.1,1 International Components for Unicode (from IBM) iftop-1.0.p4 Display bandwidth usage on an interface by host igmpproxy-0.3_1,1 Multicast forwarding IGMP proxy indexinfo-0.3.1 Utility to regenerate the GNU info page index ipmitool-1.8.18_3 CLI to manage IPMI systems isc-dhcp44-client-4.4.3P1 The ISC Dynamic Host Configuration Protocol client isc-dhcp44-relay-4.4.3P1 The ISC Dynamic Host Configuration Protocol relay isc-dhcp44-server-4.4.3P1 ISC Dynamic Host Configuration Protocol server json-c-0.16 JSON (JavaScript Object Notation) implementation in C ldns-1.8.3 Library for programs conforming to DNS RFCs and drafts libargon2-20190702 Memory hard password hashing program and library libedit-3.1.20210910,1 Command line editor library libevent-2.1.12 API for executing callback functions on events or timeouts libffi-3.4.3 Foreign Function Interface libgcrypt-1.9.4_1 General purpose cryptographic library based on the code from GnuPG libgpg-error-1.45 Common error values for all GnuPG components libiconv-1.17 Character set conversion library libidn2-2.3.3_1 Implementation of IDNA2008 internationalized domain names libinotify-20211018 Kevent based inotify compatible library libltdl-2.4.7 System independent dlopen wrapper liblz4-1.9.4,1 LZ4 compression library, lossless and very fast libmcrypt-2.5.8_3 Multi-cipher cryptographic library (used in PHP) libnghttp2-1.48.0 HTTP/2.0 C Library libpsl-0.21.1_6 C library to handle the Public Suffix List libsodium-1.0.18 Library to build higher-level cryptographic tools libssh2-1.10.0,3 Library implementing the SSH2 protocol libucl-0.8.1 Universal configuration library parser libunistring-1.1 Unicode string library libuv-1.44.2 Multi-platform support library with a focus on asynchronous I/O libxml2-2.10.3_1 XML parser library for GNOME libxslt-1.1.37 XML stylesheet transformation library links-2.28,1 Lynx-like text WWW browser lua-resty-core-0.1.23 New FFI-based Lua API for OpenResty NGINX Lua modules lua-resty-lrucache-0.13 Lua-land LRU cache based on the LuaJIT FFI luajit-openresty-2.1.20220915 Just-In-Time Compiler for Lua (OpenResty branch) lzo2-2.10_1 Portable speedy, lossless data compression library minicron-0.0.2 very small cron miniupnpd-2.2.1_1,1 UPnP IGD implementation which uses pf/ipf mobile-broadband-provider-info-20220725 Service mobile broadband provider database mpd5-5.9_12 Multi-link PPP daemon based on netgraph(4) mpdecimal-2.5.1 C/C++ arbitrary precision decimal floating point libraries nginx-1.22.0_9,3 Robust and small WWW server nss_ldap-1.265_14 RFC 2307 NSS module ntp-4.2.8p15_5 The Network Time Protocol Distribution oniguruma-6.9.8_1 Regular expressions library compatible with POSIX/GNU/Perl openldap26-client-2.6.3 Open source LDAP client implementation opensc-0.22.0 Libraries and utilities to access smart cards openvpn-2.6.0_13 Secure IP/Ethernet tunnel daemon openvpn-auth-script-1.0.0.3 Generic script-based deferred auth plugin for OpenVPN pam_ldap-186_1 PAM module for authenticating with LDAP pam_mkhomedir-0.2 Create HOME with a PAM module on demand pcre-8.45_2 Perl Compatible Regular Expressions library pcre2-10.40 Perl Compatible Regular Expressions library, version 2 pcsc-lite-1.9.5,2 Middleware library to access a smart card using SCard API (PC/SC) perl5-5.32.1_3 Practical Extraction and Report Language pfSense-23.01 Meta package to install pfSense required ports pfSense-Status_Monitoring-1.8 pfSense Status Monitoring pfSense-base-23.01 pfSense core files pfSense-boot-23.01 pfSense boot files pfSense-default-config-23.01 pfSense default config pfSense-kernel-pfSense-23.01 pfSense kernel (pfSense) pfSense-rc-23.01 pfSense rc script and rc.initial shell pfSense-repo-23.01 Setup pfSense pkg(8) repositories pfSense-repoc-20230523 pfSense dynamic repository client pfSense-upgrade-1.0_66 pfSense upgrade script pftop-0.8 Utility for real-time display of statistics for pf php81-8.1.11 PHP Scripting Language (8.1.X branch) php81-bcmath-8.1.11 The bcmath shared extension for php php81-bz2-8.1.11 The bz2 shared extension for php php81-ctype-8.1.11 The ctype shared extension for php php81-curl-8.1.11 The curl shared extension for php php81-dom-8.1.11 The dom shared extension for php php81-filter-8.1.11 The filter shared extension for php php81-gettext-8.1.11 The gettext shared extension for php php81-intl-8.1.11_1 The intl shared extension for php php81-ldap-8.1.11 The ldap shared extension for php php81-libbe-0.1.4.1 FreeBSD libbe(3) library glue extension for PHP php81-mbstring-8.1.11 The mbstring shared extension for php php81-opcache-8.1.11 The opcache shared extension for php php81-openssl_x509_crl-1.3_1 PHP Class to create openssl Certificate Revocation List (CRL) php81-pcntl-8.1.11 The pcntl shared extension for php php81-pdo-8.1.11 The pdo shared extension for php php81-pdo_sqlite-8.1.11 The pdo_sqlite shared extension for php php81-pear-1.10.13 PEAR framework for PHP php81-pear-Auth_RADIUS-1.1.0_4 PEAR wrapper classes for the RADIUS PECL php81-pear-Cache_Lite-1.8.3,1 Fast and Safe little cache system php81-pear-Crypt_CHAP-1.5.0_2 PEAR class for generating CHAP packets php81-pear-HTTP_Request2-2.5.1,1 PEAR classes providing an easy way to perform HTTP requests php81-pear-Mail-1.4.1,1 PEAR class that provides multiple interfaces for sending emails php81-pear-Net_IPv6-1.3.0.b4_2 Check and validate IPv6 addresses php81-pear-Net_SMTP-1.10.1 PEAR class that provides an implementation of the SMTP protocol php81-pear-Net_Socket-1.2.2 PEAR Network Socket Interface php81-pear-Net_URL2-2.2.1 PEAR Class for parsing and handling URL php81-pear-XML_RPC2-1.1.5 XML-RPC client/server library php81-pecl-mcrypt-1.0.5 PHP extension for mcrypt, removed in PHP 7.2 php81-pecl-radius-1.4.0b1_2 Radius client library for PHP php81-pecl-rrd-2.0.3 PHP bindings to rrd tool system php81-pfSense-module-0.91 Library for getting useful info php81-phpseclib-2.0.17 PHP arbitrary-precision integer arithmetic library php81-posix-8.1.11 The posix shared extension for php php81-readline-8.1.11 The readline shared extension for php php81-session-8.1.11 The session shared extension for php php81-shmop-8.1.11 The shmop shared extension for php php81-simplexml-8.1.11 The simplexml shared extension for php php81-sockets-8.1.11 The sockets shared extension for php php81-sqlite3-8.1.11 The sqlite3 shared extension for php php81-sysvmsg-8.1.11 The sysvmsg shared extension for php php81-sysvsem-8.1.11 The sysvsem shared extension for php php81-sysvshm-8.1.11 The sysvshm shared extension for php php81-tokenizer-8.1.11 The tokenizer shared extension for php php81-xml-8.1.11 The xml shared extension for php php81-xmlreader-8.1.11 The xmlreader shared extension for php php81-xmlwriter-8.1.11 The xmlwriter shared extension for php php81-zlib-8.1.11 The zlib shared extension for php pkg-1.19.1_1 Package manager py39-libzfs-1.1.2022081600 Python libzfs bindings py39-setuptools-63.1.0 Python packages installer python311-3.11.1_1 Interpreted object-oriented programming language python39-3.9.16 Interpreted object-oriented programming language qstats-0.2 read dhpcd.lease file and add it to hosts file radvd-2.19_2 Linux/BSD IPv6 router advertisement daemon rate-0.9_2 Traffic analysis command-line utility readline-8.1.2 Library for editing command lines as they are typed rrdtool-1.8.0_1 Round Robin Database Tools scponly-4.8.20110526_5 Tiny shell that only permits scp and sftp smartmontools-7.3 S.M.A.R.T. disk monitoring tools sqlite3-3.39.3_1,1 SQL database engine in a C library ssh_tunnel_shell-0.2_1 SSH tunnel shell sshguard-2.4.2_2,1 Protect hosts from brute-force attacks against SSH and other services strongswan-5.9.8 Open Source IKEv2 IPsec-based VPN solution uclcmd-0.1_3 Command line tool for working with UCL config files unbound-1.17.1_2 Validating, recursive, and caching DNS resolver voucher-0.1_2 Voucher support vstr-1.0.15_1 General purpose string library for C whois-5.5.7 Marco d'Itri whois client wol-0.7.1_4 Tool to wake up Wake-On-LAN compliant computers wpa_supplicant-2.10_6 Supplicant (client) for WPA/802.1x protocols wrapalixresetbutton-0.0.13 Utility to detect platform reset button state for use in scripting xinetd-2.3.15_2 Replacement for inetd with better control and logging zstd-1.5.2_1 Fast real-time compression algorithm
-
@driise said in 23.01 -> 23.05 upgrade failed:
pfSense-upgrade-1.0_66
more info:
GUI set to 23.01 branch
[23.01-RELEASE][admin@pfSense.home.arpa]/usr/local/etc: pkg info -l pfSense-upgrade pfSense-upgrade-1.0_61: /usr/local/libexec/pfSense-upgrade /usr/local/pfSense/include/Netgate/repos/pfSense-update-repos.inc.php /usr/local/sbin/pfSense-update-repos.php /usr/local/sbin/pfSense-upgrade /usr/local/share/licenses/pfSense-upgrade-1.0_61/APACHE20 /usr/local/share/licenses/pfSense-upgrade-1.0_61/LICENSE /usr/local/share/licenses/pfSense-upgrade-1.0_61/catalog.mk [23.01-RELEASE][admin@pfSense.home.arpa]/usr/local/etc:
GUI set to 23.05 branch
[23.01-RELEASE][admin@pfSense.home.arpa]/usr/local/etc: pkg info -l pfSense-upgrade ld-elf.so.1: /usr/local/sbin/pkg: Undefined symbol "__libc_start1@FBSD_1.7" [23.01-RELEASE][admin@pfSense.home.arpa]/usr/local/etc:
/usr/local/sbin/pkg* files from 23.05
(note different file sizes from the _61 files which are from 23.01[23.01-RELEASE][admin@pfSense.home.arpa]/usr/local/etc: ls -al /usr/local/sbin/pkg* -rwxr-xr-x 1 root wheel 2917568 May 23 12:56 /usr/local/sbin/pkg -rwxr-xr-x 1 root wheel 28860304 May 23 12:56 /usr/local/sbin/pkg-static -rwxr-xr-x 1 root wheel 29087192 Jan 7 13:49 /usr/local/sbin/pkg-static.pkgsave -rwxr-xr-x 1 root wheel 29127216 May 28 10:08 /usr/local/sbin/pkg-static_61 -rwxr-xr-x 1 root wheel 2912880 May 28 10:05 /usr/local/sbin/pkg_61
-
A recap and what I see this morning on master PFSense box.
1 - PFSense 23.01 was running fine last week. On notification of update to 23.05 backed it up.
2 - updated box and update failed.
3 - box did not reboot - debend.
4 - Installed 2.6.0-RELEASE on box and used back up from PFSense 23.01. It worked with errors and currently running.
5 - Tried to register box with new token to update box to PFSense 23.01 and got a message that box is already registered.
6 - This morning Mon, May 29, 23 got a new message to update.2.6.0-RELEASE (amd64) built on Mon Jan 31 19:57:53 UTC 2022 FreeBSD 12.3-STABLE Version 23.01 is available. Version information updated at Mon May 29 6:09:08 CDT 2023
So should I back up and try to update?
Should I try to update via command line console?
or
Via update GUI? -
Think this means that it's old activation token was detected (same thing mine did when I re-installed). It will upgrade to 23.01 just fine. I'll bet a donut you'll have the same upgrade failure going to 23.05. It's odd, 23.05 worked on my VM (failed first time, worked second), but not my physical regardless what I try to do on it.
-
Thank you. This is the original master PFSense box.
I am dependent on this box right now and the backup box is running fine but I have not restored the old configuration on it yet.