Network access blocked after update
-
I connected to a remote PC. From the browser of this PC I connected to pfSense and launched the update from 2.6.0 to 2.7.0.
Everything seems to have gone well.The last set of messages was:
[1/1] Upgrading pfSense-kernel-pfSense from 2.6.0 to 2.7.0...
[1/1] Extracting pfSense-kernel-pfSense-2.7.0: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
System is going to be upgraded. Reboot in 10 seconds.Unlocking package pkg...done.
SuccessIn the center of the page the counter displayed
Rebooting
Page will automatically reload in 74 seconds
And here it stuck.The problem is that pfSense must have blocked the Internet because the remote connection dropped and I have been unable to connect to that PC for over half an hour (I was using VNC directly, without requesting confirmation from a user).
I tried it on my pfsense and here too, after the first counter has finished it keeps appearing
Not yet ready
Retrying in another X secondsAnd here, too, minutes pass without anything working and the Internet inaccessible.
How long does the process take?Thank you.
=========== Update
Access to pfesense from another browser is denied because the DHCP on my network card no longer has a valid address.
At this point, even to troubleshooting I should still restart pfSense despite the messages suggesting the opposite.
And remotely how do I restart it? -
Reporting pfSense messages, the forum has poorly formatted them
These are the messages that appeared
The last set of messages was:
[1/1] Upgrading pfSense-kernel-pfSense from 2.6.0 to 2.7.0...
[1/1] Extracting pfSense-kernel-pfSense-2.7.0: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
System is going to be upgraded. Reboot in 10 seconds.
Unlocking package pkg...done.
Success -
It can take a while to upgrade. It depends on the speed of your hardware, mostly the drive speed.
Some systems I have here still running from CF always take much longer to upgrade than I expect.Steve
-
@stephenw10
More than 12 hours?
We hope! -
No, not that long. Longest I've seen was, maybe, 45mins.
-
@stephenw10
The last message that appeared was "Success",
I have listed them above.My pfsense also froze on reboot and had to manually power it off and on.
Now I'm forced to schedule the update of the other pfsense, but no longer remotely.I find it incredible that a similar problem can arise with devices that by their nature can reside hundreds of kilometers from the operational headquarters.
Not to mention that now a company is stuck until someone comes back from vacation just to push a button.
-
What hardware is that?
Did you try rebooting it before running the upgrade?
Steve
-
Today I tried to connect again and pfSense works with an uptime of 3 days.
Does this mean it took 5 days to make an update?
Incredible! (Like you just can't believe it)Is there a crash report?
Who should I send it to?@stephenw10
It is a PC built with Celeron 847 1.10GHz and 4GB of memory.
Serves 2 to 4 users, plus an Internal NAS. -
Hmm, yeah that seems very unlikely. What do the logs show? Anything before that boot 3 days ago?
The upgrade log will be in /conf.
-
Today, having more time at my disposal, I did some tests by downloading the configuration of a third firewall and loading it into a pfSense installed in a virtual machine.
I obviously had to change the NIC references, but it started.
At this point I tried to install the missing packages, but it won't let me because evidently the available ones are for 2.7 and the VM is still 2.6.I tried to update the VM, and it stuck at package 34.
I restore the snapshot to try again and this time the update was successful.
Out of 4 attempts made on physical and virtual machines, 3 failed and only one was successful.
On the two physical machines I kept the packages installed.
Before installing the configuration on the virtual machine I removed all the packages, but this doesn't seem like a great solution to me since among the packages there is FreeRadius, Squid, Snort, statistics and other packages that I now have to configure from scratch..On Sunday I'll try to update the third firewall, but if this one blocks too, then they'll run after me with a stick.
-
@darkcorner said in Network access blocked after update:
among the packages there is FreeRadius, Squid, Snort, statistics and other packages that I now have to configure from scratch
In most cases package config info survives uninstall. Suricata/Snort has a checkbox "Keep Suricata Settings After Deinstall" that is checked by default for example. However there is currently a bug in FreeRADIUS where if the person has not specifically saved the default settings page, the keep_settings option is misread and ignored:
https://redmine.pfsense.org/issues/14596
https://redmine.pfsense.org/issues/14806The upgrade process stalling while downloading packages seems like a weird place to stop. More common would be hardware unsupported by FreeBSD 14, boot issues, failing drive, bad RAM etc. that isn't discovered until reboot.
To install older packages change the update branch per my sig.
-
I would recommend at least uninstalling Squid before the upgrade. There have been issues with the install/uninstallscript in that package across a php version.
