Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Downgrade NUT package vs. remote upgrade of pfSense CE

    Scheduled Pinned Locked Moved
    UPS Tools
    3
    5
    360
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RyanMR
      RyanM
      last edited by

      Ok, so I think I know what I did. I have a remote pfSense CE router running 2.7.0. I haven't ugpraded it yet, because it is in another state and I won't be back there until May or June of next year. I was planning to upgrade it then and do a few other things (like looking at moving from OpenVPN to Tailscale).

      Regardless, I foolishly last night went into the package manager and saw an update for the NUT package to 2.8.2. I think I had 2.8.0_2 before. The upgrade showed some errors about untrusted SSL certificates. I suspect this is because I haven't upgraded pfSense to 2.7.2, which has newer OpenSSL (and newer CAs?).

      Regardless, it means NUT won't start and so my TrueNAS server can't act on my UPS either.

      I guess I am looking for guidance on 3 possible paths forward:

      1. Remotely upgrade to 2.7.2, keeping in mind that if something goes wrong I won't have physical access to the device for another 5 months or so.
      2. "Downgrade" NUT to 2.8.0_2, and hope it goes back to working the way it was.
      3. Live with it as-is and fix it in 5 months when I am back there.

      Thoughts?

      dennypageD S 2 Replies Last reply Reply Quote 0
      • dennypageD
        dennypage @RyanM
        last edited by

        @RyanM said in Downgrade NUT package vs. remote upgrade of pfSense CE:

        The upgrade showed some errors about untrusted SSL certificates. I suspect this is because I haven't upgraded pfSense to 2.7.2, which has newer OpenSSL

        Yep. Packages built for the newer (current) versions of pfSense use a new version of OpenSSL (3.0) which is not present in the prior versions.

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance @RyanM
          last edited by

          @RyanM The good news is the package install didn't break pfSense, since that can happen. Always set the update branch before installing packages (see my sig), however, I don't think 2.7.0 was even selectable anymore since it probably listed 2.7.1 and 2.7.2.

          Is this a situation where you can ship a replacement for someone to plug in? (if things go wrong)

          At the point that libraries are messed up a reinstall is cleanest...

          Per https://redmine.pfsense.org/issues/10464 it's supposed to have been prevented/resolved in 2.7.1/23.09.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • RyanMR
            RyanM
            last edited by

            @dennypage yeah, that is kind of what I figured.

            @SteveITS, I do have a backup pfSense box there that someone could plug in if needed, but I am kind of inclined to just wait. Besides, I was lazy and didn't update the backup unit before leaving for the winter.

            My router died a year or 2 ago while I was away for the winter, and it was kind of a mess. I couldn't do any of the remote monitoring of my home (water, cameras, thermostat, etc.). A non-technical friend went and did some limited investigation and I just had him ship the box to me. Turned out to be a bad board. I was able to get the board RMA'd, but I also ended up purchasing a replacement. I set it up where I was and then shipped it to my buddy who went to my house and plugged it in and turned it on. Thankfully the dynamic DNS all worked and I could identify the new IP and everything seemed to come back online.

            So, I would like to save this option for if the router dies. Wouldn't be awesome because the replacement will have v2.6.x installed, but at least my stuff would work until I got home. I would hate to have to ask my buddy to ship units back and forth again unless it was absolutely dire. For the time being, I will just sit tight. Just wasn't sure if there was an easy way to "downgrade" NUT.

            dennypageD 1 Reply Last reply Reply Quote 0
            • dennypageD
              dennypage @RyanM
              last edited by

              @RyanM said in Downgrade NUT package vs. remote upgrade of pfSense CE:

              Just wasn't sure if there was an easy way to "downgrade" NUT.

              You could go into the old NUT support thread and grab one of the testing builds that was done earlier in the year. If you do, make sure you get the right arch... the amd64 version was in the February timeframe, and the arm version was a couple of months later.

              1 Reply Last reply Reply Quote 0
              • stephenw10S stephenw10 moved this topic from pfSense Packages on
              • First post
                Last post