Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-4860 updates are broken after factory reset

    Scheduled Pinned Locked Moved
    Official Netgate® Hardware
    3
    4
    269
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      inventor96
      last edited by

      Hello,

      A friend recently sent me their old SG-4860 they're no longer using. I'm currently running pfSense CE on a laptop with VLANs, so I'm hoping to replace that setup with the SG-4860.

      The first thing I did was connect to the USB console and do a factory reset. After that, I've been trying to apply any updates available. It's currently on "2.4.4_2" and reports that "21.02 2" is available. The webGUI method appeared to stall with the first line Please wait while the update system initializes, so I tried going to the CLI, but the process doesn't succeed, either:

      Enter an option: 13

>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pkg-static: Repository pfSense has a wrong packagesite, need to re-create database
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: 
pkg-static: Newer FreeBSD version for package pfSense-pkg-syslog-ng:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1202504
- running kernel: 1102000

pkg-static: repository pfSense contains packages for wrong OS version: FreeBSD:12:amd64
Processing entries... done
Unable to update repository pfSense
Error updating repositories!
>>> Locking package pkg... done.
ERROR: Unable to compare version of pfSense-repo

      I've seen a couple other threads with somewhat related issues saying they needed to download the latest firmware, so I attempted to use the webGUI to install the Netgate_Firmware_Upgrade package, but when I try to open the "Available Packages" list, it says Unable to retrieve package information..

      While poking around I tried running pkg update, but all that returned was Shared object "libcryptoauth.so.3" not found, required by "pkg". In troubleshooting that message, I came across the thread at https://forum.netgate.com/topic/161868/unable-to-upgrade-my-sg-2220, and I started trying to do some of the steps that user tried, but that didn't seem to work:

      [2.4.4-RELEASE][admin@pfSense.home.lan]/root: pkg-static info -x pfSense-upgrade
pkg-static: Warning: Major OS version upgrade detected.  Running "pkg bootstrap -f" recommended
pfSense-upgrade-0.69
[2.4.4-RELEASE][admin@pfSense.home.lan]/root: pkg bootstrap -f
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+https://firmware.netgate.com/pkg/pfSense_plus-v21_02_2_amd64-pfSense_plus-v21_02_2, please wait...
Verifying signature with trusted certificate pkg.pfsense.org.20160406... done
Installing pkg-1.16.1...
pkg-static: Newer FreeBSD version for package pkg:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1202504
- running kernel: 1102000

package pkg is already installed, forced install
Extracting pkg-1.16.1: 100%
[2.4.4-RELEASE][admin@pfSense.home.lan]/root: pkg-static info -x pfSense-upgrade
pfSense-upgrade-0.69
[2.4.4-RELEASE][admin@pfSense.home.lan]/root: pkg-static update -f
Updating pfSense-core repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
Fetching packagesite.txz: 100%    2 KiB   2.3kB/s    00:01    
Processing entries: 100%
pfSense-core repository update completed. 14 packages processed.
Updating pfSense repository catalogue...
pkg-static: Repository pfSense has a wrong packagesite, need to re-create database
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
Fetching packagesite.txz: 100%  144 KiB 147.5kB/s    00:01    
Processing entries:   0%
pkg-static: Newer FreeBSD version for package pfSense-pkg-syslog-ng:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1202504
- running kernel: 1102000

pkg-static: repository pfSense contains packages for wrong OS version: FreeBSD:12:amd64
Processing entries: 100%
Unable to update repository pfSense
Error updating repositories!

      Just in case, I tried the webGUI update and option 13 from the console, but both had the same unsuccessful results.

      I've started going through the steps at https://docs.netgate.com/pfsense/en/latest/troubleshooting/pkg-broken-database.html, but that stopped on the second step:

      [2.4.4-RELEASE][admin@pfSense.home.lan]/root: /bin/mkdir -p /var/db/pkg/ /root/var/db/pkg/
[2.4.4-RELEASE][admin@pfSense.home.lan]/root: /usr/local/sbin/pkg-static update -f
Updating pfSense-core repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
Fetching packagesite.txz: 100%    2 KiB   2.3kB/s    00:01    
Processing entries: 100%
pfSense-core repository update completed. 14 packages processed.
Updating pfSense repository catalogue...
pkg-static: Repository pfSense has a wrong packagesite, need to re-create database
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
Fetching packagesite.txz: 100%  144 KiB 147.5kB/s    00:01    
Processing entries:   0%
pkg-static: Newer FreeBSD version for package pfSense-pkg-syslog-ng:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1202504
- running kernel: 1102000

pkg-static: repository pfSense contains packages for wrong OS version: FreeBSD:12:amd64
Processing entries: 100%
Unable to update repository pfSense
Error updating repositories!

      https://docs.netgate.com/pfsense/en/latest/solutions/sg-4860/reinstall-pfsense.html mentions opening a TAC ticket, but this device doesn't have an active paid support subscription as far as I'm aware, so I don't know that Netgate will respond to me submitting a ticket?

      I'll keep poking around to see if I can find anything that helps me get this firewall up and running, but if anyone could give me some pointers, that would be great!

      S 1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        Just open a ticket. You don't need active support to get the recovery image: https://www.netgate.com/tac-support-request

        You probably can get it to upgrade but it will be in several steps and the result will be uncertain. Especially since you don't need to keep the config just reinstall to 23.09.1 clean.

        Steve

        I 1 Reply Last reply Reply Quote 1
        • S
          SteveITS Rebel Alliance @inventor96
          last edited by

          @inventor96 yes just install new. You’ll get ZFS as well and skip a few consecutive update installs.

          Netgate_Firmware_Upgrade Is for BIOS updates not pfSense.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • I
            inventor96 @stephenw10
            last edited by

            For the record, changing branches and then doing updates got me closer, but still not all the way there.

            @stephenw10 said in SG-4860 updates are broken after factory reset:

            Just open a ticket. You don't need active support to get the support image: https://www.netgate.com/tac-support-request

            Thanks for pointing this out. To contribute to this for others to reference, in the FAQ's (https://www.netgate.com/support/frequently-asked-questions) there's a "What is TAC Lite?" section, which includes "Customers who purchase a Netgate appliance do not have to purchase a subscription and have TAC Lite free of charge for the life of the appliance."

            I submitted a request, selecting "TAC Lite" for the Support Level, and they did indeed respond with temporary links to download an install image.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post