Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to upgrate 23.09.1 to 24.11

    Problems Installing or Upgrading pfSense Software
    3
    15
    160
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nanda
      last edited by

      Hi

      I have been maintaining three firewalls and trying to upgrade one pfSense firewall from 23.09.1 to 24.11, but failed. The problems are elaborated below.

      a) Infeasible update via GUI

      When I check the main screen, it shows 24.11 is available (see Fig 1).

      fae15f16-a27d-473b-9776-cd9e81d672cc-image.png
      Figure 1: Pfsense main screen with update availability information.

      A confirmation button for the upgrade process initiation should appear after changing the branch to 24.11 in the system update page, but the status remains 'Up to date' (see Figure 2).

      e1ea0ced-af6c-4889-acec-edb572e21156-image.png
      Figure 2: System update page with 'Up to date' status

      b) via option 13.

      I tried to update via terminal through option 13, but the version remains the same, and the GUI status is also the same (see Fig 3).

      43565acc-16a5-40c7-bcc2-c7bfc45d7ea9-image.png
      Figure 3: Option 13 execution via terminal

      c) via Commands

      I have read similar posts on upgrade issues and tried certctl rehash before pkg-static -d update. I do not see any errors but I can see 304 status in the command output (see the below output).

      $ pkg-static -d update
DBG(1)[39150]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[39150]> PkgRepo: verifying update for pfSense-core
DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
DBG(1)[39150]> curl_open
DBG(1)[39150]> Fetch: fetcher used: pkg+https
DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf

DBG(1)[39150]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
*   Trying 208.123.73.207:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: < Server: nginx
< Date: Sun, 16 Mar 2025 08:49:48 GMT
< Content-Type: application/octet-stream
< Content-Length: 163
< Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
< Connection: keep-alive
< ETag: "6570ff06-a3"
< Accept-Ranges: bytes
<
* The requested document is not new enough
* Simulate an HTTP 304 response
* Closing connection

DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
DBG(1)[39150]> curl_open
DBG(1)[39150]> Fetch: fetcher used: pkg+https
DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg

DBG(1)[39150]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
* Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache
*   Trying 208.123.73.207:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Sun, 16 Mar 2025 08:49:49 GMT
< Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
< Connection: keep-alive
< ETag: "6570ff07-628"
<
* Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[39150]> PkgRepo: verifying update for pfSense
DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
DBG(1)[39150]> curl_open
DBG(1)[39150]> Fetch: fetcher used: pkg+https
DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf

DBG(1)[39150]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
*   Trying 208.123.73.207:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Sun, 16 Mar 2025 08:49:49 GMT
< Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
< Connection: keep-alive
< ETag: "67813b81-b2"
<
* Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
DBG(1)[39150]> curl_open
DBG(1)[39150]> Fetch: fetcher used: pkg+https
DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg

DBG(1)[39150]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
* Found bundle for host: 0x3c78bb8fec20 [serially]
* Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
> GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Sun, 16 Mar 2025 08:49:49 GMT
< Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
< Connection: keep-alive
< ETag: "67813b81-30264"
<
* Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
pfSense repository is up to date.
All repositories are up to date.

      Am I doing anything wrong here?
      Any help on this is highly appreciated.

      stephenw10S 1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator @nanda
        last edited by

        @nanda said in Unable to upgrate 23.09.1 to 24.11:

        DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
        DBG(1)[39150]> curl_open
        DBG(1)[39150]> Fetch: fetcher used: pkg+https
        DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg

        You can see there it's still checking against the 23.09.1 repo.

        Try going to Sys > Update > Update Settings and resave the branch as 24.11.

        N patient0P 2 Replies Last reply Reply Quote 0
        • N
          nanda @stephenw10
          last edited by

          @stephenw10

          I did as you suggested, but the result is the same.

          e6db5b8d-4cd1-4787-95f6-4ea0f8a16901-image.png
          Figure 1: Changing update settings

          a) via GUI
          8928529c-c2cc-4697-824f-24f9e0ff5238-image.png
          Figure 2: Trying to update after new settings

          b) via Command
          pkg-static -d update command output.

          $ pkg-static -d update
DBG(1)[96662]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[96662]> PkgRepo: verifying update for pfSense-core
DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
DBG(1)[96662]> curl_open
DBG(1)[96662]> Fetch: fetcher used: pkg+https
DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf

DBG(1)[96662]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
*   Trying 208.123.73.207:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: < Server: nginx
< Date: Mon, 17 Mar 2025 06:16:07 GMT
< Content-Type: application/octet-stream
< Content-Length: 163
< Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
< Connection: keep-alive
< ETag: "6570ff06-a3"
< Accept-Ranges: bytes
<
* The requested document is not new enough
* Simulate an HTTP 304 response
* Closing connection

DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
DBG(1)[96662]> curl_open
DBG(1)[96662]> Fetch: fetcher used: pkg+https
DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg

DBG(1)[96662]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
* Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache
*   Trying 208.123.73.207:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Mon, 17 Mar 2025 06:16:08 GMT
< Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
< Connection: keep-alive
< ETag: "6570ff07-628"
<
* Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[96662]> PkgRepo: verifying update for pfSense
DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
DBG(1)[96662]> curl_open
DBG(1)[96662]> Fetch: fetcher used: pkg+https
DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf

DBG(1)[96662]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
*   Trying 208.123.73.207:443...
* Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com
*  start date: Mar 15 20:23:11 2022 GMT
*  expire date: Feb 19 20:23:11 2122 GMT
*  common name: pfsense-plus-pkg00.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Mon, 17 Mar 2025 06:16:08 GMT
< Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
< Connection: keep-alive
< ETag: "67813b81-b2"
<
* Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
DBG(1)[96662]> curl_open
DBG(1)[96662]> Fetch: fetcher used: pkg+https
DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg

DBG(1)[96662]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults
* Found bundle for host: 0x21bd3a2fec20 [serially]
* Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com
> GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg00.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Mon, 17 Mar 2025 06:16:08 GMT
< Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
< Connection: keep-alive
< ETag: "67813b81-30264"
<
* Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact
pfSense repository is up to date.
All repositories are up to date.
          1 Reply Last reply Reply Quote 0
          • patient0P
            patient0 @stephenw10
            last edited by patient0

            @stephenw10 is the update procedure different in the Azure cloud? I guess it's running there since in the first screenshot there is a line

            "Microsoft Azure - Netgate Device ID: ...."

            Addition: The pfSense+ docu states under "Does the appliance support a live update of the software?":

            "This may be possible, but it is currently untested and unsupported. Since a real system console is not available, a definitive recovery process for failures during upgrades would be difficult to define.

            The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."

            N 1 Reply Last reply Reply Quote 0
            • N
              nanda @patient0
              last edited by

              @patient0 @stephenw10

              "The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."

              Indeed, we deployed pfSense in Microsoft Azure through the official Azure marketplace. The above statement on replacing the old instance with the new instance may lead to problems with the operational costs. pfSense firewall instance was deployed through Azure reservation. If we forgo the current instance, it will, perhaps, take away the reservation.

              Please provide a technical solution to solve the upgrade issue.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Hmm, OK try running: pfSense-repoc

                Make sure that returns cleanly. Then try saving the branch again.

                You should be able to upgrade in Azure.

                N 1 Reply Last reply Reply Quote 0
                • N
                  nanda @stephenw10
                  last edited by

                  @stephenw10

                  I executed the command pfSense-repoc and it did not return any message. So I assume that it was a clean execution (see Figure 1), then saved the branch again (Figure 2). The result was the same (see Figure 3).

                  7ac1fe0c-e4cf-4dab-9c9d-af8bab668fcb-image.png
                  Figure 1: pfSense-repoc execution

                  12bbba58-e129-416b-a5ee-5d8d9390866f-image.png
                  Figure 2: Save the branch again

                  732c092b-541a-493d-b503-1ec8a409e70e-image.png
                  Figure 3: Trying after the above steps

                  Verified again via pkg-static -d update command, but the result still points to 23.09.1 repo.

                  $ pkg-static -d update
DBG(1)[18723]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[18723]> PkgRepo: verifying update for pfSense-core
DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf
DBG(1)[18723]> curl_open
DBG(1)[18723]> Fetch: fetcher used: pkg+https
DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf

DBG(1)[18723]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
*   Trying 208.123.73.209:443...
* Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
*  start date: Mar 15 20:23:37 2022 GMT
*  expire date: Feb 19 20:23:37 2122 GMT
*  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1
Host: pfsense-plus-pkg01.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: < Server: nginx
< Date: Mon, 17 Mar 2025 18:50:51 GMT
< Content-Type: application/octet-stream
< Content-Length: 163
< Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT
< Connection: keep-alive
< ETag: "6570ff06-a3"
< Accept-Ranges: bytes
<
* The requested document is not new enough
* Simulate an HTTP 304 response
* Closing connection

DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg
DBG(1)[18723]> curl_open
DBG(1)[18723]> Fetch: fetcher used: pkg+https
DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg

DBG(1)[18723]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
* Hostname pfsense-plus-pkg01.atx.netgate.com was found in DNS cache
*   Trying 208.123.73.209:443...
* Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
*  start date: Mar 15 20:23:37 2022 GMT
*  expire date: Feb 19 20:23:37 2122 GMT
*  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg01.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Mon, 17 Mar 2025 18:50:51 GMT
< Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT
< Connection: keep-alive
< ETag: "6570ff07-628"
<
* Connection #1 to host pfsense-plus-pkg01.atx.netgate.com left intact
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[18723]> PkgRepo: verifying update for pfSense
DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf
DBG(1)[18723]> curl_open
DBG(1)[18723]> Fetch: fetcher used: pkg+https
DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf

DBG(1)[18723]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
*   Trying 208.123.73.209:443...
* Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443
* ALPN: curl offers http/1.1
*  CAfile: /etc/ssl/netgate-ca.pem
*  CApath: /etc/ssl/certs/
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com
*  start date: Mar 15 20:23:37 2022 GMT
*  expire date: Feb 19 20:23:37 2122 GMT
*  common name: pfsense-plus-pkg01.atx.netgate.com (matched)
*  issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA
*  SSL certificate verify ok.
* using HTTP/1.1
> GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1
Host: pfsense-plus-pkg01.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Mon, 17 Mar 2025 18:50:52 GMT
< Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
< Connection: keep-alive
< ETag: "67813b81-b2"
<
* Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
DBG(1)[18723]> curl_open
DBG(1)[18723]> Fetch: fetcher used: pkg+https
DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg

DBG(1)[18723]> CURL> attempting to fetch from , left retry 3

* Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults
* Found bundle for host: 0x398516efec20 [serially]
* Re-using existing connection with host pfsense-plus-pkg01.atx.netgate.com
> GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1
Host: pfsense-plus-pkg01.atx.netgate.com
User-Agent: pkg/1.20.8
Accept: */*
If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT

< HTTP/1.1 304 Not Modified
< Server: nginx
< Date: Mon, 17 Mar 2025 18:50:52 GMT
< Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT
< Connection: keep-alive
< ETag: "67813b81-30264"
<
* Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact
pfSense repository is up to date.
All repositories are up to date.

                  Tried rebooting and then the system update, but the webpage still returning "Up to date" message.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Hmm, odd. Try running: pfSense-repoc -DJ

                    That should show you what info is being sent and which branches are being pushed back. Obviously don't post that output here.

                    N 1 Reply Last reply Reply Quote 0
                    • N
                      nanda @stephenw10
                      last edited by

                      @stephenw10

                      In the post data repo section, I can see three repos: 24.11, 24.03, 23.09.1. The 23.09.1 has the default field set to yes; other repo sections do not have this field.

                      Would you tell me, how to deduce/solve the problem with the command response?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Ok try running: ls -ls /usr/local/etc/pkg/repos

                        That should show a symlink for pfSense.conf that points to the selected repo like:

                        24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: ls -ls /usr/local/etc/pkg/repos
total 1
1 -rw-r--r--  1 root wheel 25 Apr 19  2024 FreeBSD.conf
1 lrwxr-xr-x  1 root wheel 55 Mar 18 12:49 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf

                        When you change the update branch in the webgui that symlink should be updated.

                        Then if you check that repo it should be 24.11 like:

                        [24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: cat /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf
FreeBSD: { enabled: no }

pfSense-core: {
    url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-core",
    mirror_type: "srv",
    signature_type: "fingerprints",
    fingerprints: "/usr/local/share/pfSense/keys/pkg",
    enabled: yes
}

pfSense: {
    url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11",
    mirror_type: "srv",
    signature_type: "fingerprints",
    fingerprints: "/usr/local/share/pfSense/keys/pkg",
    enabled: yes
}

                        I'm guessing your install is not showing that for some reason.

                        N 1 Reply Last reply Reply Quote 0
                        • N
                          nanda @stephenw10
                          last edited by

                          @stephenw10

                          Your guess is true, symlink did not change to the selected repo when the update branch changed in the GUI. It stays with 23.09.1.

                          $ ls -ls /usr/local/etc/pkg/repos
total 4
4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
0 lrwxr-xr-x  1 root wheel 62 Mar 18 16:45 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf

                          pfSense-repo-23_09_1_rel.conf has urls for 23.09.1 in pfsense-core and pfsense section.

                          "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core"
"pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1"

                          Is there any command that can be executed via the terminal to change the repo?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Yes you can try manually creating the symlink. What conf files do you have in /usr/local/etc/pfSense/pkg/repos ?

                            N 1 Reply Last reply Reply Quote 0
                            • N
                              nanda @stephenw10
                              last edited by

                              @stephenw10

                              The repos directory has three config files for 23.09.1, 24.03 and 24.11

                              -rw-r--r--  1 root wheel 512 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
-rw-r--r--  1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf
-rw-r--r--  1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                OK first try running: pfSense-repo-setup then re-check.

                                N 1 Reply Last reply Reply Quote 0
                                • N
                                  nanda @stephenw10
                                  last edited by nanda

                                  @stephenw10

                                  pfSense-repo-setup command did not return any message, so it should be a clean execution.

                                  [23.09.1-RELEASE][...]/root: pfSense-repo-setup
[23.09.1-RELEASE][...]/root: ls -l /usr/local/etc/pfSense/pkg/repos/*.conf
-rw-r--r--  1 root wheel 512 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
-rw-r--r--  1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf
-rw-r--r--  1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf

                                  After saving the 24.11 update branch in the system update via GUI, symlink still stays with 23.09.1

                                  [23.09.1-RELEASE][...]/root: ls -ls/usr/local/etc/pfkg/repos
total 4
4 -rw-r--r--  1 root wheel 26 Dec  6  2023 FreeBSD.conf
0 lrwxr-xr-x  1 root wheel 62 Mar 18 19:24 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
[23.09.1-RELEASE][...]/root:
                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.