Unable to upgrate 23.09.1 to 24.11
-
Hi
I have been maintaining three firewalls and trying to upgrade one pfSense firewall from 23.09.1 to 24.11, but failed. The problems are elaborated below.
a) Infeasible update via GUI
When I check the main screen, it shows 24.11 is available (see Fig 1).
Figure 1: Pfsense main screen with update availability information.A confirmation button for the upgrade process initiation should appear after changing the branch to 24.11 in the system update page, but the status remains 'Up to date' (see Figure 2).
Figure 2: System update page with 'Up to date' statusb) via option 13.
I tried to update via terminal through option 13, but the version remains the same, and the GUI status is also the same (see Fig 3).
Figure 3: Option 13 execution via terminalc) via Commands
I have read similar posts on upgrade issues and tried certctl rehash before pkg-static -d update. I do not see any errors but I can see 304 status in the command output (see the below output).
$ pkg-static -d update DBG(1)[39150]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[39150]> PkgRepo: verifying update for pfSense-core DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[39150]> curl_open DBG(1)[39150]> Fetch: fetcher used: pkg+https DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[39150]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.207:443... * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com * start date: Mar 15 20:23:11 2022 GMT * expire date: Feb 19 20:23:11 2122 GMT * common name: pfsense-plus-pkg00.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT < HTTP/1.1 200 OK Fetching meta.conf: < Server: nginx < Date: Sun, 16 Mar 2025 08:49:48 GMT < Content-Type: application/octet-stream < Content-Length: 163 < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT < Connection: keep-alive < ETag: "6570ff06-a3" < Accept-Ranges: bytes < * The requested document is not new enough * Simulate an HTTP 304 response * Closing connection DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg DBG(1)[39150]> curl_open DBG(1)[39150]> Fetch: fetcher used: pkg+https DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg DBG(1)[39150]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache * Trying 208.123.73.207:443... * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com * start date: Mar 15 20:23:11 2022 GMT * expire date: Feb 19 20:23:11 2122 GMT * common name: pfsense-plus-pkg00.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Sun, 16 Mar 2025 08:49:49 GMT < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT < Connection: keep-alive < ETag: "6570ff07-628" < * Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact pfSense-core repository is up to date. Updating pfSense repository catalogue... DBG(1)[39150]> PkgRepo: verifying update for pfSense DBG(1)[39150]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf DBG(1)[39150]> curl_open DBG(1)[39150]> Fetch: fetcher used: pkg+https DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf DBG(1)[39150]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.207:443... * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com * start date: Mar 15 20:23:11 2022 GMT * expire date: Feb 19 20:23:11 2122 GMT * common name: pfsense-plus-pkg00.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Sun, 16 Mar 2025 08:49:49 GMT < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT < Connection: keep-alive < ETag: "67813b81-b2" < * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg DBG(1)[39150]> curl_open DBG(1)[39150]> Fetch: fetcher used: pkg+https DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg DBG(1)[39150]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Found bundle for host: 0x3c78bb8fec20 [serially] * Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Sun, 16 Mar 2025 08:49:49 GMT < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT < Connection: keep-alive < ETag: "67813b81-30264" < * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact pfSense repository is up to date. All repositories are up to date.
Am I doing anything wrong here?
Any help on this is highly appreciated. -
@nanda said in Unable to upgrate 23.09.1 to 24.11:
DBG(1)[39150]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg
DBG(1)[39150]> curl_open
DBG(1)[39150]> Fetch: fetcher used: pkg+https
DBG(1)[39150]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkgYou can see there it's still checking against the 23.09.1 repo.
Try going to Sys > Update > Update Settings and resave the branch as 24.11.
-
I did as you suggested, but the result is the same.
Figure 1: Changing update settingsa) via GUI
Figure 2: Trying to update after new settingsb) via Command
pkg-static -d update command output.$ pkg-static -d update DBG(1)[96662]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[96662]> PkgRepo: verifying update for pfSense-core DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[96662]> curl_open DBG(1)[96662]> Fetch: fetcher used: pkg+https DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[96662]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.207:443... * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com * start date: Mar 15 20:23:11 2022 GMT * expire date: Feb 19 20:23:11 2122 GMT * common name: pfsense-plus-pkg00.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT < HTTP/1.1 200 OK Fetching meta.conf: < Server: nginx < Date: Mon, 17 Mar 2025 06:16:07 GMT < Content-Type: application/octet-stream < Content-Length: 163 < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT < Connection: keep-alive < ETag: "6570ff06-a3" < Accept-Ranges: bytes < * The requested document is not new enough * Simulate an HTTP 304 response * Closing connection DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg DBG(1)[96662]> curl_open DBG(1)[96662]> Fetch: fetcher used: pkg+https DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg DBG(1)[96662]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache * Trying 208.123.73.207:443... * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com * start date: Mar 15 20:23:11 2022 GMT * expire date: Feb 19 20:23:11 2122 GMT * common name: pfsense-plus-pkg00.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Mon, 17 Mar 2025 06:16:08 GMT < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT < Connection: keep-alive < ETag: "6570ff07-628" < * Connection #1 to host pfsense-plus-pkg00.atx.netgate.com left intact pfSense-core repository is up to date. Updating pfSense repository catalogue... DBG(1)[96662]> PkgRepo: verifying update for pfSense DBG(1)[96662]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf DBG(1)[96662]> curl_open DBG(1)[96662]> Fetch: fetcher used: pkg+https DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf DBG(1)[96662]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.207:443... * Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg00.atx.netgate.com * start date: Mar 15 20:23:11 2022 GMT * expire date: Feb 19 20:23:11 2122 GMT * common name: pfsense-plus-pkg00.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Mon, 17 Mar 2025 06:16:08 GMT < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT < Connection: keep-alive < ETag: "67813b81-b2" < * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact DBG(1)[96662]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg DBG(1)[96662]> curl_open DBG(1)[96662]> Fetch: fetcher used: pkg+https DBG(1)[96662]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg DBG(1)[96662]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Found bundle for host: 0x21bd3a2fec20 [serially] * Re-using existing connection with host pfsense-plus-pkg00.atx.netgate.com > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1 Host: pfsense-plus-pkg00.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Mon, 17 Mar 2025 06:16:08 GMT < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT < Connection: keep-alive < ETag: "67813b81-30264" < * Connection #0 to host pfsense-plus-pkg00.atx.netgate.com left intact pfSense repository is up to date. All repositories are up to date.
-
@stephenw10 is the update procedure different in the Azure cloud? I guess it's running there since in the first screenshot there is a line
"Microsoft Azure - Netgate Device ID: ...."
Addition: The pfSense+ docu states under "Does the appliance support a live update of the software?":
"This may be possible, but it is currently untested and unsupported. Since a real system console is not available, a definitive recovery process for failures during upgrades would be difficult to define.
The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."
-
"The currently recommended process for upgrades is to backup the pfSense Plus software configuration from the existing instance and restore it on a new instance when an upgrade is available."
Indeed, we deployed pfSense in Microsoft Azure through the official Azure marketplace. The above statement on replacing the old instance with the new instance may lead to problems with the operational costs. pfSense firewall instance was deployed through Azure reservation. If we forgo the current instance, it will, perhaps, take away the reservation.
Please provide a technical solution to solve the upgrade issue.
-
Hmm, OK try running:
pfSense-repoc
Make sure that returns cleanly. Then try saving the branch again.
You should be able to upgrade in Azure.
-
I executed the command pfSense-repoc and it did not return any message. So I assume that it was a clean execution (see Figure 1), then saved the branch again (Figure 2). The result was the same (see Figure 3).
Figure 1: pfSense-repoc execution
Figure 2: Save the branch again
Figure 3: Trying after the above stepsVerified again via pkg-static -d update command, but the result still points to 23.09.1 repo.
$ pkg-static -d update DBG(1)[18723]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[18723]> PkgRepo: verifying update for pfSense-core DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[18723]> curl_open DBG(1)[18723]> Fetch: fetcher used: pkg+https DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/meta.conf DBG(1)[18723]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.209:443... * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com * start date: Mar 15 20:23:37 2022 GMT * expire date: Feb 19 20:23:37 2122 GMT * common name: pfsense-plus-pkg01.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-core/meta.conf HTTP/1.1 Host: pfsense-plus-pkg01.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT < HTTP/1.1 200 OK Fetching meta.conf: < Server: nginx < Date: Mon, 17 Mar 2025 18:50:51 GMT < Content-Type: application/octet-stream < Content-Length: 163 < Last-Modified: Wed, 06 Dec 2023 23:08:54 GMT < Connection: keep-alive < ETag: "6570ff06-a3" < Accept-Ranges: bytes < * The requested document is not new enough * Simulate an HTTP 304 response * Closing connection DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg DBG(1)[18723]> curl_open DBG(1)[18723]> Fetch: fetcher used: pkg+https DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core/packagesite.pkg DBG(1)[18723]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults * Hostname pfsense-plus-pkg01.atx.netgate.com was found in DNS cache * Trying 208.123.73.209:443... * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com * start date: Mar 15 20:23:37 2022 GMT * expire date: Feb 19 20:23:37 2122 GMT * common name: pfsense-plus-pkg01.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-core/packagesite.pkg HTTP/1.1 Host: pfsense-plus-pkg01.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Wed, 06 Dec 2023 23:08:55 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Mon, 17 Mar 2025 18:50:51 GMT < Last-Modified: Wed, 06 Dec 2023 23:08:55 GMT < Connection: keep-alive < ETag: "6570ff07-628" < * Connection #1 to host pfsense-plus-pkg01.atx.netgate.com left intact pfSense-core repository is up to date. Updating pfSense repository catalogue... DBG(1)[18723]> PkgRepo: verifying update for pfSense DBG(1)[18723]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf DBG(1)[18723]> curl_open DBG(1)[18723]> Fetch: fetcher used: pkg+https DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf DBG(1)[18723]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.209:443... * Connected to pfsense-plus-pkg01.atx.netgate.com (208.123.73.209) port 443 * ALPN: curl offers http/1.1 * CAfile: /etc/ssl/netgate-ca.pem * CApath: /etc/ssl/certs/ * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=pfSense Plus; CN=pfsense-plus-pkg01.atx.netgate.com * start date: Mar 15 20:23:37 2022 GMT * expire date: Feb 19 20:23:37 2122 GMT * common name: pfsense-plus-pkg01.atx.netgate.com (matched) * issuer: C=US; ST=Texas; L=Austin; O=Rubicon Communications, LLC (Netgate); OU=Netgate CA; CN=Netgate CA * SSL certificate verify ok. * using HTTP/1.1 > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/meta.conf HTTP/1.1 Host: pfsense-plus-pkg01.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Mon, 17 Mar 2025 18:50:52 GMT < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT < Connection: keep-alive < ETag: "67813b81-b2" < * Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact DBG(1)[18723]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg DBG(1)[18723]> curl_open DBG(1)[18723]> Fetch: fetcher used: pkg+https DBG(1)[18723]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg DBG(1)[18723]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg01.atx.netgate.com in the .netrc file; using defaults * Found bundle for host: 0x398516efec20 [serially] * Re-using existing connection with host pfsense-plus-pkg01.atx.netgate.com > GET /pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1/packagesite.pkg HTTP/1.1 Host: pfsense-plus-pkg01.atx.netgate.com User-Agent: pkg/1.20.8 Accept: */* If-Modified-Since: Fri, 10 Jan 2025 15:23:45 GMT < HTTP/1.1 304 Not Modified < Server: nginx < Date: Mon, 17 Mar 2025 18:50:52 GMT < Last-Modified: Fri, 10 Jan 2025 15:23:45 GMT < Connection: keep-alive < ETag: "67813b81-30264" < * Connection #0 to host pfsense-plus-pkg01.atx.netgate.com left intact pfSense repository is up to date. All repositories are up to date.
Tried rebooting and then the system update, but the webpage still returning "Up to date" message.
-
Hmm, odd. Try running:
pfSense-repoc -DJ
That should show you what info is being sent and which branches are being pushed back. Obviously don't post that output here.
-
In the post data repo section, I can see three repos: 24.11, 24.03, 23.09.1. The 23.09.1 has the default field set to yes; other repo sections do not have this field.
Would you tell me, how to deduce/solve the problem with the command response?
-
Ok try running:
ls -ls /usr/local/etc/pkg/repos
That should show a symlink for pfSense.conf that points to the selected repo like:
24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: ls -ls /usr/local/etc/pkg/repos total 1 1 -rw-r--r-- 1 root wheel 25 Apr 19 2024 FreeBSD.conf 1 lrwxr-xr-x 1 root wheel 55 Mar 18 12:49 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf
When you change the update branch in the webgui that symlink should be updated.
Then if you check that repo it should be 24.11 like:
[24.03-RELEASE][admin@plusdev-4.stevew.lan]/root: cat /usr/local/etc/pfSense/pkg/repos/pfSense-repo-0003.conf FreeBSD: { enabled: no } pfSense-core: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-core", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes } pfSense: { url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/pfSense/keys/pkg", enabled: yes }
I'm guessing your install is not showing that for some reason.
-
Your guess is true, symlink did not change to the selected repo when the update branch changed in the GUI. It stays with 23.09.1.
$ ls -ls /usr/local/etc/pkg/repos total 4 4 -rw-r--r-- 1 root wheel 26 Dec 6 2023 FreeBSD.conf 0 lrwxr-xr-x 1 root wheel 62 Mar 18 16:45 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf
pfSense-repo-23_09_1_rel.conf has urls for 23.09.1 in pfsense-core and pfsense section.
"pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-core" "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_1_amd64-pfSense_plus_v23_09_1"
Is there any command that can be executed via the terminal to change the repo?
-
Yes you can try manually creating the symlink. What conf files do you have in
/usr/local/etc/pfSense/pkg/repos
? -
The repos directory has three config files for 23.09.1, 24.03 and 24.11
-rw-r--r-- 1 root wheel 512 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf -rw-r--r-- 1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf -rw-r--r-- 1 root wheel 506 Mar 18 16:45 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
-
OK first try running:
pfSense-repo-setup
then re-check. -
pfSense-repo-setup command did not return any message, so it should be a clean execution.
[23.09.1-RELEASE][...]/root: pfSense-repo-setup [23.09.1-RELEASE][...]/root: ls -l /usr/local/etc/pfSense/pkg/repos/*.conf -rw-r--r-- 1 root wheel 512 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf -rw-r--r-- 1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_03-rel.conf -rw-r--r-- 1 root wheel 506 Mar 18 19:22 /usr/local/etc/pfSense/pkg/repos/pfSense-repo-24_11.conf
After saving the 24.11 update branch in the system update via GUI, symlink still stays with 23.09.1
[23.09.1-RELEASE][...]/root: ls -ls/usr/local/etc/pfkg/repos total 4 4 -rw-r--r-- 1 root wheel 26 Dec 6 2023 FreeBSD.conf 0 lrwxr-xr-x 1 root wheel 62 Mar 18 19:24 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-23_09_1_rel.conf [23.09.1-RELEASE][...]/root: