Upgrade to 2.1.3


  • Netgate Administrator

    There has been a change in the upnp behaviour:
    @https://doc.pfsense.org/index.php/2.1.3_New_Features_and_Changes:

    Make miniupnpd listen on interface instead of IP

    Perhaps you simply need to configure it slightly differently.

    Steve



  • Mine did not come up after upgrade attempt (from 2.1.2 -> 2.1.3)
    He is 64bit on esxi 5.1.
    said "Unable to load kernel"
    in /boot/loader.conf:
    autoboot_delay="3"
    vm.kmem_size="435544320"
    vm.kmem_size_max="535544320"
    kern.ipc.nmbclusters="0"
    kern.hz=100
    vmblock_load="YES"
    vmmemct_load="YES"
    vmhgfs_load="YES"
    vmxnet_load="YES"
    legal.intel_ipw.license_ack="1"
    hw.usb.no_pf="1"

    file /boot.config is empty

    directory /kernels has two files
    kernel_wrap.gz - 8771122
    kernel_SMP.gz - 10426403

    Can someone point me to the right direction?



  • @stephenw10:

    Perhaps you simply need to configure it slightly differently.

    The configuration options haven't changed and the interfaces are set correctly.



  • If I edit the miniupnpd.conf manually and set listening_ip=10.1.16.1/20 (like it would be configured in previous versions) then it works correctly. If I change it back to listening_ip=em0_vlan2 then it is broken. Looking at ifconfig, everything for em0_vlan2 is correct. The devices are all on the same vlan and subnet.

    Watching traffic over the network, I can see the SSDP request being broadcast by the device but pfSense never responds.



  • Just adding my voice in here…

    I saw that the upgrade was available - and because 2.1.1 --> 2.1.2 was painless and problem free, I didn't think twice to just kick off the upgrade....

    It completely fubar'd my firewall :(

    (I'm using the 32-bit version)

    I rebooted and the firewall couldn't find a kernel - looked in the relevant folders and no kernels were there. Nothing.

    I looked at the upgrade logfile and there were a raft of errors in there - so my simplistic view is that the upgrade downloaded ok, passed any verifications, but then the upgrade / installation process just ploughed the system.

    I don't have any specific details / logfiles to list here as I just needed to get the firewall back up & running, so I had a clean install of 2.1 lying around and that's what I'm running now, until I can get a clean install of 2.1.3 planned in later this week.

    Anyway... just thought I'd put my story of pain in here, so that others are ready and know how to recover their systems (backup config!!)


  • Netgate Administrator

    Just for information, what hardware is that on? Which install type?

    Steve



  • This was a 32-bit memstick install on a Neoware CA10 Thin Client, 1GB RAM, 3GB Flash storage

    From memory, I think this was a clean 2.1(.0) install, then upgraded to each new release as it came out.

    Once I've finished my Bank Holiday weekend, then I'll spend some more time looking at this - might even try another upgrade to see if it's reproducible so that we can make these upgrades less fearsome :)

    Put it this way - my home firewall upgrade going wrong is one thing (OMG, no Facebook! ;)), but the 3x pfSense installs at work will NOT be done remotely (although they have significantly better hardware)


  • Netgate Administrator

    So a full install onto flash?
    Any packages? Any swap usage?

    Steve



  • @swinn:

    Anyone having issues with UPnP Port Mapping working? NAT-PMP seems to work but since upgrading to 2.1.3, the XBOXs are not opening ports using UPnP. Reverting back to 2.1.2 fixes it.

    Yep. Confirmed.

    After update to .13 UPnP on multiple machines fails to operate correctly.



  • @stephenw10:

    So a full install onto flash?
    Any packages? Any swap usage?

    Steve

    I have these packages installed:

    • Lightsquid

    • routed

    • Sarg

    • squid

    • squidGuard

    As for swap usage… no idea.
    The 2.1 that I'm currently running is 0%, but that's not to say that the 2.1.2 was the same... but something I'll have a look at if I do the upgrade again.



  • Janek, the same happened to me…

    My system didn't boot after the upgrade: The folder /boot/kernel was empty.

    I found the reason: If you tick "make full backup" in the update dialog, the whole system will be tared into one file in /root. This file can easily eat up all space of your root-partition... As a result, the update goes terribly wrong, leaving a crippled system.
    I then tried to recreate the system using the said backup file, but "funny" enough, while booting up, some self destruction took place (like rm -rf /) and the disk was more or less empty (those file with  schg-flag set still existed).
    Finally I had to reinstall the system.

    May I suggest that the full-backup feature checks for space?

    Regards,
    -Urs



  • @Starko:

    I would say about 4-5 years. No packages as far as I know.

    I swapped the card. Did a full restore and everything works fine again.


  • Netgate Administrator

    @TMonster:

    I have these packages installed:

    • squid

    • squidGuard

    As for swap usage… no idea.

    Do you have caching disabled in Squid? If not the Squid will be writing to your flash boot device continuously. Worse Squid will probably use your 1GB of RAM and start  swapping to the flash unless you've taken steps to prevent it. That will burn through the write cycles on the flash in short order, especially if it's cheap flash. You may well have damage on the flash that has caused this.

    Steve



  • After upgrading from 2.1.2 to 2.1.3, I lost installed packages (SNORT & OpenVPN Client Export).  I am running 2.1.3 Nano-VGA-4GB (With RAM Disks).  I needed to update both of the packages anyway, but was NOT what I expected from upgrade.  :(

    Ash,



  • I can't seem to download the 512mb upgrade… Is the 512mb nanobsd upgrade discontinued from 2.1.3 onward? :(



  • …I see the 512MB image for fresh install as well as upgrade in the pfsense.org mirror selection...



  • Yeah, when I try to download it, it's missing = 404 Not Found…



  • @stephenw10:

    Do you have caching disabled in Squid?

    No. Using ~1GB for cache

    @stephenw10:

    If not the Squid will be writing to your flash boot device continuously.

    Hmmm… OK, using:

    top -m io
    

    I get:

      PID USERNAME   VCSW  IVCSW   READ  WRITE  FAULT  TOTAL PERCENT COMMAND
    90995 proxy         4      0      0      0      0      0   0.00% squid
    
    

    Which looks like squid's hardly doing much (this is a home office firewall)

    @stephenw10:

    Worse Squid will probably use your 1GB of RAM and start  swapping to the flash unless you've taken steps to prevent it.

    OK, back to top, I get:

      PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
    90995 proxy       1  44    0   154M   149M kqread   7:28  0.00% squid
    
    

    So, it's not eating too much RAM.

    @stephenw10:

    That will burn through the write cycles on the flash in short order, especially if it's cheap flash. You may well have damage on the flash that has caused this.

    Wouldn't the installation continue as normal though, with any bad sectors being caught by the underlying disk controller - just like a mechanical drive having bad sectors?

    It's not like 1 or 2 files were corrupt and a quick fsck would fix it… I'm talking about /boot/kernel being completely empty here. From memory, only /boot/kernel/pfsense_kernel.txt existed... no .ko files, no kernel.gz, nothing.

    I understand your caution over squid's cache on flash memory, but I can't see how that would cause the problem I'm describing.


  • Netgate Administrator

    Ok. I was perhaps being a bit alarmist there. You seem to have a good grip on what's actually happening. I was just concerned that you might have been running Squid without understanding the possible consequences.
    I agree that a few bad sectors is unlikely to have caused your problem. I wouldn't personally rely on the flash controller to save me in that situation though.

    Steve



  • has anyone notice that this upgrade changes the 'Firewall Optimization Options' to 'conservative' ?? wtf?



  • @genic:

    has anyone notice that this upgrade changes the 'Firewall Optimization Options' to 'conservative' ?? wtf?

    No, because it doesn't. No upgrade has ever touched that config option.



  • Using Pc engines APU1C with latest bios

    Pfsense 2.1.2 x64 full install edition on a 20 GB USB 5400 rpm spinning HDD

    My boss ran the install script from webgui over the weekend to 2.1.3 and now it cannot find it's kernel.

    Running squid, lightsquid  and openvpn
    Thank god he didn't try it on the other one, 5 hours drive away in Toronto…  :-[

    Any idea when the gold stars are going to be added to the forum?

    ** Edit

    This was caused by not enough space. The pfsense partition I'm using is just over 4 GB since it was originally dd'd from a SD card. I restored to a HDD image from last week and then I deleted the squid cache tree ( rm -rfv /var/squid/cache/* )

    Then I invoking the upgrade script and it completed without issue.


Log in to reply