2.2 upgrade process



  • The 2.2 upgrade process [from a previous version (be it 2.1.5 or 2.2 RC) with packages loaded] needs work.

    My first upgrade from 2.1.5 with snort, dans, squic, pf .. was a total failure. The entire configuration was hidden in the background somewhere with no GUI access. Packages failed to reinstall and I could not even to a factory reset on it. In the end all I could was do a fresh install and configure everything manually.

    My second upgrade from a 1/15 RC to the latest 1/16 RC was not smooth either. The 1/15 RC was fully configured with snort, dans, squid, pf and was working smoothly. After the upgrade to the latest RC, performance of the system went down south. Even after clearing my cache multiple times and changing DNS didn't help. The system barely responded and pages started to load at a snail's pace.

    Had enough of that as kids started screaming since they were unable to do their work online and play games. So I switched back to 2.1.5.

    Lastly, I have posted multiple times on the lack of support for dansguardian pbi package since 2.1.x. days. Dans needs manual changes to make it work on 2.1.x especially with clamd as it failed to create the necessary clamd.conf and clamd.sock files along with the right permissions. Also the "web upload" fix needs a manual change to an earlier version from a user's personal respository. Dansguardian works on the latest RC but it still has the "web upload" issue. If someone can please fix the pbi for 2.2RC, I will help in testing.

    If e2guardian is the new package, I have yet to see even a single post on its development. I do not want SquidGuard has it not as configurable and effective as Dansguardian.



  • I have a fairly well built-up config and I'm pretty sure it's not going to go well either.  I'm in a virtual environment so I have the luxury of taking a snapshot before I make any changes.  I suspect that I will end up building it up again from scratch until I can flip from 2.1.5 to 2.2.



  • At the present state of the build it's not worth doing an in-place upgrade from 2.1.5 to 2.2 .. Upgrade from 2.0.x to 2.1 was well designed… but its not the same for 2.2.

    If you are in VM environment.. just shut down the VM and take it offline. Best is to load 2.2 from scratch and not update the snapshots either. I will hang on for the final release before touching 2.2 now. For me it's not worth the effort as one critical package (dans) is not fully working on it. Also icap in Squid v3 is a bit unstable. It threw a few errors despite the commands hashed out in the config. Had to manually delete them to make it work. It still threw ICPAP Protocol errors a few times which were kinda fixed with reboots. Overall Squid v3 on 2.2 still has quiet a few bugs that haven't been fixed... for example the buggy transparent mode.. sometimes it works, sometimes it just doesn't.


  • Banned

    @Asterix:

    At the present state of the build it's not worth doing an in-place upgrade from 2.1.5 to 2.2 .. Upgrade from 2.0.x to 2.1 was well designed… but its not the same for 2.2.

    -1. It works very much fine for people who don't pile heaps of intrusive junk on their firewall.



  • @doktornotor:

    @Asterix:

    At the present state of the build it's not worth doing an in-place upgrade from 2.1.5 to 2.2 .. Upgrade from 2.0.x to 2.1 was well designed… but its not the same for 2.2.

    -1. It works very much fine for people who don't pile heaps of intrusive junk on their firewall.

    If you call Snort, Squid and Dans as junk then I am not sure why are you even using pfSense in the first place. For simple NAT firewall the basic Linksys and Netgear routers have similar functions and security.



  • If you are in VM environment.. just shut down the VM and take it offline.

    Yeah, I can't really do that.  I can't take down our main firewall router.  I basically have to build the 2.2 box back up in parallel, then I have to assume all of the virtual IPs that my 2.1.5 box has and also change the LAN IP during a short maintenance window.

    I know for a fact that I have cruft on the system that I would like to clean out.  For instance, my System log still talks about pfblocker which I uninstalled and haven't used for almost a year now.


  • Moderator

    @KOM:

    For instance, my System log still talks about pfblocker which I uninstalled and haven't used for almost a year now.

    What are you seeing in the log? Maybe I can help clear it out for you?



  • Stuff like:

    php: rc.update_urltables: /etc/rc.update_urltables: pfBlockerSpamhausDrop does not need updating.


  • Moderator

    @KOM:

    Stuff like:

    php: rc.update_urltables: /etc/rc.update_urltables: pfBlockerSpamhausDrop does not need updating.

    Take a look at pfsense Firewall:Aliases:URLS

    and remove any pfBlocker Alias URLS. For these to delete, there can't be any Rules in the Firewall Interfaces linked to them.

    You can also delete any files related to pfBlocker in /var/db/aliastables

    rm /var/db/aliastables/pfBlocker*

    Hope that clears it out?



  • I didn't know that was in there.  Thank you.


Log in to reply