pfSense CEをアップデートした記録 2.5.2→2.6.0
アップデート内容確認
pfSense CE 2.5.2からpfSense CE 2.6.0にアップデートします
変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html
Security
This release includes corrections for the following vulnerabilities in pfSense software:
pfSense-SA-22_01.webgui (File overwrite in services_ntpd_gps.php, #12191)
pfSense-SA-22_02.webgui (Potential vulnerabilities with route collection on diag_routes.php , #12257)
pfSense-SA-22_03.webgui (Potential vulnerabilities in OpenVPN form validation, #12677)
pfSense-SA-22_04.webgui (XSS in pkg.php, #12725)
Errata
There is a patch available to improve NAT behavior for UPnP and multiple game consoles or clients playing the same game but the fix was discovered too late for it to be included in 22.01/2.6.0. For additional details and instructions on how to apply the patch, see Redmine issue #7727 note #74 and #75, the Github commit, and the forum thread for testing feedback.
General
This release contains several significant changes to IPsec for stability and performance. Read the IPsec section of this document carefully.
Warning
IPsec VTI interface names have changed in this release. Configurations will be updated automatically where possible to use the new names.
Check the interface names of assigned VTI instances under Interfaces > Assignments to ensure they are correct after the upgrade completes.
If any third party software configurations or other manual changes referenced the old IPsec VTI interface names directly (e.g. ipsecNNNN) they must be updated to the new format.
ZFS is now the default filesystem for new installations of pfSense Plus and pfSense CE software on all platforms which support booting from ZFS.
It is not possible to change from UFS to ZFS in place, a reinstallation of pfSense Plus or CE is required to migrate from UFS use ZFS.
The ZFS pool name and datasets have also been updated and optimized. Users who were already using ZFS may want to reinstall as well to ensure they have the most optimal disk layout.
pfSense Plus software has a new ZFS dashboard widget to track the status of disks using ZFS.
Log Compression for rotation of System Logs is now disabled by default for new ZFS installations as ZFS performs its own compression.
Tip
The best practice is to disable Log Compression for rotation of System Logs manually for not only existing ZFS installations, but also for any system with slower CPUs. This setting can be changed under Status > System Logs on the Settings tab.
The default password hash format in the User Manager has been changed from bcrypt to SHA-512. New users created in the User Manager will have their password stored as a SHA-512 hash. Existing user passwords will be changed to SHA-512 next time their password is changed.
Note
User Manager passwords are only stored as a hash, thus existing users cannot be automatically changed to the new format. To convert a user password from an older hash format, change the password for the user in the User Manager.
The firewall now bootstraps its clock at boot in multiple ways, one of which utilizes multiple NTP servers with static IP addresses from Google Public NTP. This avoids a chicken-and-egg problem where the firewall cannot resolve NTP servers because DNSSEC, which is enabled by default, cannot function when the clock is inaccurate. The firewall performs this sync once per boot before it starts the NTP daemon.
Note
This behavior can easily be changed or disabled. See Changing Clock Bootstrap Behavior.
Several areas of the documentation have been rewritten and updated for these releases. Notably, the IPsec and OpenVPN sections have been updated significantly including all of the related configuration recipes.
pfSense Plus
PHP Interpreter
Fixed: PHP exits with signal 11 on SG-3100 when calling PCRE functions #11466
pfSense CE
Aliases / Tables
Fixed: Error loading rules when URL Table Ports content is empty #4893
Fixed: Mixed use of aliases in a port range produces unloadable ruleset #11818
Fixed: Unable to create nested URL aliases #11863
Fixed: Creating or editing aliases fails with multiple hosts separated by spaces #12124
Fixed: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message #12177
Authentication
Changed: Use SHA-512 for user password hashes #10298
Fixed: Deny SSH access for admin and root users when the admin GUI account is disabled #12346
Backup / Restore
Fixed: Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically #10662
Added: Backup and restore SSH host key(s) #11118
Fixed: Output from reboot process is printed on Backup & Restore page when restoring a configuration file #11909
Fixed: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page #11946
Added: AutoConfigBackup performance improvements #12193
Fixed: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load #12247
Changed: Explicitly state where AutoConfigBackup stores encrypted backup data #12296
Build / Release
Changed: Remove deprecated libzmq code and references #12060
CARP
Fixed: Cannot enter persistent CARP maintenance mode when CARP is disabled #11727
Fixed: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active #12202
Fixed: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs #12227
Fixed: rc.carpmaster only sends notifications via SMTP #12584
Captive Portal
Fixed: Vouchers may expire too early when using RAM disks #11894
Fixed: Incorrect variable substitution in captive portal error page #11902
Fixed: Clicking “logout” on portal page does not function when logout popup is disabled #12138
Fixed: Captive Portal database and ipfw rules are out of sync after unclean shutdown #12355
Fixed: Captive Portal input validation for “After authentication Redirection URL” and “Blocked MAC address redirect URL” is swapped #12388
Fixed: Captive Portal online user statistics data is not cleared on unclean shutdown #12455
Certificates
Fixed: Certificate Revocation tab does not list active users of CRL entries #11831
Fixed: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS #11922
Fixed: Certificate Manager performs redundant escaping of special characters in certificate DN fields #12034
Added: Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components #12035
Fixed: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding #12041
Console Menu
Fixed: Cannot configure WAN IP address with /32 CIDR mask via console menu #11581
Changed: Suppress kernel messages when loading dummynet and thermal sensor modules #12454
DHCP (IPv4)
Added: DHCPv4 client does not support supersede statement for option 54 #7416
Added: Support for UEFI HTTP Boot option in DHCPv4 Server #11659
Fixed: DHCPv4 server configuration does not include ARM TFTP filenames #11905
Fixed: ARM 32/64 network boot options are not parsed on Static DHCP Mapping page #12216
DHCP (IPv6)
Fixed: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces #12277
DHCP Relay
Fixed: PHP error if no DHCPv6 Relay interfaces are selected #11969
DNS Resolver
Fixed: Unbound crashes with signal 11 when reloading #11316
Fixed: Unbound fails to start if its configuration references a python script which does not exist #12274
Fixed: Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable #12460
Dashboard
Fixed: System Information widget unnecessarily polls data for hidden items #12241
Fixed: IPsec widget generates errors if no tunnels are defined #12337
Fixed: IPsec widget treats phase 1 in “connecting” state as connected #12347
Added: Disks dashboard widget to replace Disk Usage section of System Information widget #12349
Fixed: Thermal Sensors Dashboard widget filter for negative values refers to invalid variable #12470
Diagnostics
Fixed: State table content on diag_dump_states.php does not sort properly #11852
Changed: Hide “Reboot and run a filesystem check” for ZFS systems #11983
Fixed: “GoTo line #” function does not work on diag_edit.php #12050
Fixed: Sanitize WireGuard private and pre-shared keys in status output #12256
Added: Include firewall rules from packages which failed to load in status output #12269
Added: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output #12316
Fixed: ARP table interface column empty for entries on unassigned interfaces #12698
Dynamic DNS
Added: Option to set interval of forced Dynamic DNS updates #9092
Added: Support DNS Made Easy authentication without a username #9341
Fixed: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records #11816
Added: New Dynamic DNS Provider: Strato #11978
Fixed: Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day #12007
Fixed: NoIP.com incorrectly encodes Dynamic DNS update credentials #12021
Added: New Dynamic DNS Provider: deSEC #12086
Added: Support Check IP services which return bare IP address values #12194
Fixed: Yandex Dynamic DNS client does not set the PddToken value #12331
Added: Dynamic DNS client proxy support #12342
Fixed: Update Dynamic DNS code for one.com to use their new login process #12352
Fixed: Dynamic DNS updates do not respect certificate authority trust store #12589
Fixed: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address #12617
Fixed: Dynamic DNS may not use the correct interface when updating during failover #12631
FreeBSD
Fixed: Duplicate comconsole_port lines in /boot/loader.conf #11653
Changed: Upgrade to pkg 1.17.x #12171
Gateways
Added: Support DNS server gateway selection on system.php for multiple gateways not assigned to interfaces #12116
Fixed: Default IPv4 gateway may be set to IPv6 gateway value in certain cases #12282
Hardware / Drivers
Added: Support for network interfaces using the qlnxe driver #11750
High Availability
Fixed: Incorrect RADVD log message on HA event #11966
IGMP Proxy
Added: Support 0 CIDR mask for IGMP Proxy networks #7749
IPsec
Fixed: Disconnected IPsec phase 2 entries are not shown in IPsec status #6275
Fixed: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded #7801
Fixed: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes #11447
Fixed: Incorrect phase 2 entry removed when deleting multiple items consecutively #11552
Fixed: strongSwan configuration contains incorrect structure for mobile pool DNS records #11891
Fixed: IPsec status tunnel descriptions are incorrect #11910
Changed: PC/SC Smart Card Daemon pcscd running on all devices at all times, should be optional #11933
Fixed: IPsec status fails when many tunnels are connected #11951
Fixed: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point #11967
Fixed: Mobile IPsec NAT/BINAT entries missing from firewall rules #12023
Fixed: Applying IPsec settings for many tunnels is slow or times out #12026
Fixed: Gateway alarm always triggers IPsec restart #12039
Changed: Improve IPsec identifier settings #12044
Fixed: IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID #12052
Fixed: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries #12155
Added: IPsec keep alive option to initiate phase 2 without using ICMP #12169
Added: Add connect/disconnect buttons to IPsec dashboard widget #12181
Added: GUI options to configure IKE retransmission behavior #12184
Fixed: IPsec status shows connect buttons while tunnel is connecting #12189
Fixed: IPsec writes CRL files when tunnel does not use certificates #12195
Fixed: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available #12196
Fixed: Mobile IPsec phase 1 should not display “Gateway duplicates” option #12197
Fixed: Disabling an IPsec phase 1 entry does not disable related phase 2 entries #12198
Fixed: Disabled IPsec VTI interfaces are always created #12212
Fixed: IPsec bypass rules display help text under each entry #12236
Fixed: IPsec phase 1 entry with 0.0.0.0 as its remote gateway does not receive correct automatic firewall rules #12262
Changed: Update “IPsec Filter Mode” option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE) #12289
Fixed: IPsec manual initiation and termination should use a timeout value or forced actions #12298
Fixed: IPsec tunnels using a gateway group do not get reloaded in some cases #12315
Fixed: IPsec Phase 2 entry incorrectly orders proposals in AH mode #12323
Fixed: Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode #12324
Fixed: IPsec VTI interface remote endpoint is not resolved the correct way #12328
Fixed: Incorrect label for IPsec DH group 32 #12350
Added: Distinguish between policy-based and route-based entries on IPsec status SPD tab #12397
Fixed: Console boot output includes Configuring IPsec VTI interfaces when no VTI interfaces are configured #12419
Changed: Add IPsec phase 2 BINAT subnet size input validation #12430
Fixed: IPsec initiates on HA backup node when a tunnel interface is set to a gateway group #12566
Fixed: IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled #12575
IPv6 Router Advertisements (RADVD)
Fixed: radvd only responds to the first Router Solicitation received after each multicast Router Advertisement #10304
Fixed: “Default preferred lifetime” router advertisement validation check uses incorrect variable #12159
Fixed: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106 #12173
Fixed: Default IPv6 router advertisement intervals and lifetime are too low #12280
Fixed: “Default preferred lifetime” field for IPv6 RA does not have input validation #12439
Fixed: IPv6 interface prefix change not reflected in RADVD configuration #12604
Fixed: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces #12626
Installer
Added: Restore RRD and extra data from configuration backups when restoring during installation #12518
Fixed: Minnowboard Turbo cannot boot a clean install #12707
Interfaces
Fixed: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot #6507
Fixed: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface #11337
Fixed: QinQ using OpenVPN ovpn interface as a parent is not configured at boot time #11662
Fixed: VLAN and QinQ edit pages allows selecting incompatible OpenVPN tun interfaces #11675
Fixed: Advanced DHCP client configuration “Protocol timing” help text is in the wrong location #11926
Added: VLAN list sorting #11968
Fixed: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured #12002
Fixed: Input validation incorrectly rejects a second IPv4-only GRE tunnel #12049
Fixed: Interface assignment mismatch is not detected if VLAN-only parent interface is removed #12170
Fixed: IPv6 DNS servers from dynamic sources are not listed on status_interfaces.php #12252
Fixed: IPv6 gateway for an interface is not shown on status_interfaces.php if the interface does not also have an IPv4 gateway #12253
Fixed: Remove subnet overlap check on LAN interfaces when using 6rd #12371
Fixed: “6RD Prefix” field does not have input validation #12435
Fixed: Trying to delete an assigned PPPoE interface fails without printing an error message #12514
L2TP
Fixed: Kernel panic during L2TP retransmit #9058
Fixed: FQDN L2TP server address is only resolved at boot #12072
Logging
Fixed: Logging configuration added by a package is not removed on uninstall #11846
Fixed: Remote log server input validation allows invalid values #12000
Added: Disable log compression on new installations when /var/log is a ZFS dataset with compression enabled #12011
Changed: Improve log settings help text for file size, compression, and retention count #12012
Added: Create a log entry when a configuration change occurs #12118
Fixed: Rotation settings for individual log files do not take effect after saving #12366
NTPD
Added: Poll Interval For GPS and PPS #9439
Added: Support for NTP Peer mode #11496
Fixed: File overwrite in services_ntpd_gps.php via gpsport parameter #12191
Added: Support SHA-256 hash NTP authentication #12213
Fixed: ZFS installations without an RTC battery boot with clock at BIOS/EFI default value because they do not receive initial clock value from filesystem data #12769
Notifications
Added: Option to suppress expiration notifications for revoked certificates #12109
Added: Support for Slack notifications #12291
Added: Send notification for halt, reboot, and reroot events #12441
Fixed: rc.notify_message only sends notifications via SMTP #12585
OpenVPN
Added: Support aliases in OpenVPN local/remote/tunnel network fields #2668
Changed: Set explicit-exit-notify option by default for new OpenVPN server instances #11684
Fixed: OpenVPN client certificate validation with OCSP always fails #11829
Added: Option to validate OpenVPN peer TLS certificate key usage #11865
Added: Log external IP address of OpenVPN clients on connect and disconnect #11935
Fixed: DNS Resolver does not add PTR record for OpenVPN clients #11938
Fixed: OpenVPN IPv6 tunnel network is not validated properly #11999
Fixed: OpenVPN RADIUS-based firewall rules use incorrect port ranges #12020
Fixed: Incorrect OpenVPN Client Export help link #12022
Fixed: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses #12076
Fixed: Prevent using OpenVPN “Exit Notify” option with point-to-point modes #12102
Fixed: OpenVPN Wizard configuration missing recently added default values #12172
Fixed: OpenVPN does not clean up previous CA and CRL files #12192
Changed: Move “Description” option on OpenVPN server and client pages to top of the page, show internal instance ID #12218
Fixed: Prevent using OpenVPN “Inactive” option with point-to-point modes #12219
Fixed: Configuration files are not deleted after disabling an OpenVPN instance #12223
Fixed: OpenVPN page allows to delete/disable instance with an assigned interface #12224
Fixed: OpenVPN status incorrect for TAP servers without a defined tunnel network #12232
Fixed: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode #12238
Added: Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page #12321
Added: Support OpenVPN client-kill to terminate remote clients instead of clearing their session #12416
Fixed: Set OpenVPN Gateway Creation value to “Both” by default for new instances #12448
Fixed: OpenVPN form validation issues #12677
Operating System
Changed: Ensure /usr/local/sbin/ scripts use full path to executable files #11985
Fixed: Update NGINX to address CVE-2021-23017 #12061
Added: Suppress kernel messages for lo0 configuration during boot #12094
Changed: Convert RAM disks to tmpfs #12145
Changed: Improve uses of grep which utilize user-supplied patterns #12265
Fixed: Update mpd5 to address vulnerabilities in < 5.9_2 #12373
Fixed: Update python to address vulnerabilities < 3.8.12 #12374
Fixed: Multiple cURL Vulnerabilities #12434
Changed: Add note in log settings that disabling logging also disables sshguard login protection #12511
Fixed: Kernel panic in nd6_dad_timer() #12548
PHP Interpreter
Fixed: diag_dump_states.php no longer filters by rule ID #12605
PPP Interfaces
Fixed: PPP interfaces lose the description field in ifconfig output when restarted #11959
PPPoE Server
Added: Option to select PPPoE Server authentication protocol #12438
Package System
Fixed: Package <plugins> and <tabs> content missing from configuration in some cases #11290
Added: Add librdkafka package to the pfSense package repository #12290
Fixed: PHP error on pkg_mgr_install.php when multiple instances are running #12713
Fixed: Potential XSS in pkg.php via pkg_filter #12725
RRD Graphs
Added: Graph for hardware temperature readings #9297
Routing
Fixed: Static routes using aliases are not automatically updated when alias content changes #7547
Fixed: Input validation does not prevent removing a gateway used by a DNS server #8390
Fixed: Kernel route table entries are removed if they match disabled static route entries #10706
Fixed: Modifying static routes results in a logged error, changes are not reflected in routing table #11599
Added: Require user to manually apply changes after altering static route entries #11895
Fixed: Route data collection method on diag_routes.php has multiple issues #12257
Rules / NAT
Added: IPv6 support in easyrule CLI script #11439
Fixed: NAT rule overlap detection is inconsistent #11734
Fixed: Input validation not working for 1:1 NAT entries using an alias as a destination #11923
Fixed: easyrule script does not function properly #12151
Fixed: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ::/0 #12164
Fixed: 1:1 NAT rule with internal IP address of “Any” results in an invalid firewall rule #12168
Fixed: Firewall rule tabs load slowly when many rules on the tab utilize gateways #12174
Fixed: VIP network addresses are not expanded on Port Forward rules #12233
Fixed: Duplicating a Port Forward does not copy “Filter Rule Association” values of “None” or “Pass” #12272
Added: Display default “Reflection Timeout” value on system_advanced_firewall.php #12318
Fixed: NAT rule overlap detection does not check special networks #12361
Fixed: Input validation prevents creating 1:1 NAT rules on OpenVPN #12408
Fixed: 1:1 NAT edit page lists incorrect entries in the Destination field #12410
Added: Icon for traffic direction on floating rules tab #12433
Fixed: Port forward rules are not created for special networks (pppoe, openvpn) #12452
Fixed: Automatic outbound NAT for reflection does not support IPv6 #12500
Fixed: Interface group name starting with a digit creates invalid XML for rule separators #12529
Added: Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry #12555
Fixed: Automatic rule tracker IDs incorrect after multiple filter reloads #12588
Fixed: PHP error when clicking Delete on Outbound NAT with no rules selected #12694
SNMP
Added: IPv6 support for base system SNMP service #12325
Services
Fixed: System attempts to stop inactive services at shutdown #12001
Fixed: System attempts to start inactive services at boot #12038
Traffic Shaper (ALTQ)
Added: IPv6 support in the Traffic Shaper Wizard #4769
Fixed: Panic when using CBQ traffic shaping #11470
Added: Allow Chelsio T6 CXGBE (cc) drivers to be used for ALTQ traffic shaping #12499
Changed: Traffic shaper wizard default bandwidth type should be Mbit/s #12501
Traffic Shaper (Limiters)
Fixed: Unable to delete limiter referenced in filter rules #12503
Fixed: Kernel panic when using fq_pie limiter scheduler #12622
UPnP/NAT-PMP
Added: UPnP/NAT-PMP STUN configuration options #10587
Upgrade
Changed: pfSense-upgrade should reinstall all packages on new version upgrades #12235
User Manager / Privileges
Added: Copy button for group entries in the User Manager #12226
Virtual IP Addresses
Fixed: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries #12356
Fixed: Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP #12362
Wake on LAN
Added: Wake on LAN button to wake all devices #12480
Web Interface
Changed: Update font formats to WOFF2 #11507
Fixed: DHCP Leases page and ARP table page fail to load if DNS is not available #11512
Fixed: Notifications page cannot be saved without configuring or disabling SMTP #12107
Changed: Convert help shortcut links to server-side redirects #12314
Fixed: Help text for RAM disk settings does not mention Captive Portal data #12389
Fixed: Input validation error can unintentionally result in removal of PPP type interface settings #12498
Wireless
Fixed: wpa_supplicant uses 100% of a CPU core at boot #11453
Fixed: Interfaces page does not show Wireless EAP client options #12239
XMLRPC
Fixed: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface #10955
Added: XMLRPC synchronization for DHCP relay settings #11957
Changed: XMLRPC client improvements #12051
Fixed: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync #12075
今回は久々のバージョンアップですので
かなり大規模な修正・変更がありますが
大半が各種修正や内部ソフトのバージョンアップになります
2.6.0のベースOSはFreeBSD12.3-STABLE
主な変更点としては
・pfSenseインストール時にファイルシステムの既定値がUFSからZFSに変更
・ユーザマネージャのパスワードハッシュ形式がbcryptからSHA-512に変更
・IPsecのインターフェイス名変更
既存システムはUFSでインストールされていると思いますが
UFS→ZFSに変換したりはできないのでZFSにしたい人は再インストールが必須となります
ただしすぐにZFS化する必要性はありませんし
ZFSはメモリ消費量が多いというデメリットもありますので
今後ZFSシステムのみが使用できる機能がpfSenseに搭載されたり
ハードウェア更新時にZFS化する程度でいいと思います
パスワードハッシュ形式がbcryptからSHA-512に変更された件については
新ユーザに対してはもちろんSHA-512を使用されますが
既存ユーザはbcryptのまま保存されています
既存ユーザもSHA-512で保存したい場合はパスワード再設定を行う必要がありますので
2.6.0更新後は全ユーザのパスワードを再設定しておくといいでしょう
IPsecに関しては既にOpenVPNしか使用していない環境だったので
どう変更になっているか確認出来ずでした
利用している人のみ各自確認ください
アップデートの作業時間はいつもと違って20分程度を要しました
これは今回のバージョンアップでは
全てのパッケージ(システム・アドオン両方)が再インストールされる為で
ダウンロードに今まで以上に時間がかかりました
(配布サーバが空いていれば20分もかからずに済むと思います)
作業時間は長かったもののダウンタイムとなるシステム再起動は
いつもの再起動とほぼ変わらずだったのでその点は良かったです
再起動後にもアドオンパッケージがバックグラウンドで
インストールされるケースもあるらしく
(その際はWEBGUI画面のトップページにメッセージが出ます)
念のため更新時の再起動後に動作確認したら再度再起動しておいた方が無難です
アップデート後、24時間以上経過してますが特に不具合は発生してません
pfSense Plusについて
2021年1月に発表されたpfSense Plusですが
今までのpfSense PlusはpfSense FEからサポートしていたAWSやAzureのVMと
Netgateが開発・販売しているアプライアンス向けのソフトウェアでした
しかしこの度Netgate以外のハードウェアでも利用が可能になるようです
ライセンスの種類についてはこちら
軸としてはこの2種類
今まで通り無料・OSSであるpfSense CE
Netgateの基本有料ソフトとなるpfSense Plus
pfSense CEは今まで通り1種類ですが
pfSense Plusは5種類のタイプあります
・Home(非商用 自宅利用向け 無料)
・Lab(商用評価用 TACライセンス購入前のテストなど非実稼働環境向け 無料)
・TAC Lite(商用 サポート内容:小)Netgateアプライアンスに付属
・TAC Professional(商用 サポート内容:中)
・TAC Enterprise(商用 サポート内容:大)
pfSense Software Types
https://www.netgate.com/pfsense-plus-software/software-types
サブスクリプション販売サイト
https://shop.netgate.com/products/pfsense-software-subscription
現時点ではpfSense CEとpfSense Plusはほぼ違いがないので
あえてpfSense Plusを利用するメリットはサポートされているAWSやAzure
そしてNetgateのアプライアンスを使用している人以外はありません
ちなみにPlusにしかない機能例としては以下があります
・AWS向けとしてAWS VPC Wizard
・IPsecのエクスポートできるアドオンパッケージ、IPSec Profile Wizard
pfSense Plusの開発方針もNetgateのアプライアンスに合わせた開発を行うとのことなので
今後、自作PCや仮想マシンなどで使用している人に
どの程度恩恵があるのかは現時点では不明です
アプライアンスに合わせた開発というのは
ドライバの最適化など基本的なことはもちろんのこと
アプライアンスのオンボードに追加されている機能や
特定の拡張カードが搭載されていたりした場合に
CEでは使えないがPlusだとその機能を有効化できるようなイメージらしいです
pfSense Plusのタイプ5種類についてですが
HomeとLabがアプライアンス以外を利用している人向けに
今回新たに設定された無料枠になります
Home・Labともに非営利目的向けで商用利用は禁止
個人の自宅利用であればHomeで問題ないでしょう
Labは評価版ライセンスですしHomeと現時点で機能差もなく選択する理由は特になし
TACの3種類は今までpfSense CEにあったTACがそのまま移行された形です
TACとはTechnical Assistance Centerの略
TACのLite/Pro/Entの違いは電話やチケット数などのサポートの有無のみ
販売ページにもあるようにTAC Liteについては今だけ年間129ドルが無料となっています
現在販売されているNetgateのアプライアンスを購入するとTAC Liteが標準で付属するので
現時点ではそのまま商用利用可能でpfSense Plus Homeを選択する必要もありません
TAC Liteは将来的に年間129ドルになるのが確定していることもあって
付属するTAC Liteが何年分なのかが気になる所ですが
Netgateによると以下の説明がされています
TAC Lite Is included with Netgate appliances with pfSense Plus for life of the product. See our Lifecycle page for details on lifetime.
翻訳を通すと
「TAC Liteは、製品の寿命が尽きるまで、pfSensePlusを備えたNetgateアプライアンスに含まれています。 ライフサイクルの詳細については、ライフサイクルページを参照してください。」
ここからはまだ確定情報ではありませんが
Netgateでは販売終了(End odf Sale)のEOSから製品別に1~3年で
サポート終了(End of Life)のEOLを迎えます
わざわざTAC Liteと製品寿命の文にライフサイクルのページを案内している点と
ライフサイクルページではEOSとEOLの間を
「Support Subscription Available」と表記している点から
おそらく付属するTAC Liteは各モデルのEOLまでのサポートとなり
EOL以降もアプライアンスを使用し続ける場合は
非商用であればpfSense CEかpfSense Plus Homeへ切り替え
商用であればpfSense CEか年間129ドルでTAC Liteを継続するかを
選択する必要が出てくると思われます
期限切れ通知がメールなどであると思いますがEOL付近になったら放置せず要確認です
今回pfSense Plus Homeが登場したことで良かった点としては
今まではアプライアンスを所有しているとpfSense Plusが使えるわけですが
仮にアプライアンスが故障した場合はハードウェアに紐付けされている為
新たに別のアプライアンスを買いなおさないと他の自作PCなどでは
pfSense Plusを継続利用できずpfSense CEに戻す必要があった問題が解消されました
(他のハードウェアでpfSense Plusを選ぶ意味があるかは置いといて)
ちなみにNetgateのアプライアンスに関しては
アプライアンスにpfSenseをインストールされていると
WEBGUIのダッシュボードにあるSystem Informationで
以下のように自動で認識されるので
使用モデルによって自動で最適化され設定値などが調整されます
個人的には長年使っているアプライアンスのSG-4860(RCC-VE 4860)が
残念ながらEOLをとっくに過ぎているのと
現在のpfSense CEに不満はなくpfSense Plusと機能差もないことから
pfSense CEを継続利用して様子見する予定で
今後の記事もpfSense CEベースになると思いますが
今後差別化でpfSense CEが放置・改悪される可能性も十分ありえることから
しばらくはNetgateの動きに注意したいと思います
アップデートの手順
事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです
2.5.2から2.6.0へアップデートと表示出てるのを確認して「Confirm」を押す
無事に完了すると自動で再起動開始されます
最後に2.6.0の状態で設定をバックアップして完了
Update時の処理ログ
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries:
Processing entries............. done
pfSense repository update completed. 511 packages processed.
All repositories are up to date.
>>> Setting vital flag on pkg... done.
>>> Removing vital flag from php74... done.
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (164 candidates): .......... done
Processing candidates (164 candidates): .......... done
The following 168 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
cyrus-sasl: 2.1.27_2 [pfSense]
devcpu-data-amd: 20211115 [pfSense]
devcpu-data-intel: 20210608 [pfSense]
libssh2: 1.9.0_3,3 [pfSense]
openldap24-client: 2.4.59_4 [pfSense]
openpgm: 5.2.122_6 [pfSense]
php74-pear-HTTP_Request2: 2.5.0,1 [pfSense]
unbound: 1.13.2 [pfSense]
Installed packages to be UPGRADED:
bind-tools: 9.16.16 -> 9.16.23 [pfSense]
ca_root_nss: 3.63 -> 3.71 [pfSense]
ccid: 1.4.32 -> 1.4.36 [pfSense]
check_reload_status: 0.0.10_1 -> 0.0.11 [pfSense]
curl: 7.76.1 -> 7.80.0 [pfSense]
dbus: 1.12.20_4 -> 1.12.20_5 [pfSense]
devcpu-data: 1.39 -> 20211109 [pfSense]
dnsmasq: 2.85_1,1 -> 2.86,1 [pfSense]
filterlog: 0.1_6 -> 0.1_9 [pfSense]
glib: 2.66.8,2 -> 2.70.2,2 [pfSense]
hostapd: 2.9_3 -> 2.9_4 [pfSense]
icu: 69.1,1 -> 70.1_1,1 [pfSense]
libgcrypt: 1.9.3 -> 1.9.4 [pfSense]
libgpg-error: 1.42 -> 1.43 [pfSense]
libidn2: 2.3.1 -> 2.3.2 [pfSense]
libnghttp2: 1.43.0 -> 1.46.0 [pfSense]
libuv: 1.41.0 -> 1.42.0 [pfSense]
libxml2: 2.9.10_4 -> 2.9.12 [pfSense]
libxslt: 1.1.34_1 -> 1.1.34_2 [pfSense]
lua-resty-core: 0.1.21_1 -> 0.1.22 [pfSense]
lua-resty-lrucache: 0.10 -> 0.11 [pfSense]
luajit-openresty: 2.1.20201027 -> 2.1.20210510 [pfSense]
miniupnpd: 2.2.1,1 -> 2.2.1_1,1 [pfSense]
mobile-broadband-provider-info: 20201225 -> 20210805 [pfSense]
mpd5: 5.9 -> 5.9_6 [pfSense]
nginx: 1.20.1,2 -> 1.20.2_1,2 [pfSense]
nss_ldap: 1.265_13 -> 1.265_14 [pfSense]
ntp: 4.2.8p15 -> 4.2.8p15_3 [pfSense]
opensc: 0.21.0 -> 0.22.0 [pfSense]
openvpn: 2.5.2_2 -> 2.5.4_1 [pfSense]
pam_ldap: 186 -> 186_1 [pfSense]
pcre: 8.44 -> 8.45 [pfSense]
pcre2: 10.37 -> 10.39 [pfSense]
pcsc-lite: 1.9.1,2 -> 1.9.4,2 [pfSense]
pfSense: 2.5.2 -> 2.6.0 [pfSense]
pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
pfSense-base: 2.5.2 -> 2.6.0 [pfSense-core]
pfSense-default-config: 2.5.2 -> 2.6.0 [pfSense-core]
pfSense-kernel-pfSense: 2.5.2 -> 2.6.0 [pfSense-core]
pfSense-rc: 2.5.2 -> 2.6.0 [pfSense-core]
php74: 7.4.20 -> 7.4.26 [pfSense]
php74-bcmath: 7.4.20 -> 7.4.26 [pfSense]
php74-bz2: 7.4.20 -> 7.4.26 [pfSense]
php74-ctype: 7.4.20 -> 7.4.26 [pfSense]
php74-curl: 7.4.20 -> 7.4.26 [pfSense]
php74-dom: 7.4.20 -> 7.4.26 [pfSense]
php74-filter: 7.4.20 -> 7.4.26 [pfSense]
php74-gettext: 7.4.20 -> 7.4.26 [pfSense]
php74-intl: 7.4.20 -> 7.4.26 [pfSense]
php74-json: 7.4.20 -> 7.4.26 [pfSense]
php74-ldap: 7.4.20 -> 7.4.26 [pfSense]
php74-mbstring: 7.4.20 -> 7.4.26 [pfSense]
php74-opcache: 7.4.20 -> 7.4.26 [pfSense]
php74-openssl: 7.4.20 -> 7.4.26 [pfSense]
php74-pcntl: 7.4.20 -> 7.4.26 [pfSense]
php74-pdo: 7.4.20 -> 7.4.26 [pfSense]
php74-pdo_sqlite: 7.4.20 -> 7.4.26 [pfSense]
php74-pear-Cache_Lite: 1.7.16,1 -> 1.8.3,1 [pfSense]
php74-pear-Net_SMTP: 1.9.0 -> 1.10.0 [pfSense]
php74-pear-Net_Socket: 1.0.14 -> 1.2.2 [pfSense]
php74-pfSense-module: 0.72 -> 0.76 [pfSense]
php74-posix: 7.4.20 -> 7.4.26 [pfSense]
php74-readline: 7.4.20 -> 7.4.26 [pfSense]
php74-session: 7.4.20 -> 7.4.26 [pfSense]
php74-shmop: 7.4.20 -> 7.4.26 [pfSense]
php74-simplexml: 7.4.20 -> 7.4.26 [pfSense]
php74-sockets: 7.4.20 -> 7.4.26 [pfSense]
php74-sqlite3: 7.4.20 -> 7.4.26 [pfSense]
php74-sysvmsg: 7.4.20 -> 7.4.26 [pfSense]
php74-sysvsem: 7.4.20 -> 7.4.26 [pfSense]
php74-sysvshm: 7.4.20 -> 7.4.26 [pfSense]
php74-tokenizer: 7.4.20 -> 7.4.26 [pfSense]
php74-xml: 7.4.20 -> 7.4.26 [pfSense]
php74-xmlreader: 7.4.20 -> 7.4.26 [pfSense]
php74-xmlwriter: 7.4.20 -> 7.4.26 [pfSense]
php74-zlib: 7.4.20 -> 7.4.26 [pfSense]
python38: 3.8.10 -> 3.8.12_1 [pfSense]
scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
smartmontools: 7.2_1 -> 7.2_3 [pfSense]
sqlite3: 3.35.5_1,1 -> 3.35.5_4,1 [pfSense]
sshguard: 2.4.1,1 -> 2.4.2_1,1 [pfSense]
strongswan: 5.9.2_2 -> 5.9.4 [pfSense]
wpa_supplicant: 2.9_10 -> 2.9_11 [pfSense]
wrapalixresetbutton: 0.0.7_1 -> 0.0.8 [pfSense]
Installed packages to be REINSTALLED:
beep-1.0_1 [pfSense]
bsnmp-regex-0.6_2 [pfSense]
bsnmp-ucd-0.4.5 [pfSense]
bwi-firmware-kmod-3.130.20 [pfSense]
choparp-20150613 [pfSense]
cpdup-1.22 [pfSense]
cpustats-0.1_1 [pfSense]
dhcp6-20080615.2_4 [pfSense]
dhcpleases-0.5_1 [pfSense]
dhcpleases6-0.1_3 [pfSense]
dmidecode-3.3 [pfSense]
dpinger-3.0 [pfSense]
expat-2.4.1 [pfSense]
expiretable-0.6_2 [pfSense]
filterdns-2.0_5 [pfSense]
gettext-runtime-0.21 [pfSense]
iftop-1.0.p4 [pfSense]
igmpproxy-0.3,1 [pfSense]
indexinfo-0.3.1 [pfSense]
ipmitool-1.8.18_3 [pfSense]
isc-dhcp44-client-4.4.2P1 [pfSense]
isc-dhcp44-relay-4.4.2P1 [pfSense]
isc-dhcp44-server-4.4.2P1_1 [pfSense]
json-c-0.15_1 [pfSense]
ldns-1.7.1_2 [pfSense]
libargon2-20190702 [pfSense]
libedit-3.1.20210216,1 [pfSense]
libevent-2.1.12 [pfSense]
libffi-3.3_1 [pfSense]
libiconv-1.16 [pfSense]
libinotify-20180201_2 [pfSense]
libltdl-2.4.6 [pfSense]
liblz4-1.9.3,1 [pfSense]
libmcrypt-2.5.8_3 [pfSense]
libucl-0.8.1 [pfSense]
libunistring-0.9.10_1 [pfSense]
libzmq4-4.3.4 [pfSense]
links-2.20.2_1,1 [pfSense]
lzo2-2.10_1 [pfSense]
minicron-0.0.2 [pfSense]
mpdecimal-2.5.1 [pfSense]
norm-1.5r6_1 [pfSense]
oniguruma-6.9.7.1 [pfSense]
openvpn-auth-script-1.0.0.3 [pfSense]
pam_mkhomedir-0.2 [pfSense]
perl5-5.32.1_1 [pfSense]
pfSense-repo-2.6.0 [pfSense]
pfSense-upgrade-1.0_12 [pfSense]
pftop-0.7_9 [pfSense]
php74-openssl_x509_crl-1.3 [pfSense]
php74-pear-1.10.12 [pfSense]
php74-pear-Auth_RADIUS-1.1.0_4 [pfSense]
php74-pear-Crypt_CHAP-1.5.0 [pfSense]
php74-pear-Mail-1.4.1,1 [pfSense]
php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense]
php74-pear-Net_URL2-2.2.1 [pfSense]
php74-pear-XML_RPC2-1.1.4 [pfSense] (direct dependency changed: php74-pear-HTTP_Request2)
php74-pecl-mcrypt-1.0.4 [pfSense]
php74-pecl-radius-1.4.0b1_1 [pfSense]
php74-pecl-rrd-2.0.1_1 [pfSense]
php74-phpseclib-2.0.17 [pfSense]
php74-simplepie-1.5.1_1 [pfSense] (direct dependency changed: php74)
pkg-1.17.5_2 [pfSense]
py38-ply-3.11 [pfSense]
py38-setuptools-57.0.0 [pfSense]
qstats-0.2 [pfSense]
radvd-2.19_2 [pfSense]
rate-0.9_2 [pfSense]
readline-8.1.1 [pfSense] (options changed)
rrdtool-1.7.2_4 [pfSense]
ssh_tunnel_shell-0.2_1 [pfSense]
uclcmd-0.1_3 [pfSense]
voucher-0.1_2 [pfSense]
vstr-1.0.15_1 [pfSense]
wol-0.7.1_4 [pfSense]
xinetd-2.3.15_2 [pfSense]
Number of packages to be installed: 8
Number of packages to be upgraded: 84
Number of packages to be reinstalled: 76
The process will require 116 MiB more space.
194 MiB to be downloaded.
[1/165] Fetching xinetd-2.3.15_2.pkg: .......... done
[2/165] Fetching wrapalixresetbutton-0.0.8.pkg: . done
[3/165] Fetching wpa_supplicant-2.9_11.pkg: .......... done
[4/165] Fetching wol-0.7.1_4.pkg: .... done
[5/165] Fetching vstr-1.0.15_1.pkg: .......... done
[6/165] Fetching voucher-0.1_2.pkg: . done
[7/165] Fetching uclcmd-0.1_3.pkg: ... done
[8/165] Fetching strongswan-5.9.4.pkg: .......... done
[9/165] Fetching sshguard-2.4.2_1,1.pkg: .......... done
[10/165] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done
[11/165] Fetching sqlite3-3.35.5_4,1.pkg: .......... done
[12/165] Fetching smartmontools-7.2_3.pkg: .......... done
[13/165] Fetching scponly-4.8.20110526_5.pkg: ... done
[14/165] Fetching rrdtool-1.7.2_4.pkg: .......... done
[15/165] Fetching readline-8.1.1.pkg: .......... done
[16/165] Fetching rate-0.9_2.pkg: ....... done
[17/165] Fetching radvd-2.19_2.pkg: ....... done
[18/165] Fetching qstats-0.2.pkg: . done
[19/165] Fetching python38-3.8.12_1.pkg: .......... done
[20/165] Fetching py38-setuptools-57.0.0.pkg: .......... done
[21/165] Fetching py38-ply-3.11.pkg: .......... done
[22/165] Fetching php74-zlib-7.4.26.pkg: ... done
[23/165] Fetching php74-xmlwriter-7.4.26.pkg: .. done
[24/165] Fetching php74-xmlreader-7.4.26.pkg: .. done
[25/165] Fetching php74-xml-7.4.26.pkg: ... done
[26/165] Fetching php74-tokenizer-7.4.26.pkg: .. done
[27/165] Fetching php74-sysvshm-7.4.26.pkg: . done
[28/165] Fetching php74-sysvsem-7.4.26.pkg: . done
[29/165] Fetching php74-sysvmsg-7.4.26.pkg: .. done
[30/165] Fetching php74-sqlite3-7.4.26.pkg: ... done
[31/165] Fetching php74-sockets-7.4.26.pkg: ..... done
[32/165] Fetching php74-simplexml-7.4.26.pkg: ... done
[33/165] Fetching php74-simplepie-1.5.1_1.pkg: ......... done
[34/165] Fetching php74-shmop-7.4.26.pkg: . done
[35/165] Fetching php74-session-7.4.26.pkg: ..... done
[36/165] Fetching php74-readline-7.4.26.pkg: .. done
[37/165] Fetching php74-posix-7.4.26.pkg: .. done
[38/165] Fetching php74-phpseclib-2.0.17.pkg: .......... done
[39/165] Fetching php74-pfSense-module-0.76.pkg: ...... done
[40/165] Fetching php74-pecl-rrd-2.0.1_1.pkg: .. done
[41/165] Fetching php74-pecl-radius-1.4.0b1_1.pkg: ... done
[42/165] Fetching php74-pecl-mcrypt-1.0.4.pkg: .. done
[43/165] Fetching php74-pear-XML_RPC2-1.1.4.pkg: ........ done
[44/165] Fetching php74-pear-Net_URL2-2.2.1.pkg: ... done
[45/165] Fetching php74-pear-Net_Socket-1.2.2.pkg: . done
[46/165] Fetching php74-pear-Net_SMTP-1.10.0.pkg: .. done
[47/165] Fetching php74-pear-Net_IPv6-1.3.0.b2_2.pkg: .. done
[48/165] Fetching php74-pear-Mail-1.4.1,1.pkg: ... done
[49/165] Fetching php74-pear-Crypt_CHAP-1.5.0.pkg: . done
[50/165] Fetching php74-pear-Cache_Lite-1.8.3,1.pkg: .... done
[51/165] Fetching php74-pear-Auth_RADIUS-1.1.0_4.pkg: .. done
[52/165] Fetching php74-pear-1.10.12.pkg: .......... done
[53/165] Fetching php74-pdo_sqlite-7.4.26.pkg: .. done
[54/165] Fetching php74-pdo-7.4.26.pkg: ...... done
[55/165] Fetching php74-pcntl-7.4.26.pkg: .. done
[56/165] Fetching php74-openssl_x509_crl-1.3.pkg: .. done
[57/165] Fetching php74-openssl-7.4.26.pkg: ........ done
[58/165] Fetching php74-opcache-7.4.26.pkg: .......... done
[59/165] Fetching php74-mbstring-7.4.26.pkg: .......... done
[60/165] Fetching php74-ldap-7.4.26.pkg: .... done
[61/165] Fetching php74-json-7.4.26.pkg: ... done
[62/165] Fetching php74-intl-7.4.26.pkg: .......... done
[63/165] Fetching php74-gettext-7.4.26.pkg: . done
[64/165] Fetching php74-filter-7.4.26.pkg: ... done
[65/165] Fetching php74-dom-7.4.26.pkg: ....... done
[66/165] Fetching php74-curl-7.4.26.pkg: .... done
[67/165] Fetching php74-ctype-7.4.26.pkg: . done
[68/165] Fetching php74-bz2-7.4.26.pkg: .. done
[69/165] Fetching php74-bcmath-7.4.26.pkg: ... done
[70/165] Fetching php74-7.4.26.pkg: .......... done
[71/165] Fetching pftop-0.7_9.pkg: ........ done
[72/165] Fetching pfSense-rc-2.6.0.pkg: .. done
[73/165] Fetching pfSense-kernel-pfSense-2.6.0.pkg: .......... done
[74/165] Fetching pfSense-default-config-2.6.0.pkg: . done
[75/165] Fetching pfSense-base-2.6.0.pkg: .......... done
[76/165] Fetching pfSense-Status_Monitoring-1.7.11_4.pkg: ... done
[77/165] Fetching pfSense-2.6.0.pkg: . done
[78/165] Fetching perl5-5.32.1_1.pkg: .......... done
[79/165] Fetching pcsc-lite-1.9.4,2.pkg: .......... done
[80/165] Fetching pcre2-10.39.pkg: .......... done
[81/165] Fetching pcre-8.45.pkg: .......... done
[82/165] Fetching pam_mkhomedir-0.2.pkg: . done
[83/165] Fetching pam_ldap-186_1.pkg: ..... done
[84/165] Fetching openvpn-auth-script-1.0.0.3.pkg: . done
[85/165] Fetching openvpn-2.5.4_1.pkg: .......... done
[86/165] Fetching opensc-0.22.0.pkg: .......... done
[87/165] Fetching oniguruma-6.9.7.1.pkg: .......... done
[88/165] Fetching ntp-4.2.8p15_3.pkg: .......... done
[89/165] Fetching nss_ldap-1.265_14.pkg: ....... done
[90/165] Fetching norm-1.5r6_1.pkg: .......... done
[91/165] Fetching nginx-1.20.2_1,2.pkg: .......... done
[92/165] Fetching mpdecimal-2.5.1.pkg: .......... done
[93/165] Fetching mpd5-5.9_6.pkg: .......... done
[94/165] Fetching mobile-broadband-provider-info-20210805.pkg: ........ done
[95/165] Fetching miniupnpd-2.2.1_1,1.pkg: ......... done
[96/165] Fetching minicron-0.0.2.pkg: . done
[97/165] Fetching lzo2-2.10_1.pkg: .......... done
[98/165] Fetching luajit-openresty-2.1.20210510.pkg: .......... done
[99/165] Fetching lua-resty-lrucache-0.11.pkg: . done
[100/165] Fetching lua-resty-core-0.1.22.pkg: .... done
[101/165] Fetching links-2.20.2_1,1.pkg: .......... done
[102/165] Fetching libzmq4-4.3.4.pkg: .......... done
[103/165] Fetching libxslt-1.1.34_2.pkg: .......... done
[104/165] Fetching libxml2-2.9.12.pkg: .......... done
[105/165] Fetching libuv-1.42.0.pkg: .......... done
[106/165] Fetching libunistring-0.9.10_1.pkg: .......... done
[107/165] Fetching libucl-0.8.1.pkg: .......... done
[108/165] Fetching libnghttp2-1.46.0.pkg: .......... done
[109/165] Fetching libmcrypt-2.5.8_3.pkg: .......... done
[110/165] Fetching liblz4-1.9.3,1.pkg: .......... done
[111/165] Fetching libltdl-2.4.6.pkg: ..... done
[112/165] Fetching libinotify-20180201_2.pkg: .... done
[113/165] Fetching libidn2-2.3.2.pkg: .......... done
[114/165] Fetching libiconv-1.16.pkg: .......... done
[115/165] Fetching libgpg-error-1.43.pkg: .......... done
[116/165] Fetching libgcrypt-1.9.4.pkg: .......... done
[117/165] Fetching libffi-3.3_1.pkg: ..... done
[118/165] Fetching libevent-2.1.12.pkg: .......... done
[119/165] Fetching libedit-3.1.20210216,1.pkg: .......... done
[120/165] Fetching libargon2-20190702.pkg: ......... done
[121/165] Fetching ldns-1.7.1_2.pkg: .......... done
[122/165] Fetching json-c-0.15_1.pkg: ........ done
[123/165] Fetching isc-dhcp44-server-4.4.2P1_1.pkg: .......... done
[124/165] Fetching isc-dhcp44-relay-4.4.2P1.pkg: .......... done
[125/165] Fetching isc-dhcp44-client-4.4.2P1.pkg: .......... done
[126/165] Fetching ipmitool-1.8.18_3.pkg: .......... done
[127/165] Fetching indexinfo-0.3.1.pkg: . done
[128/165] Fetching igmpproxy-0.3,1.pkg: ... done
[129/165] Fetching iftop-1.0.p4.pkg: ..... done
[130/165] Fetching icu-70.1_1,1.pkg: .......... done
[131/165] Fetching hostapd-2.9_4.pkg: .......... done
[132/165] Fetching glib-2.70.2,2.pkg: .......... done
[133/165] Fetching gettext-runtime-0.21.pkg: .......... done
[134/165] Fetching filterlog-0.1_9.pkg: .. done
[135/165] Fetching filterdns-2.0_5.pkg: ... done
[136/165] Fetching expiretable-0.6_2.pkg: . done
[137/165] Fetching expat-2.4.1.pkg: .......... done
[138/165] Fetching dpinger-3.0.pkg: .. done
[139/165] Fetching dnsmasq-2.86,1.pkg: .......... done
[140/165] Fetching dmidecode-3.3.pkg: ........ done
[141/165] Fetching dhcpleases6-0.1_3.pkg: .. done
[142/165] Fetching dhcpleases-0.5_1.pkg: .. done
[143/165] Fetching dhcp6-20080615.2_4.pkg: .......... done
[144/165] Fetching devcpu-data-20211109.pkg: . done
[145/165] Fetching dbus-1.12.20_5.pkg: .......... done
[146/165] Fetching curl-7.80.0.pkg: .......... done
[147/165] Fetching cpustats-0.1_1.pkg: . done
[148/165] Fetching cpdup-1.22.pkg: .... done
[149/165] Fetching choparp-20150613.pkg: . done
[150/165] Fetching check_reload_status-0.0.11.pkg: .... done
[151/165] Fetching ccid-1.4.36.pkg: ........ done
[152/165] Fetching ca_root_nss-3.71.pkg: .......... done
[153/165] Fetching bwi-firmware-kmod-3.130.20.pkg: ... done
[154/165] Fetching bsnmp-ucd-0.4.5.pkg: ... done
[155/165] Fetching bsnmp-regex-0.6_2.pkg: ... done
[156/165] Fetching bind-tools-9.16.23.pkg: .......... done
[157/165] Fetching beep-1.0_1.pkg: . done
[158/165] Fetching unbound-1.13.2.pkg: .......... done
[159/165] Fetching libssh2-1.9.0_3,3.pkg: .......... done
[160/165] Fetching php74-pear-HTTP_Request2-2.5.0,1.pkg: .......... done
[161/165] Fetching openldap24-client-2.4.59_4.pkg: .......... done
[162/165] Fetching cyrus-sasl-2.1.27_2.pkg: .......... done
[163/165] Fetching openpgm-5.2.122_6.pkg: .......... done
[164/165] Fetching devcpu-data-intel-20210608.pkg: .......... done
[165/165] Fetching devcpu-data-amd-20211115.pkg: ..... done
Checking integrity... done (5 conflicting)
- unbound-1.13.2 [pfSense] conflicts with unbound112-1.12.0_1 [installed] on /usr/local/etc/unbound/unbound.conf.sample
- php74-pear-HTTP_Request2-2.5.0,1 [pfSense] conflicts with php74-pear-HTTP_Request2-230-2.3.0,1 [installed] on /usr/local/share/doc/pear/HTTP_Request2/LICENSE
- openldap24-client-2.4.59_4 [pfSense] conflicts with openldap-client-2.4.59 [installed] on /usr/local/bin/ldapadd
- devcpu-data-intel-20210608 [pfSense] conflicts with devcpu-data-1.39 [installed] on /usr/local/share/cpucontrol/06-03-02.00
- devcpu-data-amd-20211115 [pfSense] conflicts with devcpu-data-1.39 [installed] on /usr/local/share/cpucontrol/microcode_amd.bin
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 172 package(s) will be affected (of 0 checked):
Installed packages to be REMOVED:
openldap-client: 2.4.59
php74-pear-HTTP_Request2-230: 2.3.0,1
unbound112: 1.12.0_1
New packages to be INSTALLED:
cyrus-sasl: 2.1.27_2 [pfSense]
devcpu-data-amd: 20211115 [pfSense]
devcpu-data-intel: 20210608 [pfSense]
libssh2: 1.9.0_3,3 [pfSense]
openldap24-client: 2.4.59_4 [pfSense]
openpgm: 5.2.122_6 [pfSense]
php74-pear-HTTP_Request2: 2.5.0,1 [pfSense]
unbound: 1.13.2 [pfSense]
Installed packages to be UPGRADED:
bind-tools: 9.16.16 -> 9.16.23 [pfSense]
ca_root_nss: 3.63 -> 3.71 [pfSense]
ccid: 1.4.32 -> 1.4.36 [pfSense]
check_reload_status: 0.0.10_1 -> 0.0.11 [pfSense]
curl: 7.76.1 -> 7.80.0 [pfSense]
dbus: 1.12.20_4 -> 1.12.20_5 [pfSense]
dnsmasq: 2.85_1,1 -> 2.86,1 [pfSense]
filterlog: 0.1_6 -> 0.1_9 [pfSense]
glib: 2.66.8,2 -> 2.70.2,2 [pfSense]
hostapd: 2.9_3 -> 2.9_4 [pfSense]
icu: 69.1,1 -> 70.1_1,1 [pfSense]
libgcrypt: 1.9.3 -> 1.9.4 [pfSense]
libgpg-error: 1.42 -> 1.43 [pfSense]
libidn2: 2.3.1 -> 2.3.2 [pfSense]
libnghttp2: 1.43.0 -> 1.46.0 [pfSense]
libuv: 1.41.0 -> 1.42.0 [pfSense]
libxml2: 2.9.10_4 -> 2.9.12 [pfSense]
libxslt: 1.1.34_1 -> 1.1.34_2 [pfSense]
lua-resty-core: 0.1.21_1 -> 0.1.22 [pfSense]
lua-resty-lrucache: 0.10 -> 0.11 [pfSense]
luajit-openresty: 2.1.20201027 -> 2.1.20210510 [pfSense]
miniupnpd: 2.2.1,1 -> 2.2.1_1,1 [pfSense]
mobile-broadband-provider-info: 20201225 -> 20210805 [pfSense]
mpd5: 5.9 -> 5.9_6 [pfSense]
nginx: 1.20.1,2 -> 1.20.2_1,2 [pfSense]
nss_ldap: 1.265_13 -> 1.265_14 [pfSense]
ntp: 4.2.8p15 -> 4.2.8p15_3 [pfSense]
opensc: 0.21.0 -> 0.22.0 [pfSense]
openvpn: 2.5.2_2 -> 2.5.4_1 [pfSense]
pam_ldap: 186 -> 186_1 [pfSense]
pcre: 8.44 -> 8.45 [pfSense]
pcre2: 10.37 -> 10.39 [pfSense]
pcsc-lite: 1.9.1,2 -> 1.9.4,2 [pfSense]
pfSense: 2.5.2 -> 2.6.0 [pfSense]
pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
pfSense-base: 2.5.2 -> 2.6.0 [pfSense-core]
pfSense-default-config: 2.5.2 -> 2.6.0 [pfSense-core]
pfSense-kernel-pfSense: 2.5.2 -> 2.6.0 [pfSense-core]
pfSense-rc: 2.5.2 -> 2.6.0 [pfSense-core]
php74: 7.4.20 -> 7.4.26 [pfSense]
php74-bcmath: 7.4.20 -> 7.4.26 [pfSense]
php74-bz2: 7.4.20 -> 7.4.26 [pfSense]
php74-ctype: 7.4.20 -> 7.4.26 [pfSense]
php74-curl: 7.4.20 -> 7.4.26 [pfSense]
php74-dom: 7.4.20 -> 7.4.26 [pfSense]
php74-filter: 7.4.20 -> 7.4.26 [pfSense]
php74-gettext: 7.4.20 -> 7.4.26 [pfSense]
php74-intl: 7.4.20 -> 7.4.26 [pfSense]
php74-json: 7.4.20 -> 7.4.26 [pfSense]
php74-ldap: 7.4.20 -> 7.4.26 [pfSense]
php74-mbstring: 7.4.20 -> 7.4.26 [pfSense]
php74-opcache: 7.4.20 -> 7.4.26 [pfSense]
php74-openssl: 7.4.20 -> 7.4.26 [pfSense]
php74-pcntl: 7.4.20 -> 7.4.26 [pfSense]
php74-pdo: 7.4.20 -> 7.4.26 [pfSense]
php74-pdo_sqlite: 7.4.20 -> 7.4.26 [pfSense]
php74-pear-Cache_Lite: 1.7.16,1 -> 1.8.3,1 [pfSense]
php74-pear-Net_SMTP: 1.9.0 -> 1.10.0 [pfSense]
php74-pear-Net_Socket: 1.0.14 -> 1.2.2 [pfSense]
php74-pfSense-module: 0.72 -> 0.76 [pfSense]
php74-posix: 7.4.20 -> 7.4.26 [pfSense]
php74-readline: 7.4.20 -> 7.4.26 [pfSense]
php74-session: 7.4.20 -> 7.4.26 [pfSense]
php74-shmop: 7.4.20 -> 7.4.26 [pfSense]
php74-simplexml: 7.4.20 -> 7.4.26 [pfSense]
php74-sockets: 7.4.20 -> 7.4.26 [pfSense]
php74-sqlite3: 7.4.20 -> 7.4.26 [pfSense]
php74-sysvmsg: 7.4.20 -> 7.4.26 [pfSense]
php74-sysvsem: 7.4.20 -> 7.4.26 [pfSense]
php74-sysvshm: 7.4.20 -> 7.4.26 [pfSense]
php74-tokenizer: 7.4.20 -> 7.4.26 [pfSense]
php74-xml: 7.4.20 -> 7.4.26 [pfSense]
php74-xmlreader: 7.4.20 -> 7.4.26 [pfSense]
php74-xmlwriter: 7.4.20 -> 7.4.26 [pfSense]
php74-zlib: 7.4.20 -> 7.4.26 [pfSense]
python38: 3.8.10 -> 3.8.12_1 [pfSense]
scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
smartmontools: 7.2_1 -> 7.2_3 [pfSense]
sqlite3: 3.35.5_1,1 -> 3.35.5_4,1 [pfSense]
sshguard: 2.4.1,1 -> 2.4.2_1,1 [pfSense]
strongswan: 5.9.2_2 -> 5.9.4 [pfSense]
wpa_supplicant: 2.9_10 -> 2.9_11 [pfSense]
wrapalixresetbutton: 0.0.7_1 -> 0.0.8 [pfSense]
Installed packages to be REINSTALLED:
beep-1.0_1 [pfSense]
bsnmp-regex-0.6_2 [pfSense]
bsnmp-ucd-0.4.5 [pfSense]
bwi-firmware-kmod-3.130.20 [pfSense]
choparp-20150613 [pfSense]
cpdup-1.22 [pfSense]
cpustats-0.1_1 [pfSense]
dhcp6-20080615.2_4 [pfSense]
dhcpleases-0.5_1 [pfSense]
dhcpleases6-0.1_3 [pfSense]
dmidecode-3.3 [pfSense]
dpinger-3.0 [pfSense]
expat-2.4.1 [pfSense]
expiretable-0.6_2 [pfSense]
filterdns-2.0_5 [pfSense]
gettext-runtime-0.21 [pfSense]
iftop-1.0.p4 [pfSense]
igmpproxy-0.3,1 [pfSense]
indexinfo-0.3.1 [pfSense]
ipmitool-1.8.18_3 [pfSense]
isc-dhcp44-client-4.4.2P1 [pfSense]
isc-dhcp44-relay-4.4.2P1 [pfSense]
isc-dhcp44-server-4.4.2P1_1 [pfSense]
json-c-0.15_1 [pfSense]
ldns-1.7.1_2 [pfSense]
libargon2-20190702 [pfSense]
libedit-3.1.20210216,1 [pfSense]
libevent-2.1.12 [pfSense]
libffi-3.3_1 [pfSense]
libiconv-1.16 [pfSense]
libinotify-20180201_2 [pfSense]
libltdl-2.4.6 [pfSense]
liblz4-1.9.3,1 [pfSense]
libmcrypt-2.5.8_3 [pfSense]
libucl-0.8.1 [pfSense]
libunistring-0.9.10_1 [pfSense]
libzmq4-4.3.4 [pfSense]
links-2.20.2_1,1 [pfSense]
lzo2-2.10_1 [pfSense]
minicron-0.0.2 [pfSense]
mpdecimal-2.5.1 [pfSense]
norm-1.5r6_1 [pfSense]
oniguruma-6.9.7.1 [pfSense]
openvpn-auth-script-1.0.0.3 [pfSense]
pam_mkhomedir-0.2 [pfSense]
perl5-5.32.1_1 [pfSense]
pfSense-repo-2.6.0 [pfSense]
pfSense-upgrade-1.0_12 [pfSense]
pftop-0.7_9 [pfSense]
php74-openssl_x509_crl-1.3 [pfSense]
php74-pear-1.10.12 [pfSense]
php74-pear-Auth_RADIUS-1.1.0_4 [pfSense]
php74-pear-Crypt_CHAP-1.5.0 [pfSense]
php74-pear-Mail-1.4.1,1 [pfSense]
php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense]
php74-pear-Net_URL2-2.2.1 [pfSense]
php74-pear-XML_RPC2-1.1.4 [pfSense] (direct dependency changed: php74-pear-HTTP_Request2)
php74-pecl-mcrypt-1.0.4 [pfSense]
php74-pecl-radius-1.4.0b1_1 [pfSense]
php74-pecl-rrd-2.0.1_1 [pfSense]
php74-phpseclib-2.0.17 [pfSense]
php74-simplepie-1.5.1_1 [pfSense] (direct dependency changed: php74)
pkg-1.17.5_2 [pfSense]
py38-ply-3.11 [pfSense]
py38-setuptools-57.0.0 [pfSense]
qstats-0.2 [pfSense]
radvd-2.19_2 [pfSense]
rate-0.9_2 [pfSense]
readline-8.1.1 [pfSense] (options changed)
rrdtool-1.7.2_4 [pfSense]
ssh_tunnel_shell-0.2_1 [pfSense]
uclcmd-0.1_3 [pfSense]
voucher-0.1_2 [pfSense]
vstr-1.0.15_1 [pfSense]
wol-0.7.1_4 [pfSense]
xinetd-2.3.15_2 [pfSense]
Number of packages to be removed: 3
Number of packages to be installed: 8
Number of packages to be upgraded: 83
Number of packages to be reinstalled: 76
The process will require 115 MiB more space.
>>> Downloading pkg...
No packages are required to be fetched.
Integrity check was successful.
>>> Upgrading pfSense-rc...
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pfSense-rc: 2.5.2 -> 2.6.0 [pfSense-core]
Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-rc from 2.5.2 to 2.6.0...
===> Setting net.pf.request_maxcount=400000
[1/1] Extracting pfSense-rc-2.6.0: ...... done
>>> Upgrading pfSense kernel...
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pfSense-kernel-pfSense: 2.5.2 -> 2.6.0 [pfSense-core]
Number of packages to be upgraded: 1
The process will require 98 MiB more space.
[1/1] Upgrading pfSense-kernel-pfSense from 2.5.2 to 2.6.0...
[1/1] Extracting pfSense-kernel-pfSense-2.6.0: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
cp: /boot/kernel/.pkgtemp.fuse.ko.g1ZN8pFuO9kB: No such file or directory
cp: /boot/kernel/.pkgtemp.if_igb.ko.to0IdxhXQuQN: No such file or directory
cp: /boot/kernel/.pkgtemp.if_ixlv.ko.FYgmU292gIfB: No such file or directory
cp: /boot/kernel/.pkgtemp.if_tap.ko.ZhWmzF1DrUgm: No such file or directory
cp: /boot/kernel/.pkgtemp.if_tun.ko.VvLn16EfITW0: No such file or directory
pkg-static: DEINSTALL script failed
>>> Removing unnecessary packages... done.
System is going to be upgraded. Rebooting in 10 seconds.
Success
コメント