pfSenseをアップデートした記録 2.3.3_1→2.3.4
アップデート内容確認
2.3.3_1(2.3.3 Update 1)から2.3.4にアップデートします
変更点を確認
2.3.4 New Features and Changes – PFSenseDocs
https://doc.pfsense.org/index.php/2.3.4_New_Features_and_Changes
全体的に不具合修正がメインです
証明書の生成についての修正がありますが
これは管理画面をHTTPSに設定していてChromeを使っているケースが該当します
アップデートの手順
事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです
まずダッシュボードのVersionのところにある雲マークか
System→Updateを選択
2.3.3_1から2.3.4へアップデートと表示出てるのを確認して「Confirm」を押す
Update時の処理ログ
>>> Updating repositories metadata... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. >>> Unlocking package pfSense-kernel-pfSense... done. >>> Downloading upgrade packages... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (132 candidates): .......... done Processing candidates (132 candidates): ... done The following 42 package(s) will be affected (of 0 checked): New packages to be INSTALLED: libevent: 2.1.8 [pfSense] Installed packages to be UPGRADED: unbound: 1.6.0 -> 1.6.1 [pfSense] strongswan: 5.5.1 -> 5.5.1_1 [pfSense] sqlite3: 3.15.1_1 -> 3.17.0 [pfSense] smartmontools: 6.5_1 -> 6.5_2 [pfSense] python27: 2.7.13_1 -> 2.7.13_3 [pfSense] php-xdebug: 2.4.1_1 -> 2.5.0 [pfSense] pftop: 0.7_7 -> 0.7_8 [pfSense] pfSense-rc: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense-kernel-pfSense: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense-default-config: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense-base: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense: 2.3.3_1 -> 2.3.4 [pfSense] perl5: 5.24.1.r4_1 -> 5.24.1 [pfSense] pcre: 8.39_1 -> 8.40 [pfSense] ntp: 4.2.8p9_1 -> 4.2.8p10_2 [pfSense] nginx: 1.10.2_3,2 -> 1.10.3_1,2 [pfSense] lzo2: 2.09 -> 2.10_1 [pfSense] libssh2: 1.8.0,2 -> 1.8.0,3 [pfSense] libsodium: 1.0.11_1 -> 1.0.12 [pfSense] libnghttp2: 1.18.0 -> 1.21.0 [pfSense] ldns: 1.6.17_5 -> 1.7.0 [pfSense] ipmitool: 1.8.17_1 -> 1.8.18 [pfSense] gmp: 5.1.3_3 -> 6.1.2 [pfSense] glib: 2.46.2_4 -> 2.46.2_5 [pfSense] dhcp6: 20080615.1 -> 20080615.2 [pfSense] curl: 7.53.0 -> 7.54.0 [pfSense] ca_root_nss: 3.28.1 -> 3.30.2 [pfSense] bind-tools: 9.11.0P3 -> 9.11.1 [pfSense] Installed packages to be REINSTALLED: vstr-1.0.15_1 [pfSense] nettle-3.3 [pfSense] libxml2-2.9.4 [pfSense] libidn-1.33_1 [pfSense] libiconv-1.14_10 [pfSense] libffi-3.2.1 [pfSense] libedit-3.1.20150325_2,1 [pfSense] json-c-0.12.1 [pfSense] idnkit-1.0_6 [pfSense] gettext-runtime-0.19.8.1_1 [pfSense] expat-2.2.0_1 [pfSense] dnsmasq-2.76,1 [pfSense] (options changed) check_reload_status-0.0.7 [pfSense] (direct dependency changed: libevent) Number of packages to be installed: 1 Number of packages to be upgraded: 28 Number of packages to be reinstalled: 13 The process will require 3 MiB more space. 81 MiB to be downloaded. [1/42] Fetching vstr-1.0.15_1.txz: .......... done [2/42] Fetching unbound-1.6.1.txz: .......... done [3/42] Fetching strongswan-5.5.1_1.txz: .......... done [4/42] Fetching sqlite3-3.17.0.txz: .......... done [5/42] Fetching smartmontools-6.5_2.txz: .......... done [6/42] Fetching python27-2.7.13_3.txz: .......... done [7/42] Fetching php-xdebug-2.5.0.txz: .......... done [8/42] Fetching pftop-0.7_8.txz: ........ done [9/42] Fetching pfSense-rc-2.3.4.txz: . done [10/42] Fetching pfSense-kernel-pfSense-2.3.4.txz: .......... done [11/42] Fetching pfSense-default-config-2.3.4.txz: . done [12/42] Fetching pfSense-base-2.3.4.txz: .......... done [13/42] Fetching pfSense-2.3.4.txz: . done [14/42] Fetching perl5-5.24.1.txz: .......... done [15/42] Fetching pcre-8.40.txz: .......... done [16/42] Fetching ntp-4.2.8p10_2.txz: .......... done [17/42] Fetching nginx-1.10.3_1,2.txz: .......... done [18/42] Fetching nettle-3.3.txz: .......... done [19/42] Fetching lzo2-2.10_1.txz: .......... done [20/42] Fetching libxml2-2.9.4.txz: .......... done [21/42] Fetching libssh2-1.8.0,3.txz: .......... done [22/42] Fetching libsodium-1.0.12.txz: .......... done [23/42] Fetching libnghttp2-1.21.0.txz: .......... done [24/42] Fetching libidn-1.33_1.txz: .......... done [25/42] Fetching libiconv-1.14_10.txz: .......... done [26/42] Fetching libffi-3.2.1.txz: ..... done [27/42] Fetching libedit-3.1.20150325_2,1.txz: .......... done [28/42] Fetching ldns-1.7.0.txz: .......... done [29/42] Fetching json-c-0.12.1.txz: ..... done [30/42] Fetching ipmitool-1.8.18.txz: .......... done [31/42] Fetching idnkit-1.0_6.txz: .......... done [32/42] Fetching gmp-6.1.2.txz: .......... done [33/42] Fetching glib-2.46.2_5.txz: .......... done [34/42] Fetching gettext-runtime-0.19.8.1_1.txz: .......... done [35/42] Fetching expat-2.2.0_1.txz: .......... done [36/42] Fetching dnsmasq-2.76,1.txz: .......... done [37/42] Fetching dhcp6-20080615.2.txz: .......... done [38/42] Fetching curl-7.54.0.txz: .......... done [39/42] Fetching check_reload_status-0.0.7.txz: .... done [40/42] Fetching ca_root_nss-3.30.2.txz: .......... done [41/42] Fetching bind-tools-9.11.1.txz: .......... done [42/42] Fetching libevent-2.1.8.txz: .......... done Checking integrity... done (1 conflicting) - libevent-2.1.8 [pfSense] conflicts with libevent2-2.0.22_1 [installed] on /usr/local/bin/event_rpcgen.py Checking integrity... done (0 conflicting) Conflicts with the existing packages have been found. One more solver iteration is needed to resolve them. The following 43 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: libevent2-2.0.22_1 New packages to be INSTALLED: libevent: 2.1.8 [pfSense] Installed packages to be UPGRADED: python27: 2.7.13_1 -> 2.7.13_3 [pfSense] perl5: 5.24.1.r4_1 -> 5.24.1 [pfSense] pcre: 8.39_1 -> 8.40 [pfSense] libnghttp2: 1.18.0 -> 1.21.0 [pfSense] ldns: 1.6.17_5 -> 1.7.0 [pfSense] glib: 2.46.2_4 -> 2.46.2_5 [pfSense] ca_root_nss: 3.28.1 -> 3.30.2 [pfSense] unbound: 1.6.0 -> 1.6.1 [pfSense] libsodium: 1.0.11_1 -> 1.0.12 [pfSense] gmp: 5.1.3_3 -> 6.1.2 [pfSense] curl: 7.53.0 -> 7.54.0 [pfSense] strongswan: 5.5.1 -> 5.5.1_1 [pfSense] sqlite3: 3.15.1_1 -> 3.17.0 [pfSense] lzo2: 2.09 -> 2.10_1 [pfSense] libssh2: 1.8.0,2 -> 1.8.0,3 [pfSense] smartmontools: 6.5_1 -> 6.5_2 [pfSense] php-xdebug: 2.4.1_1 -> 2.5.0 [pfSense] pftop: 0.7_7 -> 0.7_8 [pfSense] pfSense-rc: 2.3.3_1 -> 2.3.4 [pfSense-core] ntp: 4.2.8p9_1 -> 4.2.8p10_2 [pfSense] nginx: 1.10.2_3,2 -> 1.10.3_1,2 [pfSense] ipmitool: 1.8.17_1 -> 1.8.18 [pfSense] dhcp6: 20080615.1 -> 20080615.2 [pfSense] bind-tools: 9.11.0P3 -> 9.11.1 [pfSense] pfSense-kernel-pfSense: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense-default-config: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense-base: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense: 2.3.3_1 -> 2.3.4 [pfSense] Installed packages to be REINSTALLED: libffi-3.2.1 [pfSense] gettext-runtime-0.19.8.1_1 [pfSense] libiconv-1.14_10 [pfSense] libxml2-2.9.4 [pfSense] expat-2.2.0_1 [pfSense] vstr-1.0.15_1 [pfSense] nettle-3.3 [pfSense] libidn-1.33_1 [pfSense] libedit-3.1.20150325_2,1 [pfSense] json-c-0.12.1 [pfSense] idnkit-1.0_6 [pfSense] dnsmasq-2.76,1 [pfSense] (options changed) check_reload_status-0.0.7 [pfSense] (direct dependency changed: libevent) Number of packages to be removed: 1 Number of packages to be installed: 1 Number of packages to be upgraded: 28 Number of packages to be reinstalled: 13 The process will require 1 MiB more space. >>> Upgrading pfSense kernel... Checking integrity... done (0 conflicting) The following 2 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-kernel-pfSense: 2.3.3_1 -> 2.3.4 [pfSense-core] pfSense-rc: 2.3.3_1 -> 2.3.4 [pfSense-core] Number of packages to be upgraded: 2 [1/2] Upgrading pfSense-rc from 2.3.3_1 to 2.3.4... [1/2] Extracting pfSense-rc-2.3.4: .... done [2/2] Upgrading pfSense-kernel-pfSense from 2.3.3_1 to 2.3.4... [2/2] Extracting pfSense-kernel-pfSense-2.3.4: .......... done ===> Keeping a copy of current kernel in /boot/kernel.old Upgrade is complete. Rebooting in 10 seconds. >>> Locking package pfSense-kernel-pfSense... done. Success
将来的にはAES-NIが必須へ
先日NetgateBlogにて告知されました
pfSense 2.5 and AES-NI
https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html
More on AES-NI
https://www.netgate.com/blog/more-on-aes-ni.html
pfSense2.5を目途にAES-NIが必須になる予定らしいです
今は2.3.4ですので2.5が出るのはまだまだ先の話でしょうけど
古いハードウェアを使い続けている人はハードウェア更新を計画する必要がありそうです
とはいえAES-NI対応CPUは私が使っているAtomでも対応してますし
そこまで高価な装置じゃないので該当者にとっては更新が面倒なぐらいでしょうか
ちなみにAES-NIと聞くとVPN使ってないのにと思うかもしれませんが
2つ目の記事に記載されてる通りVPNだけで使うわけではありません
2.5からまたWEBGUIが更新される模様でこれは3.0に向けての流れのようです
コメント