pfSense 2.4.5 Release notes and at Netgate.

@dotsch said in Panic + hung after 2.5 upgrade:

The system ran about 10 days without any issues after the upgrade.

Aha !
That closes in on a hardware failure.
Swap out the SD.

Just got it to work after I went to Settings and unchecked and saved the "Show log entries in reverse order" and then checked back again and saved. It looks like it restarted the whole process and is now working.

yes correctly said, but with a twist:

default admin was member of admin group. default admin was also a member of custom group which was "user-config-readonly". somehow after update this group overwrites the privileges of admin group. created backup of config file removed default admin user from custom group in config file. finally restored pfsense with the modified config.xml file.

thanks for the advise.

Got it figured out!!

Resetting my cable modem fixed the issue. I guess the pfsense SG-3100 wasn’t getting an IP from my ISP... but resetting it worked. Thanks!!!

If you can reach the gui and have made that change then you should be able to restore the config again and it will pull in the packages at that point.

Steve

The maximum table size actually needs to be around double the size of the tables you are loading as it loads in the new tables at update before removing the old ones.
1M is usually sufficient for bogonsv6 and few large pfBlocker tables.

Steve

Yeah, it's almost certainly all the same root cause. We are working to find and resolve that.
For some reason it seems to affect Hyper-V especially badly.

Going to 1 CPU core will likely work around it, at obvious expense, until we do.

Steve

If you're coming from 2.3.X you should select the 2.4.4 update branch to reach 2.4.4p3 first. Then go from there to 2.4.5. It will likely fail a direct upgrade from 2.3.4 to 2.4.5.
However I would recommend installing 2.4.5 clean and restoring your config into it. The jump from 2.3.4 is large.

Steve

Probably this: https://redmine.pfsense.org/issues/10414

Try setting the VM to one CPU as a test.

Steve

You should reinstall 2.4.5 again and make sure you restore a config from 2.4.4-p3 or 2.4.5. The 2.5.0 configuration is not compatible with 2.4.5 and is likely the source of your problems.

No earth shattering issues upgrading my MBT-4220. I took the reboot-before-upgrade path and nothing jumped out. I did see a few messages relating to needing a few more Mb for a package but the update process succeeded.

The entire process took about 10 minutes. All packages are up to date and all services started as normal.

@cthomas What do you have System -> General Setup -> DNS Server Settings ->Disable DNS Forwarder set? The description appears apropos to your situation:

Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall
By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers in resolv.conf.

Cheers, Liam

Faced the same problem. When installing in Windows, an error occurred checking the checksum.
I downloaded the daily build and everything was fine.

To be sure : look up all the 'snort' and 'squid' posts from the last 2 weeks or so.
You'll find a way to put things back in track.

@stephenw10 said in How to forward ISP provided vlans to an interface?:

I assume you mean em(4)? But it shouldn't matter what NIC/driver you use.

Add a VLAN 35 on em2 and assign that as an interface.

If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required.

If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity.

What do you have setup currently.

Steve

I'm not sure I can pull two dhcp leases or not, but if I did bridge it correctly, i guess not?
wan.png

interfaces.png bridges.png hh3000-em2.png hh3000-vlan.png

I would probably try low-level formatting it using the Intel SSD tool if you have Windows available.

Steve

Just a follow up that update worked as expected on both firewalls in the cluster, from -p2 to -p3.

We'll wait a while for kinks to get ironed out of 2.4.5 before upgrading.

@stephenw10 yeap, it is seem to be corrected. All the previous versions may be wrong