It's a few different things, part some larger items that we're working on that could introduce temporary instability, part build system update/reworking/maintenance, and other general backend things of that nature.

They'll be back before too long.

Got it updated just now but not without a hiccup as first attempt at the console didn't work nor second attempt using the webgui; however, third attempt at the webgui was the charm.

Further info:

Running in a generation 2 VM on windows server 2019 hyper-v.

VM has 2048 MB of RAM.
Memory usage: 22%
Swap usage: 0%
Disk usage: 2% (ufs)

This issue first appeared a couple of weeks ago. I was away so didn't update until today.

@louis2 said in Why is the IPV6-WAN so much slower than the IPV4-connection!?:

@gertjan

I just do not know which addresses are used by default. Could be the dhcp-provided DNS-addressess ????

On my system, the addresses are the respective ISP gateway addresses.

@gertjan said in dummynet: bad switch 21!:

Start billing the client more, and get your hands on that guy that 'thinks' ;) (could be you)

We're already billing them ;) That's not a problem. Problem was lack of communication. We talked about pfB in the design phase of the project but afterwards we got no feedback so I assumed we're still on the stage we were before. As that is a closed system providing public WiFi in a big location (🛫 ) I can't just jump in and have a look myself as they are almost air-gapped from their normal system to just provide internet while waiting without compromising internal systems.

But after more then 20y you get used to that 😉
And after more then 16y pfSense and Forum you get used to even more 😁
At least I can fall back to the Guru-status and tell him it's not our (or the software's) fault that he didn't supply enough information 😄
Now just have to wait about the first user-test cases hoping without the CPU lockups of the pfB problem that the other things will solve itself. 😅

Cheers
\jens

@louis2 a known bug, not related to 2.7 specifically:
https://redmine.pfsense.org/issues/13132

Check the Status > Monitoring graphs for RAM usage over time. You may be hitting a memory leak.

Steve

Does the interface not show an address in the GUI or also at the CLI with ifconfig?

Can you use the system patches package and try reverting c5d786359cc4a15c81e1c4773ab271b3d49ed594 and then revert 3222c70aaf783336901f7b1225727b5973ba865a to see if the behavior changes?

If there is no change in behavior you can reapply them.

I did an upgrade from 22.01 to 22.05. I had a number of problems (had to use command line to complete upgrade). This was one of the problems to emerge after that fix. Specifcally, I couldn't get OpenVPN to work properly.

Once I turned off NAT reflection and rebooted, I stopped getting the pfctl error and OpenVPN started working again (presumably rules weren't getting loaded correctly).

Big kudos from me for the fix!!

@bob-dig said in set dscp:

@yon-0 said in set dscp:

@bob-dig said in set dscp:

@yon-0 I am using AF33 (30/0x1e) with success from Windows to pfSense.

Does your value increase your internet speed?

No sry, it is only about LAN.

I use DSCP for the speed improvement of the world interstate long distance network. I use it for my own BGP network.

There aren't any features disabled in 2.7.0, but there are numerous improvements throughout that may have contributed to it working better.

The easiest way to fix that is going to be to swap out the Emulex card for something else. We've spent tine trying to trouble shoot these before and never found a solution. For example:
https://forum.netgate.com/topic/168212/panic-string-bpf_mcopy

Steve

@nedyah700 I'm on the latest 22.05 RC snapshot: 22.05.r.20220614.1944

@seanr22a said in is there any changes made to ipsec in 2.7 beta so it can't connect to a 2.6 site?:

@jimp said in is there any changes made to ipsec in 2.7 beta so it can't connect to a 2.6 site?:

AES-XCBC as your P1

That was it !

I changed to AES256-GCM/SHA256 for P1 and AES256-GCM for P2 and now it's working. Strange that my old AES-XCBC setup has been working for so long time with 2.6.

Many thanks for your suggestion 👍

In the past we used to recommend it as AES-XCBC could be accelerated on hardware like AES-NI, and since it was a PRF only it made sense to pair with GCM ciphers which already do their own hashing. But we've learned over time that it has other issues and compatibility problems so we adjusted the recommendations. Also hardware has caught up and common secure hashes like SHA256 can also be accelerated in some cases.

@jimp After this I am now getting random crashes.

https://pastebin.com/pXEp6mdp

What are you trying to backup that's half a gig in size? Even if you could increase the memory allowance that high it's likely to fail in other ways.

https://redmine.pfsense.org/issues/12281

Well for now the choice is simple. Until this is fixed, do not use ramdisks if you are running ZFS. 😉
https://redmine.pfsense.org/issues/13182

At the very least we will add code to prevent that conflict with /var so that may mean only /tmp can be a ram disk. Or there may be a better solution, we are still exploring options.

Steve

When 22.05 is released there will be a path there. Until then though 2.6 to 22.01 is the only supported upgrade.

Steve