Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet

    Scheduled Pinned Locked Moved General pfSense Questions
    39 Posts 7 Posters 7.7k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      Keithunder @chpalmer
      last edited by

      @chpalmer You are not being a pain I am grateful for your responses!
      Single ip just uses a different gateway group the other one is loadbalance.
      Currently they are identical .. but they can come in useful for diagnostic purposes .. I can muck about with the 3 different ISPs without affecting anyone else.

      It may well be something broke that was fixed in the latest version. it would be nice to know what it was

      this kept appearing in the system log
      Feb 17 15:36:00 sshguard 30068 Now monitoring attacks.
      Feb 17 15:36:00 sshguard 61375 Exiting on signal.

      I have no idea what this means

      chpalmerC S 2 Replies Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer @Keithunder
        last edited by

        @keithunder

        SSH is a terminal (for lack of a better word for it... stop typing now haters) connection. Have you ever used something like Putty to connect to your router? So has the rest of the world if you have port 22 open to on the WAN.

        My guess is (because Im not sure) that SSHguard is the security program in place to keep that from happening.. If it is going up and down I wonder if your WAN is not stable.. I need to look at my logs and see if that is common between us..

        Just looked and I do not have that in my logs. Keep forgetting I can see my router from this laptop while out and about via a VPN I have active..

        That said I do not have that in the last 200 lines of my logs. That is interesting.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        K 1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Galactic Empire @Keithunder
          last edited by

          @keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:

          this kept appearing in the system log
          Feb 17 15:36:00 sshguard 30068 Now monitoring attacks.
          Feb 17 15:36:00 sshguard 61375 Exiting on signal.

          Look at thread https://forum.netgate.com/topic/169923/tons-sshguard-log-entries-and-its-not-enabled

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
          Upvote ๐Ÿ‘ helpful posts!

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            The last two versions are available on the download servers still:
            https://nyifiles.netgate.com/mirror/downloads/

            sshguard monitors the logs for failed login attempts, of any sort not just SSH, and reacts by blocking source IPs after a number of failures.

            @keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:

            this kept appearing in the system log
            Feb 17 15:36:00 sshguard 30068 Now monitoring attacks.
            Feb 17 15:36:00 sshguard 61375 Exiting on signal.

            What you are seeing there is not an error it's sshguard restarting when the log files rotate to monitor the new log.

            Steve

            1 Reply Last reply Reply Quote 0
            • K Offline
              Keithunder @chpalmer
              last edited by

              @chpalmer So either

              1. the old version is faulty and the new version fixes the problem causing my misconfiguation to block ping and voip

              OR
              2. The new version has a bug and my configuration is unusual and is causing the error.

              Assuming it is 1. what rules can I safely ditch on my Lan?
              Which of these services can safely go?
              alt text

              S 1 Reply Last reply Reply Quote 0
              • R Offline
                revengineer @Keithunder
                last edited by revengineer

                @keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:

                why can't I download a 2.5 version which worked?

                2.5.2 is still available. Go to the download page, DO NOT SELECT AN ARCHITECTURE, simply hit download. You end up in a directory that still includes the 2.5.1 and 2.5.2 versions.

                K 1 Reply Last reply Reply Quote 0
                • K Offline
                  Keithunder @revengineer
                  last edited by

                  @revengineer Excellent thank you

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    SteveITS Galactic Empire @Keithunder
                    last edited by

                    @keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:

                    Which of these services can safely go?

                    Did you enable pcscd? It's supposed to be disabled by default in 2.6/22.01 because it's rarely needed and had a memory leak in the prior version. If you're not using IPSec you can just stop it.

                    As for the others, you'll have to tell us which packages you have installed that you're not using.

                    Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                    Upvote ๐Ÿ‘ helpful posts!

                    K 1 Reply Last reply Reply Quote 0
                    • K Offline
                      Keithunder @SteveITS
                      last edited by

                      @steveits It don't know what pcscd is if 2.6 had disabled it then I can't see that as the problem it does not appear on my 2.6.0 rig.

                      I have set up a test rig with 2.6 and have tried turning services and firewall rules off .. nothing seems to fix my problem

                      I am using captive portal and snort .. I am not using open vpn

                      I don't know what the other are and if I need them

                      S 1 Reply Last reply Reply Quote 0
                      • S Offline
                        SteveITS Galactic Empire @Keithunder
                        last edited by

                        @keithunder Interesting, pcscd is not listed on my 2.6 router after upgrading. Although I had at least stopped it...don't recall if I bothered putting in the patch on that one. If you leave it running check used memory every month or so in case it still has the leak.
                        Here's the release note section with the bullet point about it being optional.

                        For OpenVPN you probably have a server and client configured. Presumably enabled SNMP and captive portal as well. Bandwidthd is a package to monitor bandwidth usage. The others I think are all defaults. Mine has these, besides a couple packages:

                        ntpd NTP clock sync
                        dpinger Gateway Monitoring Daemon
                        radvd Router Advertisement Daemon
                        sshd Secure Shell Daemon
                        syslogd System Logger Daemon
                        unbound DNS Resolver (instead of Forwarder)

                        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                        Upvote ๐Ÿ‘ helpful posts!

                        K 1 Reply Last reply Reply Quote 0
                        • K Offline
                          Keithunder @SteveITS
                          last edited by

                          @steveits Thank everyone for the responses

                          I disabled all the firewall rules except the pass all one and shut down all the non vital services
                          I still can't ping 8.8.8.8
                          Is there anything I can do to work out why this is happening? I can ping 8.8.8.8 from the pfsense box so the problem must be with pfsense

                          I tried installing 2.6.0 from scratch but I could not log into the web interface ... so I gave up :(
                          Maybe I will try again :(

                          I can't upgrade to 2.6.0 until I have resolved this

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Start a ping to 8.8.8.8. Then check Diag > States to make sure the correct states are being opened. You should see a state on the internal interface and a state with NAT on the WAN.

                            Steve

                            K 1 Reply Last reply Reply Quote 0
                            • K Offline
                              Keithunder @stephenw10
                              last edited by

                              @stephenw10 the states relating to 8.8.8.8 all say 0.0

                              I have no idea what this means though :)

                              S stephenw10S 2 Replies Last reply Reply Quote 0
                              • S Offline
                                SteveITS Galactic Empire @Keithunder
                                last edited by

                                @keithunder I don't see where you answered my question about having any limiters configured...? In that other thread limiters seem fine for some but problematic for others.

                                Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                                Upvote ๐Ÿ‘ helpful posts!

                                K 1 Reply Last reply Reply Quote 0
                                • K Offline
                                  Keithunder @SteveITS
                                  last edited by

                                  @steveits I don't think I have any limiters configured.. How would I find out if I had?

                                  S 1 Reply Last reply Reply Quote 0
                                  • S Offline
                                    SteveITS Galactic Empire @Keithunder
                                    last edited by

                                    @keithunder Firewall/Traffic Shaper/Limiters, and there would be firewall rules and/or floating rules configured to use them. (in the rule, Advanced Options, In / Out pipe)

                                    Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                    When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                                    Upvote ๐Ÿ‘ helpful posts!

                                    K 1 Reply Last reply Reply Quote 0
                                    • K Offline
                                      Keithunder @SteveITS
                                      last edited by

                                      @steveits Oh yess I don't have any limiters set up and I have disabled all firewall rules except the default ones on the lan the anti lockout one and the allow all are the only ones I have

                                      S 1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        SteveITS Galactic Empire @Keithunder
                                        last edited by

                                        @keithunder You do have captive portal though, and there is at least one comment about disabling that fixing connectivity:

                                        https://forum.netgate.com/topic/170084/upgrade-21-05-2-to-22-01-no-vlan-internet-conection/10

                                        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                                        Upvote ๐Ÿ‘ helpful posts!

                                        K 1 Reply Last reply Reply Quote 0
                                        • K Offline
                                          Keithunder @SteveITS
                                          last edited by

                                          @steveits I have disabled the captive portal

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator @Keithunder
                                            last edited by

                                            @keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:

                                            the states relating to 8.8.8.8 all say 0.0

                                            They exist on both interfaces though and have NAT correctly on WAN? Can we see them?

                                            Steve

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.