Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet
-
@keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:
why can't I download a 2.5 version which worked?
2.5.2 is still available. Go to the download page, DO NOT SELECT AN ARCHITECTURE, simply hit download. You end up in a directory that still includes the 2.5.1 and 2.5.2 versions.
-
@revengineer Excellent thank you
-
@keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:
Which of these services can safely go?
Did you enable pcscd? It's supposed to be disabled by default in 2.6/22.01 because it's rarely needed and had a memory leak in the prior version. If you're not using IPSec you can just stop it.
As for the others, you'll have to tell us which packages you have installed that you're not using.
-
@steveits It don't know what pcscd is if 2.6 had disabled it then I can't see that as the problem it does not appear on my 2.6.0 rig.
I have set up a test rig with 2.6 and have tried turning services and firewall rules off .. nothing seems to fix my problem
I am using captive portal and snort .. I am not using open vpn
I don't know what the other are and if I need them
-
@keithunder Interesting, pcscd is not listed on my 2.6 router after upgrading. Although I had at least stopped it...don't recall if I bothered putting in the patch on that one. If you leave it running check used memory every month or so in case it still has the leak.
Here's the release note section with the bullet point about it being optional.For OpenVPN you probably have a server and client configured. Presumably enabled SNMP and captive portal as well. Bandwidthd is a package to monitor bandwidth usage. The others I think are all defaults. Mine has these, besides a couple packages:
ntpd NTP clock sync
dpinger Gateway Monitoring Daemon
radvd Router Advertisement Daemon
sshd Secure Shell Daemon
syslogd System Logger Daemon
unbound DNS Resolver (instead of Forwarder) -
@steveits Thank everyone for the responses
I disabled all the firewall rules except the pass all one and shut down all the non vital services
I still can't ping 8.8.8.8
Is there anything I can do to work out why this is happening? I can ping 8.8.8.8 from the pfsense box so the problem must be with pfsenseI tried installing 2.6.0 from scratch but I could not log into the web interface ... so I gave up :(
Maybe I will try again :(I can't upgrade to 2.6.0 until I have resolved this
-
Start a ping to 8.8.8.8. Then check Diag > States to make sure the correct states are being opened. You should see a state on the internal interface and a state with NAT on the WAN.
Steve
-
@stephenw10 the states relating to 8.8.8.8 all say 0.0
I have no idea what this means though :)
-
@keithunder I don't see where you answered my question about having any limiters configured...? In that other thread limiters seem fine for some but problematic for others.
-
@steveits I don't think I have any limiters configured.. How would I find out if I had?
-
@keithunder Firewall/Traffic Shaper/Limiters, and there would be firewall rules and/or floating rules configured to use them. (in the rule, Advanced Options, In / Out pipe)
-
@steveits Oh yess I don't have any limiters set up and I have disabled all firewall rules except the default ones on the lan the anti lockout one and the allow all are the only ones I have
-
@keithunder You do have captive portal though, and there is at least one comment about disabling that fixing connectivity:
https://forum.netgate.com/topic/170084/upgrade-21-05-2-to-22-01-no-vlan-internet-conection/10
-
@steveits I have disabled the captive portal
-
@keithunder said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:
the states relating to 8.8.8.8 all say 0.0
They exist on both interfaces though and have NAT correctly on WAN? Can we see them?
Steve
-
Hello
I am also having this issue.
I can confirm that Captive Portal is the cause, and that using "Allowed IP Addresses" or disabling Captive Portal restores SIP calling.I am not sure if this is caused by VLAN interfaces conbined with Captive Portal because both of my pfsense systems use VLAN for Wireless, and both are affected.
Please let me know if I can provide more information to get this fixed.
Thanks -
@pieter_sa said in Upgrade to 2.6.0 causes voip to no longer work and I can't ping the internet:
VLAN interfaces conbined with Captive Portal because both of my pfsense systems use VLAN for Wireless, and both are affected.
VLAN's or not. using Wireless devices, or devices using "cables", the issue stays.
Only TCP passes, no ICMP, no UDP. It looks like it's an ipfw issue, or worse, related so 'something' in FreeBSD 12.3, which means a simple 'patch' can't repair this. These are my thought of course.
If you need a working captive portal, consider going back to 2.5.2. -
We have discovered the root cause of this now. It should be possible to patch the ipfw ruleset to allow it. https://redmine.pfsense.org/issues/12834
Steve
-
@stephenw10 Wow that is brilliant how do I patch? or should I wait till the next version?
I am currently using the backup computer for live
-
https://redmine.pfsense.org/issues/12834 doesn't contain "patch" info, just the issue itself and a the related forum thread " UDP/ICMP is not working after upgrade to 2.6.0 ".
I'm logged into redmine, but that doesn't show more info.
Is it 'not ready yet' ?
I have a captive portal up and running with several connected clients that are willing to test drive.
